JJDetroit Posted July 21, 2013 ID:705508 Share Posted July 21, 2013 Here are the DDS log files. Does it matter that I had to run DDS in Safe Mode?DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maniac Posted July 21, 2013 ID:705514 Share Posted July 21, 2013 Hello JJDetroit! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.I'm afraid I have bad news. One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. I suggest you disconnect this computer from the Internet immediately you finish reading this post. If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Visit the following sites for more information on Internet theft and when to reformat! Help: I Got Hacked. Now What Do I Do? Help: I Got Hacked. Now What Do I Do? Part II How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy. If you have any questions before making a final decision, please feel free to ask. Instructions how to format and reinstall Windows can be found here Link to post Share on other sites More sharing options...
JJDetroit Posted July 21, 2013 Author ID:705523 Share Posted July 21, 2013 I'd like to try to clean the PC up without reformatting and reinstalling Windows first. It's an HP desktop that does have a System Recovery available, but using that is my last resort. Link to post Share on other sites More sharing options...
Maniac Posted July 21, 2013 ID:705535 Share Posted July 21, 2013 Step 1 Please uninstall the following applications: att.net Toolbar IncrediMail MediaBar 2 Toolbar MapsGalaxy Toolbar Talk_Internet_Radio Toolbar Step 2 Please download Malwarebytes Anti-Rootkit here.Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Step 3 Now you should run the fixdamage.exe application, located in the same MBAR directory as mbar.exe. Clicking on fixdamage.exe will open the console application and request confirmation to apply any fixes to the operating system. Input “Y” to being the fix. After the fix is complete, it will request you to restart the system again. In your next reply, post the following log files:Malwarebytes' Anti-Rootkit loga new fresh DDS log Link to post Share on other sites More sharing options...
JJDetroit Posted July 22, 2013 Author ID:705707 Share Posted July 22, 2013 Following your instructions, I removed the 4 toolbars, then ran mbar.exe. I was not shown any log files when the program finished. Then I ran fixdamage.exe, and once again I was not shown any log files afterwards. I then ran the DDS program again, and have attached the log files it produces.DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maniac Posted July 22, 2013 ID:705808 Share Posted July 22, 2013 Post your log files, don't attach them. Every log file should be copy/pasted in your next reply. Please post the two logs produced. In your next reply, post the following log files: Link to post Share on other sites More sharing options...
JJDetroit Posted July 22, 2013 Author ID:705816 Share Posted July 22, 2013 Sorry. Here they are. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.9.2Run by Owner at 18:07:23 on 2013-07-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1853 [GMT -4:00].AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\ATT-SST\pcTrayApp.exeC:\Windows\system32\taskeng.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\hp\support\hpsysdrv.exeC:\Program Files\iTunes\iTunesHelper.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\real\realplayer\Update\realsched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Windows\system32\conhost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\LogMeIn\x86\LMIGuardianSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\rundll32.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Motive\pcCMService.exeC:\Program Files\Common Files\Motive\pcServiceHost.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbarsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k LocalServicePeerNet.============== Pseudo HJT Report ===============.uURLSearchHooks: <No Name>: {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - c:\program files\referenceboss_1p\bar\1.bin\1pSrcAs.dllmURLSearchHooks: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dllmURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dllmURLSearchHooks: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Toolbar BHO: {090e3203-df81-4ff6-bba7-a178bbc3a774} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dllBHO: Search Assistant BHO: {15da6705-4bfa-47c3-95fa-955b71d8f9e1} - c:\program files\referenceboss_1p\bar\1.bin\1pSrcAs.dllBHO: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - <orphaned>BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dllBHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Game Master 2.1 Toolbar: {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - c:\program files\game_master_2.1\prxtbGame.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: ReferenceBoss: {C4676D53-FCE5-4A19-BE4D-97E6EAF7E19A} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dllTB: IncrediMail MediaBar 2 Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dllTB: NPR Radio Toolbar: {F2C96FF5-E7BD-4FC5-9B71-1D3BD0B6BF82} - c:\program files\npr_radio\tbNPR_.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllTB: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dllTB: ReferenceBoss: {c4676d53-fce5-4a19-be4d-97e6eaf7e19a} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dllTB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dllTB: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"mRun: [RtHDVCpl] RtHDVCpl.exemRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exemRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: $talisma_url$TCP: NameServer = 192.168.1.254TCP: Interfaces\{687AE678-1483-4490-B512-B43F9E138B11} : DHCPNameServer = 192.168.1.254Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllSSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2013-3-5 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2013-3-5 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2013-3-5 226016]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2013-3-5 29712]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2013-3-5 243152]R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2013-2-16 401920]R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2013-3-5 921952]R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2013-3-5 308136]R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2013-3-5 5897808]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 375120]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 13624]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-4-20 47640]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-5 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-5 701512]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2013-6-5 101552]R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-19 369152]R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-6-19 342528]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]R2 ReferenceBoss_1pService;ReferenceBossService;c:\program files\referenceboss_1p\bar\1.bin\1pbarsvc.exe [2011-10-18 42504]R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2013-3-5 122448]R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2013-3-5 30288]R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2013-3-5 20560]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-5 22856]R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-3-29 315392]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-21 31560]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-9 1343400]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?].=============== Created Last 30 ================.2013-07-21 21:43:10 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-07-17 13:18:58 -------- d-----w- c:\users\owner\appdata\local\KB67501232013-07-11 07:05:56 -------- d-----w- C:\d38a8bcb7c4a7b58ecb49b6b2013-07-11 04:58:43 1247744 ----a-w- c:\windows\system32\DWrite.dll2013-07-11 04:58:42 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-11 04:58:33 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll2013-07-11 04:58:33 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll2013-07-11 04:58:33 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2013-07-11 04:58:32 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL2013-07-11 04:58:31 509440 ----a-w- c:\windows\system32\qedit.dll2013-07-11 04:58:30 2347520 ----a-w- c:\windows\system32\win32k.sys2013-07-11 04:58:29 680960 ----a-w- c:\program files\windows defender\MpSvc.dll2013-07-11 04:58:29 392704 ----a-w- c:\program files\windows defender\MpClient.dll2013-07-11 04:58:29 224768 ----a-w- c:\program files\windows defender\MpCommu.dll2013-07-01 13:20:34 -------- d-----w- c:\users\owner\appdata\roaming\AVG92013-06-25 17:28:20 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2013-06-25 17:28:15 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc9c5753-450e-43b2-b664-7d0043899b92}\mpengine.dll2013-06-22 23:41:11 -------- d-----w- c:\users\owner\appdata\local\KB0092488.==================== Find3M ====================.2013-07-21 21:59:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-21 21:59:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-06-08 19:44:57 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2013-06-08 19:44:57 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll2013-06-08 19:44:54 92488 ----a-w- c:\windows\system32\LMIinit.dll2013-06-08 19:44:54 31560 ----a-w- c:\windows\system32\LMIport.dll2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-02 13:45:22 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll.============= FINISH: 18:09:02.57 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 8/8/2012 8:44:39 AMSystem Uptime: 7/21/2013 6:04:32 PM (0 hours ago).Motherboard: ASUSTek Computer INC. | | NARRA3Processor: AMD Athlon 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 326 GiB total, 225.07 GiB free.D: is FIXED (NTFS) - 9 GiB total, 1.272 GiB free.E: is CDROM ()F: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is RemovableK: is RemovableL: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP98: 4/2/2013 4:37:54 PM - Windows UpdateRP99: 4/6/2013 10:46:39 AM - Windows UpdateRP100: 4/10/2013 7:37:08 AM - Windows UpdateRP101: 4/10/2013 7:08:57 PM - Windows UpdateRP102: 4/12/2013 7:53:31 PM - Windows UpdateRP103: 4/16/2013 7:39:47 AM - Windows UpdateRP104: 4/19/2013 2:38:29 PM - Windows UpdateRP105: 4/23/2013 11:55:28 AM - Windows UpdateRP106: 4/25/2013 3:00:59 AM - Windows UpdateRP107: 4/29/2013 10:15:57 AM - Windows UpdateRP108: 5/2/2013 6:35:50 PM - Windows UpdateRP109: 5/6/2013 3:23:21 PM - Windows UpdateRP110: 5/10/2013 8:33:38 AM - Windows UpdateRP111: 5/13/2013 10:56:07 AM - Windows UpdateRP112: 5/16/2013 7:47:45 PM - Windows UpdateRP113: 5/20/2013 8:37:36 AM - Windows UpdateRP114: 5/23/2013 9:54:31 AM - Windows UpdateRP116: 5/24/2013 8:38:04 AM - Avg UpdateRP117: 5/27/2013 12:42:06 PM - Windows UpdateRP118: 5/31/2013 8:22:44 AM - Windows UpdateRP119: 6/4/2013 8:19:47 AM - Windows UpdateRP120: 6/7/2013 3:46:56 PM - Windows UpdateRP122: 6/8/2013 9:04:44 AM - Avg UpdateRP123: 6/10/2013 9:19:26 PM - Windows UpdateRP124: 6/12/2013 7:01:46 PM - Windows UpdateRP125: 6/16/2013 12:57:38 PM - Windows UpdateRP126: 6/19/2013 5:14:38 PM - Windows UpdateRP127: 6/23/2013 7:49:07 PM - Windows UpdateRP129: 6/26/2013 8:02:03 AM - Avg UpdateRP130: 7/5/2013 12:49:41 PM - Scheduled CheckpointRP131: 7/11/2013 3:00:27 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerAdobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Adobe Shockwave Player 11.5AIO_ScanAmazon Games & Software DownloaderApple Application SupportApple Mobile Device SupportApple Software UpdateAT&T Troubleshoot & Resolve Toolatt.net Internet MailAvery Wizard 4.0AVG 9.0Bejeweled 2 DeluxeBejeweled 3Bejeweled BlitzBejeweled Deluxe 1.87Bing Rewards Client InstallerBonjourBookworm DeluxeBufferChmC8100C8100_doccdC8100_HelpCA Pest Patrol Realtime ProtectionCards_Calendar_OrderGift_DoMorePlugoutCompatibility Pack for the 2007 Office systemCopyCustomerResearchQFolderCWA Reminder by We-Care.com v4.1.17.3CyberLink DVD Suite DeluxeDestination ComponentDeviceDiscoveryDeviceManagementQFolderDig DugDivX CodecDocProcDocProcQFolderDriverDocEnhanced Multimedia Keyboard SolutioneSupportQFolderExpert PDF 7 ReaderFaxFirefox Windows Media Player XPIFree Spider Solitaire 2012 v3.0Game Master 2.1 ToolbarGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHardware Diagnostic ToolsHELPHewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHP AdvisorHP Customer Experience EnhancementsHP Customer FeedbackHP Customer Participation Program 9.0HP DemoHP Easy Setup - FrontendHP Imaging Device Functions 9.0HP OCR Software 9.0HP On-Screen Cap/Num/Scroll Lock IndicatorHP Photosmart All-In-One Software 9.0HP Photosmart Essential 2.5HP Picasso Media Center Add-InHP Product AssistantHP Smart Web Printing 4.60HP Solution Center 9.0HP UpdateHPDiagnosticAlertHPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyIncrediMail MediaBar 2 ToolbariTunesJava 7 Update 9Java Auto UpdaterLabelPrintLightScribe System SoftwareLightScribeTemplateLabelerLogMeInMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMcAfee SiteAdvisorMicrosoft .NET Framework 4 Client ProfileMicrosoft Mouse and Keyboard CenterMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Home and Student 60 day trialMicrosoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Store Download ManagerMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMove Media PlayerMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesNPR_Radio ToolbarNVIDIA Control Panel 307.83NVIDIA DriversNVIDIA Graphics Driver 307.83NVIDIA Install ApplicationNVIDIA Update 1.10.8NVIDIA Update ComponentsOGA Notifier 2.0.0048.0PanoStandAlonePicasa 3Plants vs. ZombiesPowerDirectorPS_AIO_02_ProductContextPS_AIO_02_SoftwarePS_AIO_02_Software_minPSSWCOREPython 2.5QuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1ReferenceBossRoxioShimScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSmartWebPrintingSnapfish Picture MoverSoft Data Fax Modem with SmartCPSolutionCenterStatusThe Weather Channel Desktop 6ToolboxTrayAppUnloadSupportUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Video DownloaderVideoLAN VLC media player 0.8.6fVideoToolkit01WeatherBug GadgetWebIQ Technology EngineWebRegWindows Live ID Sign-in AssistantWindows Media Player Firefox PluginWinSweeper 1.1XVID CodecYahoo! Software Update.==== Event Viewer Messages From Past Week ========.7/21/2013 6:07:05 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.7/21/2013 5:54:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.7/21/2013 5:41:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}7/21/2013 5:41:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}7/21/2013 5:41:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}7/21/2013 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/21/2013 5:40:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}7/21/2013 12:31:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}7/20/2013 12:31:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.7/20/2013 12:31:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/20/2013 12:31:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache spldr Wanarpv67/19/2013 4:35:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}7/17/2013 8:59:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.7/17/2013 8:59:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.7/17/2013 8:58:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.7/17/2013 8:57:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.7/17/2013 8:27:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.7/17/2013 7:58:49 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.7/17/2013 5:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}7/17/2013 3:29:32 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/17/2013 3:29:32 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/17/2013 3:29:32 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The pipe has been ended.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.7/17/2013 3:29:29 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.7/17/2013 3:29:29 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.7/17/2013 2:27:32 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/17/2013 2:27:32 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: A system shutdown is in progress.7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.7/17/2013 2:27:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.7/17/2013 2:27:30 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/17/2013 2:27:29 PM, Error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%-21474672437/17/2013 2:27:16 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.7/14/2013 11:26:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 22, 2013 ID:705818 Share Posted July 22, 2013 Step 1 Please uninstall the following applications: Game Master 2.1 Toolbar NPR_Radio Toolbar ReferenceBoss IncrediMail MediaBar 2 Toolbar Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logComboFix log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2013 Root Admin ID:707641 Share Posted July 27, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
JJDetroit Posted July 31, 2013 Author ID:709398 Share Posted July 31, 2013 Here are the log files for the tools I was told to use. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.2.9 (07.30.2013:1)OS: Windows 7 Home Premium x86Ran by Owner on Wed 07/31/2013 at 16:37:52.90~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2716878406-3172828151-1382487044-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\iehelperv2.5.0.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{1fdff5a2-7bb1-48e1-8081-7236812b12b2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4fbbf769-eceb-420a-b536-133b1d505c36}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bb711cb0-c70b-482e-9852-ec05ebd71dbb}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4e92db5f-aad9-49d3-8eab-b40cbe5b1ff7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{933b95e2-e7b7-4ad9-b952-7ac336682ae3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b658800c-f66e-4ef3-ab85-6c0c227862a9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f25af245-4a81-40dc-92f9-e9021f207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f773bb94-6c19-4643-a570-0e429103d1c3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{4e92db5f-aad9-49d3-8eab-b40cbe5b1ff7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{c401d2ce-dc27-45c7-bc0c-8e6ea7f085d6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{f773bb94-6c19-4643-a570-0e429103d1c3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{74fb6afd-dd77-4ceb-83bd-ab2b63e63c93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{b12920cf-be13-4c09-890d-1b6efffe2fbe}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{c2ac8a0e-e48e-484b-a71c-c7a937faab94}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugoSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossriderSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecauseSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8f0b76e1-4e46-427b-b55b-b90593468ac6}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{95b7759c-8c7f-4bf1-b163-73684a933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{f25af245-4a81-40dc-92f9-e9021f207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminderSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savingsapp_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savingsapp_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{c6fdd0c3-266a-4dc3-b459-28c697c44cdc}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{f25af245-4a81-40dc-92f9-e9021f207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1225097Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2724386Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3018509Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3131886Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT654402Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{60B20C76-04F3-4021-A93D-EF47BDE03DFC}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6803721-4A49-4CD5-9300-7971454252AF}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{02C687BF-E3AD-4DE3-ACDF-C278CFC4642D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" ~~~ FilesSuccessfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"Successfully deleted: [File] "C:\end" ~~~ FoldersSuccessfully deleted: [Folder] C:\Users\Owner\AppData\LocalLow\FCTB000060231Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\trymedia"Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\apn"Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\savingsapp"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\comcasttb"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\iac"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\referenceboss_1p"Successfully deleted: [Folder] "C:\Program Files\comcasttb"Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"Successfully deleted: [Folder] "C:\Program Files\rivalgaming"Successfully deleted: [Folder] "C:\Program Files\totalrecipesearch_14ei"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rivalgaming" ~~~ ChromeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/31/2013 at 16:39:45.97End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 07/31/2013 at 16:41:16# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)# User : Owner - OWNER-PC# Boot Mode : Normal# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:\Program Files\Common Files\AVG Secure SearchFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorageFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFolder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibemFolder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdiFolder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle ToolbarFolder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video DownloaderFolder Deleted : C:\Users\Owner\Documents\DealRunner***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\SavingsAppKey Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdiKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Deleted : HKCU\Software\wecarereminderKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\FCTB000060231Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibemKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdiKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c7f7152cf43a2a612099a130a730f79fKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16635[OK] Registry is clean.-\\ Google Chrome v28.0.1500.72File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [12874 octets] - [31/07/2013 16:37:20]AdwCleaner[R2].txt - [4579 octets] - [31/07/2013 16:40:21]AdwCleaner[s1].txt - [4585 octets] - [31/07/2013 16:41:16]########## EOF - C:\AdwCleaner[s1].txt - [4645 octets] ########## ComboFix 13-07-31.02 - Owner 07/31/2013 16:49:12.1.2 - x86Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1780 [GMT -4:00]Running from: c:\users\Owner\Desktop\ComboFix.exeAV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Owner\Documents\~WRL0001.tmpc:\windows\system32\SET2B12.tmp..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_pcCMService..((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))..2013-07-31 20:57 . 2013-07-31 21:01 -------- d-----w- c:\users\Owner\AppData\Local\temp2013-07-31 20:57 . 2013-07-31 20:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-31 20:41 . 2013-07-31 20:41 115 ----a-w- c:\windows\DeleteOnReboot.bat2013-07-31 20:37 . 2013-07-31 20:37 -------- d-----w- c:\windows\ERUNT2013-07-31 20:18 . 2011-10-18 13:26 161728 ----a-w- c:\program files\1pres.dll2013-07-31 20:05 . 2013-07-31 20:05 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2013-07-31 20:05 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E49FF5C-31BC-4261-B6FF-74E40C5799F4}\mpengine.dll2013-07-28 15:10 . 2013-07-28 15:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG20132013-07-28 15:09 . 2013-07-28 15:09 -------- d-----w- c:\users\Owner\AppData\Local\AVG SafeGuard toolbar2013-07-28 15:09 . 2013-07-28 15:09 -------- d-----w- c:\users\Owner\AppData\Roaming\TuneUp Software2013-07-28 15:09 . 2013-07-31 19:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-07-28 15:09 . 2013-07-28 16:23 -------- d-----w- c:\programdata\AVG SafeGuard toolbar2013-07-28 15:09 . 2013-07-31 20:41 -------- d-----w- c:\program files\Common Files\AVG Secure Search2013-07-28 15:09 . 2013-07-31 19:58 -------- d-----w- c:\program files\AVG SafeGuard toolbar2013-07-28 15:07 . 2013-07-28 15:10 -------- d-----w- c:\programdata\AVG20132013-07-28 14:53 . 2013-07-31 20:06 -------- d-----w- c:\programdata\MFAData2013-07-28 14:53 . 2013-07-28 22:28 -------- d-----w- c:\users\Owner\AppData\Local\Avg20132013-07-28 14:53 . 2013-07-28 14:53 -------- d-----w- c:\users\Owner\AppData\Local\MFAData2013-07-21 21:43 . 2013-07-21 21:43 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-07-20 05:51 . 2013-07-20 05:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-20 05:50 . 2013-07-20 05:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-20 05:50 . 2013-07-20 05:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-20 05:50 . 2013-07-20 05:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-07-17 13:18 . 2013-07-21 21:54 -------- d-----w- c:\users\Owner\AppData\Local\KB67501232013-07-11 04:58 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll2013-07-11 04:58 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-11 04:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-07-11 04:58 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-07-11 04:58 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-07-11 04:58 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-07-11 04:58 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll2013-07-11 04:58 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys2013-07-11 04:58 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-07-11 04:58 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-07-11 04:58 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-07-10 05:32 . 2013-07-10 05:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-21 21:59 . 2012-04-04 12:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-21 21:59 . 2011-05-17 12:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-01 05:45 . 2013-07-01 05:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2013-06-08 19:44 . 2012-04-20 21:25 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll2013-06-08 19:44 . 2012-04-20 21:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2013-06-08 19:44 . 2012-04-20 21:25 31560 ----a-w- c:\windows\system32\LMIport.dll2013-06-08 19:44 . 2012-04-20 21:25 92488 ----a-w- c:\windows\system32\LMIinit.dll2013-06-02 13:45 . 2012-04-20 21:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-05-13 04:45 . 2013-06-12 11:26 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 04:45 . 2013-06-12 11:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 04:45 . 2013-06-12 11:26 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 03:08 . 2013-06-12 11:26 903168 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-12 11:26 43008 ----a-w- c:\windows\system32\certenc.dll2013-05-10 03:20 . 2013-06-12 11:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-08 05:38 . 2013-06-12 11:26 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-06 05:06 . 2013-06-12 11:26 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-05-06 05:06 . 2013-06-12 11:26 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-05-07 1984000]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-03-23 295512]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440].c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2012-03-30 15:04 116648 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe.R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 136176]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 136176]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-07-21 31560]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-09 1343400]S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072]S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-07-10 39224]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-07-31 37664]S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-02 13624]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2013-05-22 101552]S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [2013-05-07 342528]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-07-31 1616048]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:59].2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 12:54].2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 12:54].2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2716878406-3172828151-1382487044-1000Core.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 15:04].2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2716878406-3172828151-1382487044-1000UA.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 15:04].2013-07-11 c:\windows\Tasks\HPCeeScheduleForOwner.job- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-28 19:10]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.local;<local>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200Trusted Zone: $talisma_url$TCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file)SafeBoot-mbamchameleonMSConfigStartUp-ReferenceBoss_1p Browser Plugin Loader - c:\progra~1\REFERE~2\bar\1.bin\1pbrmon.exeAddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exeAddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exeAddRemove-Video Downloader - c:\program files\vGrabber-software\uninstall.exeAddRemove-CodecDivX - c:\program files\DivX Codec\3.2\Uninstall.exeAddRemove-CodecXVID - c:\program files\XVID Codec\Uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\progra~1\AVG\AVG2013\avgrsx.exec:\program files\AVG\AVG2013\avgcsrvx.exec:\windows\system32\nvvsvc.exec:\program files\NVIDIA Corporation\Display\nvxdsync.exec:\windows\system32\nvvsvc.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\LogMeIn\x86\RaMaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\windows\system32\taskhost.exec:\windows\system32\rundll32.exec:\program files\Microsoft Mouse and Keyboard Center\ipoint.exec:\program files\Microsoft Mouse and Keyboard Center\itype.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\program files\AVG\AVG2013\avgnsx.exec:\program files\AVG\AVG2013\avgemcx.exec:\program files\NVIDIA Corporation\Display\nvtray.exec:\program files\AVG\AVG2013\avgcsrvx.exec:\windows\system32\conhost.exec:\windows\System32\WUDFHost.exec:\windows\RtHDVCpl.exec:\program files\Microsoft Office\Office12\ONENOTEM.EXEc:\program files\iPod\bin\iPodService.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\program files\HP\Digital Imaging\bin\hpqbam08.exec:\windows\system32\taskhost.exec:\windows\servicing\TrustedInstaller.exec:\program files\Hewlett-Packard\HP Health Check\hphc_service.exec:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exec:\windows\system32\sppsvc.exe.**************************************************************************.Completion time: 2013-07-31 17:05:41 - machine was rebootedComboFix-quarantined-files.txt 2013-07-31 21:05.Pre-Run: 242,337,951,744 bytes freePost-Run: 243,091,533,824 bytes free.- - End Of File - - 9CB2844C4606808C10F5C70ED5F48ADEA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Maniac Posted August 1, 2013 ID:709575 Share Posted August 1, 2013 Good! Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
JJDetroit Posted August 1, 2013 Author ID:709674 Share Posted August 1, 2013 Here's the ESET log. C:\Users\Owner\AppData\LocalLow\ReferenceBoss_1pEI\Installr\Cache\05172F15.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4eb8dbcf-165ccfbb multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\45befe93-14131d8f multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\112967c2-4609a4e0 multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\403d4a18-222345aa multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\37cbf7dd-35a2f8e9 multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\d983d1d-3078d514 multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\254e7004-5ddd6d14 multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6d247ee9-3e5e06b8 multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\aa0bf6a-27bc0def-temp multiple threats cleaned by deleting - quarantinedC:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantinedC:\Users\Owner\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantinedC:\Users\Owner\Downloads\FreeSpiderSolitaire.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantinedC:\Users\Owner\Downloads\PC_Speed.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantinedC:\Users\Owner\Downloads\PIP2671_AVR37_ (1).exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantinedC:\Users\Owner\Downloads\PIP2671_AVR37_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Maniac Posted August 1, 2013 ID:709722 Share Posted August 1, 2013 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application. Upgrading Java : Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, then click Remove JRE.Run the built-in uninstallers for all copies of java listedClick the Next buttonClick the Next button againClick the Java Manual Download linkA browser window will open with the Java download pageClick the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)Run the installerClose JavaRa Link to post Share on other sites More sharing options...
JJDetroit Posted August 1, 2013 Author ID:709743 Share Posted August 1, 2013 OK, Java is up-to-date. Anything else I need to do? Link to post Share on other sites More sharing options...
Maniac Posted August 1, 2013 ID:709750 Share Posted August 1, 2013 Tell me how are things running now. Link to post Share on other sites More sharing options...
JJDetroit Posted August 1, 2013 Author ID:709816 Share Posted August 1, 2013 Looking good. Even have some stuff showing up on the Taskbar and Desktop (like widgets) that weren't loading before. Link to post Share on other sites More sharing options...
Maniac Posted August 2, 2013 ID:710092 Share Posted August 2, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Please uninstall ESET Online Scanner and manually delete Malwarebytes' Anti-Rootkit Step 3 Some malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
JJDetroit Posted August 2, 2013 Author ID:710165 Share Posted August 2, 2013 Couldn't find the ESET program to uninstall it, but everything else is removed. Thanks for all your help. Link to post Share on other sites More sharing options...
Maniac Posted August 2, 2013 ID:710166 Share Posted August 2, 2013 No problem. You're welcome! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 6, 2013 Root Admin ID:711450 Share Posted August 6, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts