Problem with PC Windows 7 Help Appreciated

Victor222 · July 25, 2013

I am running Windows 7 Quad Core processor with firefox and AVG antivirus 8GB RAM

I scan with Superantispyware Mawarebytes with real time protection use Spybot Search & Destroy Spywareblaster

Malwarebytes never finds anything but Superantispyware finds a lot of spyware cookies

I accidentally downloaded a program that installed 2 other unwanted programs i deleted them in the control panel and mad sure there was no trace in regedit software folders and there weren't any.

Since that happened often times when I open a new window in my firefox browser and move the cursor and click something a pop up window appears. It is like there is something attached to the page because if I move the cursor over a link a line should appears under it but it doesn't.

Tried allthe things mentioned above plus AVG scans every morning and still having issues also computer runs slower and takes a little longer for things to work bgecoming a hassle.

Maniac · July 25, 2013

Hello Victor222! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Victor222 · July 25, 2013

Yes will proceed and will read the file now

Victor222 · July 26, 2013

Cannot Download dds.scr to desktop always goes to download folder

Victor222 · July 26, 2013

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Computer at 20:15:53 on 2013-07-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.4913 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\HTC Home\Clock.exe
C:\Users\Computer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Computer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\cscript.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: CouponDropDown Plugin: {11111111-1111-1111-1111-110211771193} - C:\Program Files (x86)\CouponDropDown Plugin\CouponDropDown Plugin-bho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Clock Widget (HTC Home)] "C:\Program Files (x86)\HTC Home\Clock.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Computer\AppData\Local\Akamai\netsession_win.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\Computer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMSEXE~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{50D33B4D-0B7E-4FF5-843E-DD459AF92158} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9E4F7AC1-E126-4BF4-95B5-84E1EF954F9D} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{B8A96589-B3BF-4C37-A430-9B6F017F7228} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C1F1B1BC-FCDF-466D-9A9D-6403E3AC379D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C1F1B1BC-FCDF-466D-9A9D-6403E3AC379D}\4646D2772747 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-17 20:30; {aff87fa2-a58e-4edd-b852-0a20203c1e17}; C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF - ExtSQL: 2013-07-14 00:00; gystqfr@ylgga.com; C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\extensions\gystqfr@ylgga.com
FF - ExtSQL: 2013-07-14 13:59; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-23 19:15; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: !HIDDEN! 2013-02-14 14:32; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2012-8-31 36384]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-10-27 141920]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2012-8-31 65736]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-8-31 6724632]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-28 25928]
R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2012-8-31 24024]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-12 539240]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-9-9 97040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
.
=============== Created Last 30 ================
.
2013-07-24 01:34:27   --------   d-----w-   C:\Users\Computer\AppData\Local\Updater27793
2013-07-24 01:34:12   --------   d-----w-   C:\Program Files (x86)\CouponDropDown Plugin
2013-07-23 16:18:04   --------   d-----w-   C:\Users\Computer\AppData\Roaming\ChemTable Software
2013-07-23 16:17:55   --------   d-----w-   C:\Program Files (x86)\Reg Organizer
2013-07-23 16:17:54   --------   d-----w-   C:\Users\Computer\AppData\Local\ChemTable Software
2013-07-23 16:17:45   --------   d-----w-   C:\Users\Computer\AppData\Local\AnVir
2013-07-23 16:17:07   --------   d-----w-   C:\Program Files (x86)\AnVir Task Manager Free
2013-07-23 16:10:58   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-23 16:00:30   --------   d-----w-   C:\Users\Computer\AppData\Local\ElevatedDiagnostics
2013-07-23 15:51:20   --------   d-----w-   C:\Windows\System32\MRT
2013-07-19 19:48:56   --------   d-----w-   C:\Program Files (x86)\ESET
2013-07-14 17:57:57   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-14 16:36:37   805376   ----a-w-   C:\Windows\SysWow64\EditCtlsU.ocx
2013-07-14 16:36:37   604672   ----a-w-   C:\Windows\SysWow64\ExTVwU.ocx
2013-07-14 16:36:37   198456   ----a-w-   C:\Windows\SysWow64\MCI32.OCX
2013-07-14 16:36:37   140488   ----a-w-   C:\Windows\SysWow64\comdlg32.ocx
2013-07-14 16:36:37   1031168   ----a-w-   C:\Windows\SysWow64\ExLVwU.ocx
2013-07-14 16:36:36   662288   ----a-w-   C:\Windows\SysWow64\MSCOMCT2.OCX
2013-07-14 16:36:36   554008   ----a-w-   C:\Windows\SysWow64\dao360.dll
2013-07-14 16:36:36   212240   ----a-w-   C:\Windows\SysWow64\richtx32.ocx
2013-07-14 16:36:36   1351392   ----a-w-   C:\Windows\SysWow64\comctl32.ocx
2013-07-12 18:42:18   6129024   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 18:42:18   6129024   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-10 04:15:41   1887744   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-10 04:15:41   1620480   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 03:54:47   9216   ----a-w-   C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 03:54:47   571904   ----a-w-   C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 03:54:47   54784   ----a-w-   C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 03:54:47   4608   ----a-w-   C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 03:54:47   392704   ----a-w-   C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 03:54:47   314880   ----a-w-   C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 03:54:47   1011712   ----a-w-   C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 03:54:43   624128   ----a-w-   C:\Windows\System32\qedit.dll
2013-07-10 03:54:43   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2013-07-10 03:53:34   3153920   ----a-w-   C:\Windows\System32\win32k.sys
2013-07-10 03:53:31   936448   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 03:53:31   1732608   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 03:53:31   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 03:53:31   1393152   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 03:53:31   1367040   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 03:51:47   1643520   ----a-w-   C:\Windows\System32\DWrite.dll
2013-07-10 03:51:47   1247744   ----a-w-   C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-07-23 16:10:50   867240   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
2013-07-23 16:10:50   789416   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-07-22 19:38:11   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 19:38:11   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00   1464320   ----a-w-   C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40   52224   ----a-w-   C:\Windows\System32\certenc.dll
2013-05-13 04:45:55   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55   1160192   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55   1192448   ----a-w-   C:\Windows\System32\certutil.exe
2013-05-13 03:08:10   903168   ----a-w-   C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06   43008   ----a-w-   C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27   30720   ----a-w-   C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54   24576   ----a-w-   C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01   1910632   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56   278800   ------w-   C:\Windows\System32\MpSigStub.exe
2013-02-03 21:47:20   3695104   ----a-w-   C:\Program Files\MyMorph.msi
.
============= FINISH: 20:16:56.64 ===============

Victor222 · July 26, 2013

attach.txt

.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2012 1:07:01 AM
System Uptime: 7/25/2013 11:13:54 AM (9 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M5A78L-M LX PLUS
Processor: AMD FX-4100 Quad-Core Processor | AM3R2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 835.223 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2794 GiB total, 1338.602 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 718.451 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP157: 7/14/2013 2:25:05 PM - Windows Modules Installer
RP158: 7/19/2013 6:59:11 PM - Windows Update
RP159: 7/20/2013 3:00:22 AM - Windows Update
RP160: 7/23/2013 11:44:05 AM - Windows Update
RP161: 7/23/2013 12:02:14 PM - Removed Java 6 Update 35
RP162: 7/23/2013 12:04:19 PM - Removed Java 7 Update 25
RP163: 7/23/2013 12:10:23 PM - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
µTorrent
4500_Help
4Videosoft MKV Video Converter
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) MUI
Akamai NetSession Interface
AnVir Task Manager Free
Asus 802.11n Network Adapter
ATI Catalyst Install Manager
AVG 2013
AVIcodec (remove only)
Belarc Advisor 8.2
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
ConvertHelper 2.2
Coupon Printer for Windows
CouponDropDown Plugin
CPUID CPU-Z 1.61.3
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Duplicate Cleaner Free 3.0.1
ESET Online Scanner v3
Fax
ffdshow v1.2.4422 [2012-04-09]
File Renamer - Basic
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Home Apis
J4500
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mkv2vob
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyMorph
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
Officejet J4500 Series
Panda Cloud Cleaner
Prevx
ProductContext
PS3 Media Server
PS3 Video Converter Box
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Reg Organizer version 6.11
Sandboxie 4.04 (64-bit)
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 6.6
SlimCleaner
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 5.0
Status
SUPERAntiSpyware
Toolbox
TrayApp
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
TweakUAC
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.7
WD SmartWare
WebReg
Windows Media Player Firefox Plugin
WinPatrol
WinRAR 4.20 (64-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
7/25/2013 5:12:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/25/2013 11:17:19 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/25/2013 11:17:19 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
7/25/2013 11:15:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/25/2013 11:12:20 AM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
7/25/2013 11:12:10 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/22/2013 3:06:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/22/2013 3:06:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/22/2013 3:01:33 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
7/22/2013 2:15:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG Firewall service to connect.
7/22/2013 2:15:13 PM, Error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Maniac · July 26, 2013

Step 1

Please uninstall the following applications:

µTorrent

Coupon Printer for Windows

CouponDropDown Plugin

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Junkware Removal Tool log
AdwCleaner log
Malwarebytes' Anti-Malware log
RogueKiller log

Victor222 · July 26, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Windows 7 Ultimate x64
Ran by Computer on Fri 07/26/2013 at 16:34:13.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\ersr23e0.default-1366588962362\user.js
Successfully deleted: [File] C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\ersr23e0.default-1366588962362\extensions\browserprotect@browserprotect.com.xpi
Successfully deleted: [Folder] C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\ersr23e0.default-1366588962362\jetpack
Emptied folder: C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\ersr23e0.default-1366588962362\minidumps [52 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/26/2013 at 16:39:04.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Victor222 · July 26, 2013

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 16:44:49
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Computer - VICTOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Computer\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\gu4vk7c7.default\searchplugins\search.xml
Folder Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\phogapapkjenakenccmiinkeonkiidle

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\CouponDropDown Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\adfcv2w1.default\prefs.js

C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\adfcv2w1.default\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ersr23e0.default-1366588962362\prefs.js

[OK] File is clean.

File : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\gu4vk7c7.default\prefs.js

C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\gu4vk7c7.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2889 octets] - [26/07/2013 16:44:49]

########## EOF - C:\AdwCleaner[s1].txt - [2949 octets] ##########

Victor222 · July 26, 2013

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Computer :: VICTOR-PC [administrator]

Protection: Enabled

7/26/2013 4:50:01 PM
mbam-log-2013-07-26 (16-50-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264271
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Victor222 · July 26, 2013

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Computer [Admin rights]
Mode : Scan -- Date : 07/26/2013 17:01:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 4882a442e0b31dd410d51101b517874a
[bSP] defdc1c133accd7bff5bcff6853bccb2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 6aff2b8f3ee9b4d7d8f72718b0599a79
[bSP] 3e4b2d5497fe55cd743d7f758a6de612 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07262013_170101.txt >>

Maniac · July 27, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

AdvancedSetup · July 30, 2013

Are you still with us?

AdvancedSetup · August 1, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Problem with PC Windows 7 Help Appreciated

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information