coleharperkc Posted March 7, 2013 ID:654220 Share Posted March 7, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/24/2010 7:06:18 PMSystem Uptime: 3/6/2013 3:54:51 PM (3 hours ago).Motherboard: PEGATRON CORPORATION | | VIOLET6Processor: AMD Athlon II X4 630 Processor | CPU 1 | 2800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 858.106 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.589 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: NVIDIA nForce Networking ControllerDevice ID: PCI\VEN_10DE&DEV_0760&SUBSYS_2A9E103C&REV_A2\3&267A616A&0&50Manufacturer: NVIDIAName: NVIDIA nForce 10/100 Mbps Ethernet PNP Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_2A9E103C&REV_A2\3&267A616A&0&50Service: NVNET.==== System Restore Points ===================.RP153: 2/14/2013 4:14:29 PM - Windows UpdateRP154: 2/17/2013 7:57:08 PM - Installed HP Support AssistantRP155: 2/17/2013 8:01:33 PM - Windows Modules InstallerRP156: 2/17/2013 8:02:48 PM - Windows Modules InstallerRP157: 2/26/2013 3:37:47 PM - Scheduled CheckpointRP158: 3/6/2013 12:34:49 AM - Scheduled Checkpoint.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe Flash Player 11 ActiveXAdobe Reader X (10.1.5)Adobe Shockwave Player 11.6Avira Free AntivirusCompatibility Pack for the 2007 Office systemD3DX10Diablo III BetaDirectX for Managed Code Update (Summer 2004)DVD Menu Pack for HP MediaSmart VideoFacebook Video Calling 1.2.0.287Google ChromeHardware Diagnostic ToolsHewlett-Packard ACLM.NET v1.2.1.1HP AdvisorHP Customer Experience EnhancementsHP GamesHP MediaSmart DemoHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP MediaSmart/TouchSmart NetflixHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateHulu DesktopJunk Mail filter updateLabelPrintLexmark 5600-6600 SeriesLexmark Printable WebLexmark Tools for OfficeLexmark Universal v2 UninstallerLightScribe System SoftwareMalwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Age of Empires IIMicrosoft Age of Empires II: The Conquerors ExpansionMicrosoft Application Error ReportingMicrosoft Live Search ToolbarMicrosoft Mouse and Keyboard CenterMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Home and Student 60 day trialMicrosoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Rise Of NationsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMovie Theme Pack for HP MediaSmart VideoMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML4 ParserNorton Online BackupNVIDIA DriversPictureMoverPlayReady PC Runtime amd64Power2GoPowerDirectorRealtek High Definition Audio DriverRecovery ManagerRise of Nations Thrones and PatriotsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.1swMSMUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.3/6/2013 4:10:50 PM, Error: Service Control Manager [7022] - The Server service hung on starting.3/6/2013 3:54:27 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.2/27/2013 6:40:28 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.2/27/2013 6:40:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.2/27/2013 6:40:25 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.2/27/2013 6:40:25 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.2/27/2013 6:40:25 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032..==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464Run by Cole at 18:24:50 on 2013-03-06Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3578 [GMT -6:00].AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\lxducoms.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exeC:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\explorer.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dllBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllTB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dlluRun: [Google Update] "C:\Users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.0.1 76.7.255.188TCP: Interfaces\{FBBBE36F-F340-4CE6-BE40-75613EBEE305} : DHCPNameServer = 192.168.0.1 76.7.255.188Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exex64-Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe"x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe"x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-8-3 27760]R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-3 86224]R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-3 110032]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-8-3 98848]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-24 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-24 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-02-18 02:00:08 27456 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys2013-02-18 01:56:56 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}2013-02-14 22:17:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 22:17:05 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 22:15:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-02-14 22:15:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-14 22:15:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-14 22:15:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll2013-02-14 22:15:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2013-02-14 22:15:00 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2013-02-14 22:15:00 149528 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll2013-02-14 21:11:32 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-02-14 21:11:31 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-02-14 21:11:31 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe.==================== Find3M ====================.2013-02-26 21:45:13 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-26 21:45:13 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs.============= FINISH: 18:24:59.34 =============== Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654221 Share Posted March 7, 2013 what symptoms are you experiencing?please run the following:Please download aswMBR.exe and save it to your desktop.Double click aswMBR.exe to start the tool. When asked if you want to download Avast's virus definitions please select Yes.Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. Link to post Share on other sites More sharing options...
coleharperkc Posted March 7, 2013 Author ID:654329 Share Posted March 7, 2013 I don't really use this computer too terribly often, but I have seen some inexplicably slow responses and similar crashes and freezes that correlate with my previous virus experiences.aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-03-06 21:41:58-----------------------------21:41:58.967 OS Version: Windows x64 6.1.760021:41:58.967 Number of processors: 4 586 0x50221:41:58.967 ComputerName: HARPER-PC UserName: Cole21:42:01.952 Initialize success22:04:30.509 AVAST engine defs: 1303060122:06:46.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005522:06:46.760 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 322:06:46.790 Disk 0 MBR read successfully22:06:46.796 Disk 0 MBR scan22:06:46.808 Disk 0 unknown MBR code22:06:46.815 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204822:06:46.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942584 MB offset 20684822:06:46.885 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11183 MB offset 193061888022:06:46.947 Disk 0 scanning C:\Windows\system32\drivers22:06:56.855 Service scanning22:07:18.160 Modules scanning22:07:18.177 Disk 0 trace - called modules:22:07:18.201 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys22:07:18.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e5b060]22:07:18.213 3 CLASSPNP.SYS[fffff8800193843f] -> nt!IofCallDriver -> [0xfffffa8004ea1e40]22:07:18.220 5 ACPI.sys[fffff88000f25781] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80058ef9c0]22:07:22.137 AVAST engine scan C:\Windows22:07:30.385 AVAST engine scan C:\Windows\system3222:13:06.550 AVAST engine scan C:\Windows\system32\drivers22:14:14.526 Disk 0 MBR has been saved successfully to "C:\Users\Cole\Desktop\MBR.dat"22:14:14.532 The log file has been saved successfully to "C:\Users\Cole\Desktop\aswMBR.txt"22:14:21.009 AVAST engine scan C:\Users\Cole22:19:24.428 AVAST engine scan C:\ProgramData22:20:36.799 Scan finished successfully22:20:47.538 Disk 0 MBR has been saved successfully to "C:\Users\Cole\Desktop\MBR.dat"22:20:47.542 The log file has been saved successfully to "C:\Users\Cole\Desktop\aswMBR.txt"MBR.zip Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654403 Share Posted March 7, 2013 Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
coleharperkc Posted March 8, 2013 Author ID:654708 Share Posted March 8, 2013 ComboFix 13-03-07.03 - Cole 03/07/2013 22:44:41.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4487 [GMT -6:00]Running from: c:\users\Cole\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\6a32a696-3e6a-4959-8fac-ff924a511f43.icoc:\users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Pro.lnkc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 )))))))))))))))))))))))))))))))..2013-03-08 04:50 . 2013-03-08 04:50 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-03-08 04:50 . 2013-03-08 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-08 00:12 . 2013-03-08 00:12 -------- d-----w- c:\users\Bill.Harper-PC2013-02-18 02:00 . 2012-05-29 21:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys2013-02-18 01:56 . 2013-02-18 01:56 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}2013-02-14 22:17 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 22:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 22:15 . 2013-01-09 01:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-02-14 22:15 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-02-14 22:15 . 2013-01-09 01:53 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2013-02-14 22:15 . 2013-01-09 01:09 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll2013-02-14 22:15 . 2013-01-09 01:04 96768 ----a-w- c:\windows\system32\mshtmled.dll2013-02-14 22:15 . 2013-01-09 01:00 248320 ----a-w- c:\windows\system32\ieui.dll2013-02-14 22:15 . 2013-01-08 22:42 149528 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll2013-02-14 22:15 . 2013-01-08 22:00 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll2013-02-14 22:15 . 2013-01-08 21:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2013-02-14 21:11 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-14 21:11 . 2013-01-05 05:02 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-14 21:11 . 2013-01-05 05:02 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-06 22:11 . 2013-02-06 22:11 -------- d-----w- c:\users\Cole\AppData\Roaming\CyberLink...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-26 21:45 . 2012-10-22 04:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-26 21:45 . 2011-10-08 08:14 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-14 22:19 . 2010-06-25 05:48 70004024 ----a-w- c:\windows\system32\MRT.exe2013-01-04 04:43 . 2013-02-14 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-16 16:52 . 2012-12-20 23:38 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:40 . 2012-12-20 23:38 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:25 . 2012-12-20 23:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:25 . 2012-12-20 23:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-14 22:49 . 2013-01-14 21:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-25 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-04 86224]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]..Contents of the 'Scheduled Tasks' folder.2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 21:45].2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job- c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43].2013-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job- c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43].2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job- c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28].2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job- c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28].2013-02-18 c:\windows\Tasks\HPCeeScheduleForCole.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15].2013-03-04 c:\windows\Tasks\HPCeeScheduleForKathy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15].2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]"EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272].------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1 76.7.255.188.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)SafeBoot-99445418.sysAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-07 22:53:58ComboFix-quarantined-files.txt 2013-03-08 04:53.Pre-Run: 921,624,252,416 bytes freePost-Run: 923,082,354,688 bytes free.- - End Of File - - DC3B7E0A3831034DB88DF1B60C03F31C Link to post Share on other sites More sharing options...
Staff CatByte Posted March 8, 2013 Staff ID:654768 Share Posted March 8, 2013 Please run the following:Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next messageNEXTDownload AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
coleharperkc Posted March 13, 2013 Author ID:656713 Share Posted March 13, 2013 <p> </p><div>-Sorry it took so long to get back to you CatByte, I was busy and at one point after the first scan, my computer was acting very odd and would crash often. I hope it is alright that the scans were not all done on the same day.</div><div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div><div>Junkware Removal Tool (JRT) by Thisisu</div><div>Version: 4.6.9 (03.06.2013:1)</div><div>OS: Windows 7 Home Premium x64</div><div>Ran by Cole on Fri 03/08/2013 at 15:54:55.89</div><div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div><div> </div><div> </div><div> </div><div> </div><div>~~~ Services</div><div> </div><div> </div><div> </div><div>~~~ Registry Values</div><div> </div><div>Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} </div><div> </div><div> </div><div> </div><div>~~~ Registry Keys</div><div> </div><div>Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin</div><div>Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1</div><div>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}</div><div>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}</div><div>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}</div><div> </div><div> </div><div> </div><div>~~~ Files</div><div> </div><div>Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"</div><div> </div><div> </div><div> </div><div>~~~ Folders</div><div> </div><div> </div><div> </div><div>~~~ Event Viewer Logs were cleared</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div><div>Scan was completed on Fri 03/08/2013 at 16:00:20.71</div><div>End of JRT log</div><div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div><div> </div><div><div># AdwCleaner v2.114 - Logfile created 03/11/2013 at 00:28:50</div><div># Updated 05/03/2013 by Xplode</div><div># Operating system : Windows 7 Home Premium (64 bits)</div><div># User : Cole - HARPER-PC</div><div># Boot Mode : Normal</div><div># Running from : C:\Users\Cole\Desktop\AdwCleaner.exe</div><div># Option [Delete]</div><div> </div><div> </div><div>***** [services] *****</div><div> </div><div> </div><div>***** [Files / Folders] *****</div><div> </div><div>File Deleted : C:\Users\Public\Desktop\eBay.lnk</div><div> </div><div>***** [Registry] *****</div><div> </div><div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div><div>Key Deleted : HKLM\SOFTWARE\Software</div><div> </div><div>***** [internet Browsers] *****</div><div> </div><div>-\\ Internet Explorer v9.0.8112.16464</div><div> </div><div>[OK] Registry is clean.</div><div> </div><div>-\\ Google Chrome v25.0.1364.152</div><div> </div><div>File : C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences</div><div> </div><div>[OK] File is clean.</div><div> </div><div>*************************</div><div> </div><div>AdwCleaner[s1].txt - [847 octets] - [11/03/2013 00:28:50]</div><div> </div><div>########## EOF - C:\AdwCleaner[s1].txt - [906 octets] ##########</div><div> </div><div><div>Malwarebytes Anti-Malware 1.70.0.1100</div><div>www.malwarebytes.org</div><div> </div><div>Database version: v2013.03.13.09</div><div> </div><div>Windows 7 x64 NTFS</div><div>Internet Explorer 9.0.8112.16421</div><div>Cole :: HARPER-PC [administrator]</div><div> </div><div>3/13/2013 12:17:11 PM</div><div>mbam-log-2013-03-13 (12-17-11).txt</div><div> </div><div>Scan type: Quick scan</div><div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div><div>Scan options disabled: P2P</div><div>Objects scanned: 296531</div><div>Time elapsed: 2 minute(s), 17 second(s)</div><div> </div><div>Memory Processes Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Memory Modules Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Keys Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Values Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Data Items Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Folders Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Files Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>(end)</div><div> </div></div></div><p>Aaaand...the ESET Scan</p><p> </p><p> </p><div>C:\Users\Cole\AppData\Local\Temp\AskSLib.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div>C:\Users\Cole\Downloads\avira_free_antivirus_en.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>JS/TrojanDownloader.FraudLoad.NAY trojan</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>JS/TrojanDownloader.FraudLoad.NAY trojan</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus</div><div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div><div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div>C:\Windows\temp\AVSETUP_5140b3c2\ApnIC.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div>C:\Windows\temp\AVSETUP_5140b3c2\ApnToolbarInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div><div> </div> Link to post Share on other sites More sharing options...
Staff CatByte Posted March 13, 2013 Staff ID:656793 Share Posted March 13, 2013 Please do the following:Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Copy/paste the text inside the Codebox below into notepad:Here's how to do that:Press the WinKey + R to open a run box, type Notepad > click OK.This will open an empty notepad file:Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')File::C:\Users\Cole\AppData\Local\Temp\AskSLib.dllC:\Users\Cole\Downloads\avira_free_antivirus_en.exeC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm<div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[1].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htmC:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htmC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0C:\Windows\temp\AVSETUP_5140b3c2\ApnIC.dllC:\Windows\temp\AVSETUP_5140b3c2\ApnToolbarInstaller.exeClearJavaCache::Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')Save this file to your desktop, Save this as "CFScript"Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files";4.Type in the file name: CFScript5.Click Save ...Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.NEXTDownload Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Please advise how your computer is running now and if there are any outstanding issues Link to post Share on other sites More sharing options...
coleharperkc Posted March 14, 2013 Author ID:656982 Share Posted March 14, 2013 My computer doesn't seem to be working with Avira very well and I am unable to get realtime protection from it for some reason. I recently applied an update, but now it isn't working at all. Otherwise I have been experiencing similar things like in the past, slow start-up and crashes when I open a program. Should I try and fully delete Avira and perhaps use another program? When I updated it, Avira mentioned something about being incompatible with Malawarbytes and I tried to uninstall it, but I couldn't.ComboFix 13-03-14.02 - Cole 03/14/2013 7:43.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4807 [GMT -5:00]Running from: c:\users\Cole\Desktop\ComboFix.exeCommand switches used :: c:\users\Cole\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\users\Cole\AppData\Local\Temp\AskSLib.dll""c:\users\Cole\Downloads\avira_free_antivirus_en.exe""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htm""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htm""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htm""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htm""c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htm""c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0""c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0""c:\windows\temp\AVSETUP_5140b3c2\ApnIC.dll""c:\windows\temp\AVSETUP_5140b3c2\ApnToolbarInstaller.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Cole\Downloads\avira_free_antivirus_en.exec:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htmc:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htmc:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htmc:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htmc:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htmc:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htmc:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0..((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 )))))))))))))))))))))))))))))))..2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Kathy\AppData\Local\temp2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Bill\AppData\Local\temp2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-03-14 08:02 . 2013-02-02 06:51 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2013-03-14 08:02 . 2013-02-02 06:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2013-03-14 08:02 . 2013-02-02 03:32 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll2013-03-14 08:02 . 2013-02-02 03:31 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll2013-03-14 08:02 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll2013-03-14 08:02 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll2013-03-14 08:01 . 2013-03-14 08:01 -------- d-----w- c:\program files\Microsoft Silverlight2013-03-14 08:01 . 2013-03-14 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- c:\program files (x86)\Ask.com2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- C:\Firefox2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- c:\users\Cole\AppData\Local\APN2013-03-13 23:14 . 2013-03-13 23:14 -------- d-----w- c:\users\Cole\AppData\Roaming\Avira2013-03-13 20:11 . 2013-03-13 17:10 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys2013-03-13 20:11 . 2013-03-13 17:10 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys2013-03-13 20:11 . 2013-03-13 17:10 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys2013-03-13 20:10 . 2013-03-13 23:38 -------- d-----w- c:\programdata\Avira2013-03-13 20:10 . 2013-03-13 20:10 -------- d-----w- c:\program files (x86)\Avira2013-03-13 17:23 . 2013-03-13 17:23 -------- d-----w- c:\program files (x86)\ESET2013-03-08 21:54 . 2013-03-08 21:54 -------- d-----w- c:\windows\ERUNT2013-03-08 16:15 . 2013-03-08 21:54 -------- d-----w- C:\JRT2013-03-08 00:12 . 2013-03-08 00:12 -------- d-----w- c:\users\Bill.Harper-PC2013-02-18 02:00 . 2012-05-29 21:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys2013-02-18 01:56 . 2013-02-18 01:56 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}2013-02-14 22:17 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 22:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-14 21:11 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-14 21:11 . 2013-01-05 05:02 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-14 21:11 . 2013-01-05 05:02 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-14 08:04 . 2010-06-25 05:48 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-13 13:45 . 2012-10-22 04:58 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-13 13:45 . 2011-10-08 08:14 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-04 04:43 . 2013-02-14 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-16 16:52 . 2012-12-20 23:38 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:40 . 2012-12-20 23:38 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:25 . 2012-12-20 23:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:25 . 2012-12-20 23:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-14 22:49 . 2013-01-14 21:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2013-02-08 20:10 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-13 385248].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-13 565472]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-25 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-13 27800]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-13 86752]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]..Contents of the 'Scheduled Tasks' folder.2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 13:45].2013-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job- c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43].2013-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job- c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43].2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job- c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28].2013-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job- c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28].2013-02-18 c:\windows\Tasks\HPCeeScheduleForCole.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15].2013-03-04 c:\windows\Tasks\HPCeeScheduleForKathy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]"EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272].------- Supplementary Scan -------.uStart Page = hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_USuLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 192.168.0.1 76.7.255.188.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-14 07:50:26ComboFix-quarantined-files.txt 2013-03-14 12:50ComboFix2.txt 2013-03-08 04:53.Pre-Run: 925,383,479,296 bytes freePost-Run: 925,100,335,104 bytes free.- - End Of File - - 19131E335E4E23588B570F2A4452E5CA Results of screen317's Security Check version 0.99.61 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.152 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Staff CatByte Posted March 14, 2013 Staff ID:657174 Share Posted March 14, 2013 yes, I would uninstall Avira completely, the installation may have been corrupted by the infection.Give Microsoft Security Essentials a try, it is excellent and free.Avira has a removal tool for removing leftovershttp://www.avira.com..._downloads.htmlNEXTDownload RogueKiller and save it to your desktop.Quit all other programsStart RogueKiller.exeWait until the Prescan has finished ...Click on ScanWait for the end of the scanA report will be created on your desktop.Click on the Delete buttonNext click on the ShortcutsFix another report will be created on your desktop.Please post: All RKreport.txt text files located on your desktop. Link to post Share on other sites More sharing options...
coleharperkc Posted March 17, 2013 Author ID:657863 Share Posted March 17, 2013 RogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Cole [Admin rights]Mode : Scan -- Date : 03/16/2013 19:51:00| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD10 EADS-65M2B1 SCSI Disk Device +++++--- User ---[MBR] fdefa70f5cb93b7421a1d194918a91b5[bSP] 81bf8ab4c8f11b7f6f57ab462148d465 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942584 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930618880 | Size: 11183 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1]_S_03162013_02d1951.txt >>RKreport[1]_S_03162013_02d1951.txtRogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Cole [Admin rights]Mode : Remove -- Date : 03/16/2013 19:51:52| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD10 EADS-65M2B1 SCSI Disk Device +++++--- User ---[MBR] fdefa70f5cb93b7421a1d194918a91b5[bSP] 81bf8ab4c8f11b7f6f57ab462148d465 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942584 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930618880 | Size: 11183 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[2]_D_03162013_02d1951.txt >>RKreport[1]_S_03162013_02d1951.txt ; RKreport[2]_D_03162013_02d1951.txtRogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Cole [Admin rights]Mode : Shortcuts HJfix -- Date : 03/16/2013 19:52:42| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ File attributes restored: ¤¤¤Desktop: Success 4 / Fail 0Quick launch: Success 1 / Fail 0Programs: Success 10 / Fail 0Start menu: Success 1 / Fail 0User folder: Success 80 / Fail 0My documents: Success 0 / Fail 0My favorites: Success 0 / Fail 0My pictures: Success 0 / Fail 0My music: Success 2 / Fail 0My videos: Success 0 / Fail 0Local drives: Success 169 / Fail 0Backup: [NOT FOUND]Drives:[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored[E:] \Device\CdRom0 -- 0x5 --> Skipped[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored[i:] \Device\HarddiskVolume7 -- 0x2 --> Restored[J:] \Device\HarddiskVolume8 -- 0x2 --> RestoredFinished : << RKreport[3]_SC_03162013_02d1952.txt >>RKreport[1]_S_03162013_02d1951.txt ; RKreport[2]_D_03162013_02d1951.txt ; RKreport[3]_SC_03162013_02d1952.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:657874 Share Posted March 17, 2013 go to windows update and download and install the most up to date service pack for your OS(it can take a while, so be patient)NEXTVisit ADOBE and download the latest version of Acrobat Reader (version XI)Having the latest updates ensures there are no security vulnerabilities in your system.NEXTPlease advise how the computer is running now and if there are any outstanding issues Link to post Share on other sites More sharing options...
coleharperkc Posted March 17, 2013 Author ID:658171 Share Posted March 17, 2013 Everything seems to be running fine do you think the viruses are gone now? Updated both adobe and service pack and have security essentials going. Link to post Share on other sites More sharing options...
Staff CatByte Posted March 18, 2013 Staff ID:658219 Share Posted March 18, 2013 We just have some housekeeping to do now,Please do the following:You can delete the DDS, JRT, RogueKiller and aswMBR logs and programs from your desktop.NEXTFollow these steps to uninstall Combofix Make sure your security programs are totally disabled.Press the WinKey +R to open a run boxNow copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.NEXTDouble click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with yes.If there are any logs/tools remaining on your desktop > right click and delete them.NEXT------------------------------------------------------ImportantDue to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.JavaUS-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass VulnerabilityWe recommend disabling Java in your browsers, and enabling it only when needed by certain websites.Please disable Java in your browser(s) by following these instructions:How do I disable Java in my web browser?------------------------------------------------------NEXTBelow I have included a number of recommendations for how to protect your computer against malware infections.It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.Keep Windows updated by regularly checking their website at :http://windowsupdate.microsoft.com/This will ensure your computer has always the latest security updates available installed on your computer.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.[*]Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanIt's normal after running TFC cleaner that the PC will be slower to boot the first time. [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE[*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.[*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:PC Safety and Security--What Do I Need?.[*]Simple and easy ways to keep your computer safe and secure on the InternetThank you for your patience, and performing all of the procedures requested.Please respond one last time so we can consider the thread resolved and close it, thank-you. Link to post Share on other sites More sharing options...
coleharperkc Posted March 25, 2013 Author ID:660682 Share Posted March 25, 2013 Everything is working perfectly Thank you so much CatByte all your help was appreciated. Link to post Share on other sites More sharing options...
Staff CatByte Posted March 25, 2013 Staff ID:660785 Share Posted March 25, 2013 you are welcomestay safe~CB Link to post Share on other sites More sharing options...
Staff CatByte Posted April 5, 2013 Staff ID:665321 Share Posted April 5, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts