Jump to content

The Adware Blues


Recommended Posts

Hello folks, I've come here to really try and clear up all the remaining crap from my recent mistake.

About two days ago I decided to try and download some ad blocking software from C|NET download.com. Against my own gut feeling, I trudged on with the bundled installation. This installation left me with some zonealarm related nonsense, and specifically the getsavin adware.

Now, I've run Malwarebytes, AVG, CCleaner, and Hijack This; but I keep getting a BHO file that was from the getsavin adware. I'm at the point where it's coming up as a (no name) (no file), or at least it's coming up in the same place the getsavin adware was appearing. At this point I'd really just like to try and finish off the rest of the clutter I'm seeing in Hijack This, but I'm not entirely sure what all I should be removing, or how to completely remove this pesky BHO file.

So, I just ran CCleaner, cleaned up my registry and used the standard cleaner tool. I'm going to run Malwarebytes again tonight while I sleep. Yesterday when I ran it, it did identify and remove two items. AVG came up clean from yesterdays sweep. I also just updated Malwarebytes, to further ensure it's getting a good full scan of what I've got going on.

It's been a long time since I've goofed up my rig, and I'm rather at odds with myself for making such a stupid mistake. So thanks for your time, I wish I didn't have to eat it up. I look forwards to working with you to clear this up.

Link to post
Share on other sites

Oh, I felt that it might be helpful if I listed the additional items I found from the quarantine yesterday.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello FangZandith and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Maniac :D! Nice to meet you, and thank you for coming to help me! I unfortunately do not pay for malwarebytes, just the free version. From here on out I'll wait to do scans until directed to do so. Thanks again Maniac!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Ryan at 12:34:39 on 2013-03-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2740 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dlcqcoms.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe

C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: {53A3D6ED-94C0-4CAD-ADBA-F54F841D5CCA} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [F.lux] "C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{0553A5F9-276A-47D2-9CDB-F3F514905F62} : DHCPNameServer = 192.168.1.1 71.242.0.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [dlcqmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe"

x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe"

x64-Run: [DLCQCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCQtime.dll,RunDLLEntry

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-9 8704]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-9 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-9 682344]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-9 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-10 1255736]

.

=============== Created Last 30 ================

.

2013-03-26 05:39:16 -------- d-----w- C:\Program Files\CCleaner

2013-03-26 01:01:34 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-25 06:12:59 -------- d-----w- C:\Users\Ryan\AppData\Roaming\AVG2013

2013-03-25 06:10:04 -------- d-----w- C:\Users\Ryan\AppData\Roaming\TuneUp Software

2013-03-25 06:08:46 -------- d--h--w- C:\$AVG

2013-03-25 06:08:46 -------- d-----w- C:\ProgramData\AVG2013

2013-03-25 06:08:03 -------- d-----w- C:\Program Files (x86)\AVG

2013-03-25 06:05:00 -------- d--h--w- C:\ProgramData\Common Files

2013-03-25 06:05:00 -------- d-----w- C:\Users\Ryan\AppData\Local\MFAData

2013-03-25 06:05:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Avg2013

2013-03-25 06:05:00 -------- d-----w- C:\ProgramData\MFAData

2013-03-25 05:23:15 -------- d-----w- C:\Users\Ryan\AppData\Roaming\SuperAdBlocker.com

2013-03-25 05:23:06 -------- d-----w- C:\Windows\SysWow64\URTTemp

2013-03-25 05:22:17 -------- d-----w- C:\Users\Ryan\AppData\Roaming\CheckPoint

2013-03-25 05:21:18 -------- d-----w- C:\ProgramData\CheckPoint

2013-03-22 15:40:16 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A5843CD-F270-4033-AC71-80235615A8E1}\mpengine.dll

2013-03-18 06:43:53 -------- d-----r- C:\Program Files (x86)\Skype

2013-03-12 05:51:50 -------- d-----w- C:\Users\Ryan\AppData\Local\SCE

2013-03-12 01:44:18 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple Computer

2013-03-12 01:44:06 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-03-12 01:43:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-12 01:43:35 -------- d-----w- C:\Program Files\iTunes

2013-03-12 01:43:35 -------- d-----w- C:\Program Files\iPod

2013-03-12 01:43:35 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-12 01:41:39 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple

2013-03-12 01:40:58 -------- d-----w- C:\Program Files\Bonjour

2013-03-12 01:40:58 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-03-11 16:23:34 -------- d-----w- C:\Users\Ryan\AppData\Roaming\.mono

2013-03-11 16:22:15 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Full Control

2013-03-07 02:43:34 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-28 18:24:49 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-28 08:00:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-02-28 04:04:48 -------- d-----w- C:\Users\Ryan\AppData\Local\WarThunder

2013-02-28 04:04:48 -------- d-----w- C:\ProgramData\WarThunder

2013-02-28 04:04:34 -------- d-----w- C:\Program Files (x86)\War Thunder

2013-02-27 03:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

.

==================== Find3M ====================

.

2013-03-12 18:44:58 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-07 02:43:29 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-07 02:43:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-14 07:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 01:33:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-02-12 01:33:07 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-02-08 08:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-08 08:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-08 08:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-08 08:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-08 08:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-17 05:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll

.

============= FINISH: 12:35:04.66 ===============

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/9/2013 12:52:07 AM

System Uptime: 3/26/2013 11:59:39 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0F642F

Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2833/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 340.451 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP36: 3/21/2013 12:20:20 AM - Scheduled Checkpoint

RP37: 3/21/2013 3:00:31 AM - Windows Update

RP38: 3/25/2013 1:22:14 AM - Installed Super Ad Blocker

RP39: 3/25/2013 1:42:09 AM - Removed Super Ad Blocker

RP40: 3/25/2013 2:07:06 AM - Installed AVG 2013

RP41: 3/25/2013 2:08:19 AM - Installed AVG 2013

RP42: 3/26/2013 3:00:18 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AVG 2013

Bonjour

CCleaner

Counter-Strike: Source

Dell Photo AIO Printer 966

F.lux

Frontline Tactics

Google Chrome

Google Earth

Google Update Helper

Hi-Rez Studios Authenticate and Update Service

iTunes

Java 7 Update 17

Java Auto Updater

League of Legends

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 310.90

NVIDIA Control Panel 310.90

NVIDIA Graphics Driver 310.90

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenOffice.org 3.4.1

Pando Media Booster

PlanetSide 2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.3

Steam

The Elder Scrolls V: Skyrim

Tribes Ascend

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2010 x64 Redistributables

War Thunder Launcher 1.0.1.152

ZoneAlarm LTD Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/26/2013 3:19:41 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

3/26/2013 3:19:41 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

3/26/2013 3:17:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL

3/26/2013 3:16:23 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

3/25/2013 1:23:28 AM, Error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: This driver has been blocked from loading

3/25/2013 1:23:28 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\ has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/25/2013 1:23:26 AM, Error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: This driver has been blocked from loading

3/25/2013 1:23:25 AM, Error: Service Control Manager [7000] - The SABDIFSV service failed to start due to the following error: This driver has been blocked from loading

3/25/2013 1:22:37 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/20/2013 5:58:07 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/19/2013 10:35:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

3/19/2013 10:35:10 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall this application: ZoneAlarm LTD Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

I apologize for my delay, I just got a minute before bed to hop on the PC and take a look. I'm having an issue finding the Zonealarm LTD Toolbar. I have found the path for the file in C:\ProgramData and in C:\Users\Ryan\AppData\Roaming. I have no uninstall feature in either category, or in my programs list. Should I just delete the folders and clear them from my recycling bin and continue with the rest of your steps?

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.3 (03.23.2013:1)

OS: Windows 7 Home Premium x64

Ran by Ryan on Thu 03/28/2013 at 12:29:20.34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/28/2013 at 12:35:39.24

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.28.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ryan :: RYAN-PC [administrator]

3/28/2013 12:41:32 PM

mbam-log-2013-03-28 (12-41-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226089

Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-03-28 12:51:25

-----------------------------

12:51:25.541 OS Version: Windows x64 6.1.7601 Service Pack 1

12:51:25.541 Number of processors: 4 586 0x1707

12:51:25.542 ComputerName: RYAN-PC UserName: Ryan

12:51:26.442 Initialize success

12:51:41.282 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000005a

12:51:41.284 Disk 0 Vendor: ST350063 3.AD Size: 476940MB BusType: 8

12:51:41.286 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000005b

12:51:41.288 Disk 1 Vendor: ST350062 DE12 Size: 476940MB BusType: 8

12:51:41.412 Disk 1 MBR read successfully

12:51:41.415 Disk 1 MBR scan

12:51:41.418 Disk 1 Windows 7 default MBR code

12:51:41.428 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:51:41.435 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

12:51:41.469 Disk 1 scanning C:\Windows\system32\drivers

12:51:49.554 Service scanning

12:52:03.093 Modules scanning

12:52:03.100 Disk 1 trace - called modules:

12:52:03.117 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

12:52:03.446 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004d58060]

12:52:03.451 3 CLASSPNP.SYS[fffff8800102643f] -> nt!IofCallDriver -> [0xfffffa8004ad18e0]

12:52:03.456 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8004ac3060]

12:52:03.461 Scan finished successfully

13:01:56.634 Disk 1 MBR has been saved successfully to "C:\Users\Ryan\Desktop\Dan\New folder\MBR.dat"

13:01:56.641 The log file has been saved successfully to "C:\Users\Ryan\Desktop\Dan\New folder\aswMBR.txt"

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Ryan at 13:08:54 on 2013-03-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2691 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dlcqcoms.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe

C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe

C:\Windows\System32\StikyNot.exe

C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\splwow64.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: {53A3D6ED-94C0-4CAD-ADBA-F54F841D5CCA} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [F.lux] "C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{0553A5F9-276A-47D2-9CDB-F3F514905F62} : DHCPNameServer = 192.168.1.1 71.242.0.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [dlcqmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe"

x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe"

x64-Run: [DLCQCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCQtime.dll,RunDLLEntry

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-9 8704]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-9 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-9 682344]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-9 24176]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-10 1255736]

.

=============== Created Last 30 ================

.

2013-03-28 16:29:12 -------- d-----w- C:\Windows\ERUNT

2013-03-28 16:27:49 -------- d-----w- C:\JRT

2013-03-26 05:39:16 -------- d-----w- C:\Program Files\CCleaner

2013-03-26 01:01:34 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-25 06:12:59 -------- d-----w- C:\Users\Ryan\AppData\Roaming\AVG2013

2013-03-25 06:10:04 -------- d-----w- C:\Users\Ryan\AppData\Roaming\TuneUp Software

2013-03-25 06:08:46 -------- d--h--w- C:\$AVG

2013-03-25 06:08:46 -------- d-----w- C:\ProgramData\AVG2013

2013-03-25 06:08:03 -------- d-----w- C:\Program Files (x86)\AVG

2013-03-25 06:05:00 -------- d--h--w- C:\ProgramData\Common Files

2013-03-25 06:05:00 -------- d-----w- C:\Users\Ryan\AppData\Local\MFAData

2013-03-25 06:05:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Avg2013

2013-03-25 06:05:00 -------- d-----w- C:\ProgramData\MFAData

2013-03-25 05:23:15 -------- d-----w- C:\Users\Ryan\AppData\Roaming\SuperAdBlocker.com

2013-03-25 05:23:06 -------- d-----w- C:\Windows\SysWow64\URTTemp

2013-03-25 05:22:17 -------- d-----w- C:\Users\Ryan\AppData\Roaming\CheckPoint

2013-03-25 05:21:18 -------- d-----w- C:\ProgramData\CheckPoint

2013-03-22 15:40:16 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A5843CD-F270-4033-AC71-80235615A8E1}\mpengine.dll

2013-03-18 06:43:53 -------- d-----r- C:\Program Files (x86)\Skype

2013-03-12 05:51:50 -------- d-----w- C:\Users\Ryan\AppData\Local\SCE

2013-03-12 01:44:18 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple Computer

2013-03-12 01:44:06 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-03-12 01:43:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-12 01:43:35 -------- d-----w- C:\Program Files\iTunes

2013-03-12 01:43:35 -------- d-----w- C:\Program Files\iPod

2013-03-12 01:43:35 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-12 01:41:39 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple

2013-03-12 01:40:58 -------- d-----w- C:\Program Files\Bonjour

2013-03-12 01:40:58 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-03-11 16:23:34 -------- d-----w- C:\Users\Ryan\AppData\Roaming\.mono

2013-03-11 16:22:15 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Full Control

2013-03-07 02:43:34 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-28 18:24:49 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-28 08:00:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-02-28 04:04:48 -------- d-----w- C:\Users\Ryan\AppData\Local\WarThunder

2013-02-28 04:04:48 -------- d-----w- C:\ProgramData\WarThunder

2013-02-28 04:04:34 -------- d-----w- C:\Program Files (x86)\War Thunder

2013-02-27 03:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

.

==================== Find3M ====================

.

2013-03-12 18:44:58 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-07 02:43:29 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-07 02:43:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-14 07:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 01:33:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-02-12 01:33:07 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-02-08 08:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-08 08:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-08 08:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-08 08:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-08 08:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-17 05:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll

.

============= FINISH: 13:09:14.79 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/9/2013 12:52:07 AM

System Uptime: 3/27/2013 6:44:58 PM (19 hours ago)

.

Motherboard: Dell Inc. | | 0F642F

Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2833/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 334.637 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP36: 3/21/2013 12:20:20 AM - Scheduled Checkpoint

RP37: 3/21/2013 3:00:31 AM - Windows Update

RP38: 3/25/2013 1:22:14 AM - Installed Super Ad Blocker

RP39: 3/25/2013 1:42:09 AM - Removed Super Ad Blocker

RP40: 3/25/2013 2:07:06 AM - Installed AVG 2013

RP41: 3/25/2013 2:08:19 AM - Installed AVG 2013

RP42: 3/26/2013 3:00:18 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AVG 2013

Bonjour

CCleaner

Counter-Strike: Source

Dell Photo AIO Printer 966

F.lux

Frontline Tactics

Google Chrome

Google Earth

Google Update Helper

Hi-Rez Studios Authenticate and Update Service

iTunes

Java 7 Update 17

Java Auto Updater

League of Legends

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 310.90

NVIDIA Control Panel 310.90

NVIDIA Graphics Driver 310.90

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenOffice.org 3.4.1

Pando Media Booster

PlanetSide 2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.3

Steam

The Elder Scrolls V: Skyrim

Tribes Ascend

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2010 x64 Redistributables

War Thunder Launcher 1.0.1.152

ZoneAlarm LTD Toolbar

.

==== End Of File ===========================

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Link to post
Share on other sites

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 17:30:45

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ryan - RYAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ryan\Desktop\Dan\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [678 octets] - [28/03/2013 17:30:45]

########## EOF - C:\AdwCleaner[R1].txt - [737 octets] ##########

Link to post
Share on other sites

I just wanted to give you a heads up that I probably wont be able to respond until April 1. I have a wedding to go to out of state this weekend, so if I don't respond for the next two or three days, I will respond by Monday. Thank you again for your time, I'm really grateful that people like you take such time out of your lives to help people like me.

Link to post
Share on other sites

Thanks for letting me know! :)

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Link to post
Share on other sites

Sorry for the delay! Here is the information you asked for Maniac.

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 14:52:50

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ryan - RYAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ryan\Desktop\Dan\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [805 octets] - [28/03/2013 17:30:45]

AdwCleaner[s1].txt - [319 octets] - [02/04/2013 14:52:27]

AdwCleaner[s2].txt - [797 octets] - [02/04/2013 14:52:50]

########## EOF - C:\AdwCleaner[s2].txt - [856 octets] ##########

Link to post
Share on other sites

No problem. :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Glad I could help! :)

I'd like to run a defrag and a system clean up just to polish it all over, but other than that it's peachy.

I could suggest you some of our tips:

http://forums.malwarebytes.org/index.php?showtopic=81990

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner and manually delete Junkware Removal Tool.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.