gkannon77 Posted May 12, 2013 ID:678596 Share Posted May 12, 2013 Damn. I was duped into thinking I was speaking to Belkin cust support cause the phone # I googled had top billing (shoulda known better)It was an iYogi rep instead. SO:Remote access ensues; the tech installs:PCDiagnosticsSD SetupAlong with some random iYogi toolbars and persistent homepage changes that are really annoying. Search engine default changed also"Search Protect" by Conduit must have been added also b/c I found it in msconfig (I tried to uninstal Search Protect by Conduit with Revo-uninstall, it still appears but with a unknown manufacturerI'm sure i am forgetting some minor details/malware I noticed but that is the jist of it. He stated I had some registry errors and some old files that cold be cleaned up. Thanks, but I can do that my self.He really tried hard to charge me $150/yr, promising I needed it now or else my PC could crash. I politefully declinedFunny thing was I was calling b/c my belkin wireless USB wasn't working.Jerks. After reading other's experience with iYogi's as well as their ?able history with Avast, I'm not surprised.Malwarebytes gave the all clearBut I do need some help here; so what should step number one be?:DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2Run by Owner at 1:59:31 on 2013-05-12Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1157 [GMT -4:00].AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\atiesrxx.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\rundll32.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\iashost.exeC:\Windows\system32\taskeng.exeC:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\AVG\AVG2013\avgemcx.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\WINDOWS\ModPS2Key.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG2013\avgui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\NETGEAR\WNA1000M\WNA1000M.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN12305727558567937&UM=2&ctid=CT3287822uProxyOverride = <local>;*.localBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRunuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRunOnce: [spUninstallDeleteDir] rmdir /s /q "c:\users\owner\appdata\roaming\SearchProtect"mRun: [ModPS2] ModPS2Key.exemRun: [CHotkey] zHotkey.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLYmRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /fStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1000m\WNA1000M.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Easy-WebPrint Add To Print List - <no file>IE: Easy-WebPrint High Speed Print - <no file>IE: Easy-WebPrint Preview - <no file>IE: Easy-WebPrint Print - <no file>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CABDPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cabDPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tutorvista.webex.com/client/v_mywebex-t20/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{3D8143BD-3539-46DE-B3D4-B43EC7C79476} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{530BA2FD-8815-43E9-AC25-EBD8BFE1EE37} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{8DADE688-2E61-4B99-9122-05E1D73D5004} : DHCPNameServer = 10.0.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]R2 WlanWpsSvc;WlanWpsSvc;c:\program files\netgear\wna1000m\WlanWpsSvc.exe [2010-11-16 174560]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-8-11 542312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-4-14 99344]S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [2011-1-31 700520]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-4-17 121192]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-4-17 12776]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-4-17 136680]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\drivers\usbvm302.sys [2004-3-19 90968].=============== File Associations ===============.ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1".=============== Created Last 30 ================.2013-05-12 04:16:32 -------- d-----w- c:\users\owner\appdata\roaming\7 Sticky Notes2013-05-12 04:15:49 805376 ----a-w- c:\windows\system32\EditCtlsU.ocx2013-05-12 04:15:49 604672 ----a-w- c:\windows\system32\ExTVwU.ocx2013-05-12 04:15:49 198456 ----a-w- c:\windows\system32\MCI32.OCX2013-05-12 04:15:49 1351392 ----a-w- c:\windows\system32\comctl32.ocx2013-05-12 04:15:49 1031168 ----a-w- c:\windows\system32\ExLVwU.ocx2013-05-12 04:15:48 554008 ----a-w- c:\windows\system32\dao360.dll2013-05-12 04:15:48 -------- d-----w- c:\program files\7 Sticky Notes2013-05-11 19:53:43 -------- d-----w- C:\components2013-05-08 04:03:58 -------- d-----w- c:\program files\Conduit2013-05-08 04:03:55 -------- d-----w- c:\users\owner\appdata\local\Conduit2013-05-08 04:03:49 -------- d-----w- c:\program files\VS Revo Group2013-05-08 04:03:32 -------- d-----w- c:\users\owner\appdata\local\CRE2013-05-08 03:33:36 -------- d-----w- c:\program files\CCleaner2013-05-08 01:12:59 -------- d-----w- c:\users\owner\appdata\roaming\QuickScan2013-05-08 01:12:11 -------- d-----w- c:\programdata\SmartPCScan2013-05-08 00:57:51 -------- d-----w- c:\program files\iYogi Support Dock2013-04-29 03:15:41 178688 ----a-w- c:\windows\system32\unrar.dll2013-04-29 03:15:38 -------- d-----w- c:\program files\K-Lite Codec Pack2013-04-24 11:09:08 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-21 02:22:21 -------- d-----w- c:\program files\tixati2013-04-18 01:34:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-04-17 23:53:28 -------- d-----w- c:\programdata\Samsung2013-04-17 23:53:17 -------- d-----w- c:\program files\Samsung2013-04-15 16:13:25 64000 ----a-w- c:\windows\system32\smss.exe2013-04-15 16:13:25 49152 ----a-w- c:\windows\system32\csrsrv.dll2013-04-15 16:13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-04-15 16:13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe2013-04-15 16:13:24 2067968 ----a-w- c:\windows\system32\mstscax.dll2013-04-15 16:13:23 376320 ----a-w- c:\windows\system32\winsrv.dll2013-04-15 16:13:23 2049024 ----a-w- c:\windows\system32\win32k.sys.==================== Find3M ====================.2013-04-18 05:56:13 821824 ----a-w- c:\windows\system32\dgderapi.dll2013-04-18 05:56:13 319456 ----a-w- c:\windows\system32\DIFxAPI.dll2013-04-18 05:56:13 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys2013-03-19 23:40:16 861088 ----a-w- c:\windows\system32\npDeployJava1.dll2013-03-19 23:40:16 782240 ----a-w- c:\windows\system32\deployJava1.dll2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.============= FINISH: 2:00:08.05 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 3/5/2007 7:08:56 AMSystem Uptime: 5/9/2013 9:03:36 PM (53 hours ago).Motherboard: ELITEGROUP | | MCP61PM-AMProcessor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2000/201mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 223 GiB total, 121.507 GiB free.D: is FIXED (NTFS) - 10 GiB total, 4.461 GiB free.E: is CDROM ()H: is FIXED (NTFS) - 932 GiB total, 831.774 GiB free..==== Disabled Device Manager Items =============.Class GUID: {36fc9e60-c465-11cf-8056-444553540000}Description: USB Mass Storage DeviceDevice ID: USB\VID_058F&PID_6377\920321111113Manufacturer: Compatible USB storage deviceName: USB Mass Storage DevicePNP Device ID: USB\VID_058F&PID_6377\920321111113Service: USBSTOR.Class GUID: Description: Device ID: ROOT\LEGACY_SSDPSRV\0000Manufacturer: Name: PNP Device ID: ROOT\LEGACY_SSDPSRV\0000Service: .==== System Restore Points ===================.RP1956: 4/30/2013 10:28:01 PM - Windows UpdateRP1957: 5/1/2013 11:33:07 AM - Scheduled CheckpointRP1958: 5/2/2013 12:00:01 AM - Scheduled CheckpointRP1959: 5/3/2013 12:05:25 AM - Scheduled CheckpointRP1960: 5/4/2013 - Scheduled CheckpointRP1961: 5/4/2013 3:02:58 PM - Removed Belkin USB Wireless AdapterRP1962: 5/5/2013 12:26:05 PM - Installed Belkin USB Wireless AdapterRP1963: 5/6/2013 4:28:37 PM - Scheduled CheckpointRP1964: 5/7/2013 11:18:44 PM - Installed AVG 2013RP1965: 5/8/2013 12:10:46 AM - Installed Kaspersky Security Scan.RP1967: 5/8/2013 12:16:04 AM - Revo Uninstaller's restore point - MixiDJ V8 ToolbarRP1969: 5/8/2013 12:21:04 AM - Revo Uninstaller's restore point - PunkBuster ServicesRP1971: 5/8/2013 12:24:57 AM - Revo Uninstaller's restore point - Kaspersky Security ScanRP1973: 5/8/2013 12:26:07 AM - First Restore PointRP1974: 5/9/2013 9:48:05 PM - Scheduled CheckpointRP1976: 5/11/2013 3:52:33 PM - Revo Uninstaller's restore point - Search Protect by conduitRP1978: 5/12/2013 12:19:52 AM - Revo Uninstaller's restore point - 7 Sticky NotesRP1980: 5/12/2013 12:22:07 AM - Revo Uninstaller's restore point - 7 Sticky Notes.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerABBYY FineReader 5.0 Sprint PlusAdobe Acrobat Connect Add-inAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 8.3.1Adobe Shockwave Player 11Agere Systems PCI-SV92PP Soft ModemApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft MediaImpression for KodakArcSoft PhotoStudio 5.5ArcSoft Software SuiteATI AVIVO CodecsATI Catalyst Install ManagerAudacity 1.2.6Auslogics BoostSpeedAVG 2013Belkin USB Wireless AdapterBonjourBrowser Address Error RedirectorBufferChmC4400C4400_HelpCards_Calendar_OrderGift_DoMorePlugoutCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCDDRV_InstallerCleanUp!Click to Call with SkypeCompatibility Pack for the 2007 Office systemCopyCustomerResearchQFolderD3DX10Destination ComponentDeviceDiscoveryDeviceManagementQFolderDocProcDocProcQFoldererLTeSupportQFolderFacebook Plug-InFormatFactory 2.20Glary Utilities 2.33.0.1158Google ChromeGoogle EarthGoogle Update HelperGPBaseServiceHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 10.0HP Imaging Device Functions 10.0HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3HP Photosmart Essential 2.5HP Smart Web PrintingHP Solution Center 10.0HP UpdateHPPhotoSmartPhotobookWebPack1HPProductAssistantHydraVisioniTunesJava 7 Update 21Java Auto UpdaterK-Lite Codec Pack 9.8.5 (Standard)KhalInstallWrapperKies miniLogitech Communications ManagerLogitech SetPointMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Digital Image Library 9 - BlockerMicrosoft Digital Image Starter Edition 2006Microsoft Digital Image Starter Edition 2006 EditorMicrosoft Digital Image Starter Edition 2006 LibraryMicrosoft LifeCamMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Text-to-Speech Engine 4.0 (English)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSVCRTMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)neroxmlNETGEAR WNA1000M Wireless USB 2.0 AdapterNext Generation VisualisationsNVIDIA DriversOCR Software by I.R.I.S. 10.0PanoStandAlonePASW Statistics 18Pocket Tanks v1.3PS_AIO_03_C4400_ProductContextPS_AIO_03_C4400_SoftwarePS_AIO_03_C4400_Software_MinPS2 Multimedia Keyboard DriverPSSWCOREQuickTimeRealtek High Definition Audio DriverRevo Uninstaller 1.94SAMSUNG USB Driver for Mobile PhonesScanScanSoft OmniPage SE 4.0ScanToWebSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UISkype™ 5.10SmartWebPrintingOCSolutionCenterStatusThe Merck Index v 13.1TixatiToolboxTrayAppUnloadSupportUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VideoToolkit01Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01VLC media player 1.0.2WebRegWinDjView 1.0.3Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MessengerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Media Player Firefox PluginWinRAR archiverYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.5/9/2013 9:06:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool i8042prt5/9/2013 9:06:19 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.5/9/2013 9:05:56 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.5/9/2013 9:05:56 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.5/9/2013 5:58:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 08863BDF55F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).5/9/2013 5:58:46 PM, Error: EventLog [6008] - The previous system shutdown at 8:22:06 AM on 5/9/2013 was unexpected.5/7/2013 8:58:03 PM, Error: Service Control Manager [7030] - The Support Dock Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.5/7/2013 10:46:22 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 08863BDF55F2. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.5/7/2013 10:35:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 08863BDF55F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).5/5/2013 12:01:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 70.119.196.137 for the Network Card with network address 001BB974FEDB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message)..==== End Of File =========================== Link to post Share on other sites More sharing options...
gkannon77 Posted May 14, 2013 Author ID:679228 Share Posted May 14, 2013 Am I to assume the all clear? Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679232 Share Posted May 14, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
gkannon77 Posted May 14, 2013 Author ID:679260 Share Posted May 14, 2013 Just FYI:Ive d/l RougeKiller32 but have gone through some help at BleepingComputer.com as well, including running Rkill early on. We are now at the part of simply upgrading adobe, tweaking Quick Setup, those sort of things.Haven't got the all clear, but wanted to be up front with you guys. I know ur busy.Any harm in running the Rougekiller32 just to see what's spit out? Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679305 Share Posted May 14, 2013 If you're being helped at BleepingComputer then stay in that topic.Posting at several different help for the same problem is not allowed.MrC Link to post Share on other sites More sharing options...
gkannon77 Posted May 14, 2013 Author ID:679316 Share Posted May 14, 2013 It was just a case of first come first serve.I donate every time, b/c I know how busy you folks seem.Considered all clear, per bleepingPC!Best,Greg Link to post Share on other sites More sharing options...
LDTate Posted May 16, 2013 ID:680282 Share Posted May 16, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts