Jump to content

I'm infected with something


Recommended Posts

Hello!

 

I have already run Malwarebytes software, however I still keep getting this "sponsorship" pop up to install some app.

 

I wasn't sure if I was supposed to copy and paste my dds.txt and attach.txt or attach the files, so I did both.

 

 

Below are my dds.txt and attach.txt.

 

Thanks again for the help!

 

Eddie

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by eban at 10:17:56 on 2013-08-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3043 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\atashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\eban.owner-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files\Genie9\Zoolz2\Zoolz.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\eban.owner-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pidgin.lnk - C:\Program Files (x86)\Pidgin\pidgin.exe
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THERMO~1.LNK - C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
StartupFolder: C:\Users\EBAN~1.OWN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THERMO~2.LNK - C:\Program Files (x86)\Thermostat for Windows\Thermostat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPMONI~1.LNK - C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPWJDE~1.LNK - C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPWMSD~1.LNK - C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: OWNER-PC
Trusted Zone: OWNER-PC
TCP: NameServer = 10.128.128.128
TCP: Interfaces\{C84748FF-2CEB-4C81-BB11-9D7476C05A12} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843} : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\14655475946494 : DHCPNameServer = 172.16.1.10 8.8.8.8 8.8.4.4
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\14655475946494F50343 : DHCPNameServer = 10.1.112.6 10.1.112.4
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\3547162776164756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\35B697E4564702D49666960265A5 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\C4D46483B4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D87A3868-A4AE-4074-858A-3AF88C2E8843}\D41647279687 : DHCPNameServer = 192.168.1.2
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zoolz Tray] "C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe" "C:\Program Files\Genie9\Zoolz2\Zoolz.exe" "-Delay"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-7-9 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-7-9 189936]
R0 WRkrn;WRkrn;C:\windows\System32\drivers\WRkrn.sys [2011-11-26 113232]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-7-9 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-7-9 378944]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-11-20 13824]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-7-9 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-7-9 80816]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-7-10 137232]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-9 46808]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-13 498688]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2012-6-15 126520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-1 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 MSSQL$SQLLANSWEEPER2K8;SQL Server (SQLLANSWEEPER2K8);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe [2010-9-17 42773336]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-26 65657]
R2 UltiDev Web Server Pro;UltiDev Web Server Pro;C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [2012-5-9 64512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-20 2655768]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2013-4-29 248704]
R2 UWS HiPriv Services;UWS HiPriv Services;C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [2012-5-9 48128]
R2 UWS LoPriv Services;UWS LoPriv Services;C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [2012-5-9 44032]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-13 986112]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-1-21 619904]
R2 Zoolz 2 Service;Zoolz Service;C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [2013-6-4 453136]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 busenum;Synology Virtual USB Hub;C:\windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-11-21 186152]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-21 317440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-1 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-20 425064]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
S2 WRSVC;WRSVC;"C:\Program Files\Webroot\WRSA.exe" -service --> C:\Program Files\Webroot\WRSA.exe [?]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\fxxandroidusb.sys [2010-3-30 31744]
S3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2013-1-21 13728]
S3 mvusbews;USB EWS Device;C:\windows\System32\drivers\mvusbews.sys [2012-9-25 20480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-11-21 166704]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2013-1-21 81312]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2013-1-21 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-19 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-9-19 47128]
S4 SQLAgent$SQLLANSWEEPER2K8;SQL Server Agent (SQLLANSWEEPER2K8);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-09 13:57:17 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E03FAD18-B152-4FAC-8573-B7AD8801DA9A}\mpengine.dll
2013-08-06 07:01:08 -------- d-----w- C:\windows\System32\MRT
2013-08-01 15:50:38 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-01 09:39:16 -------- d-----w- C:\Users\eban.owner-PC\AppData\Roaming\Malwarebytes
2013-08-01 09:38:58 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-01 09:38:50 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-08-01 09:38:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 09:38:31 -------- d-----w- C:\Users\eban.owner-PC\AppData\Local\Programs
2013-07-31 18:18:05 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2013-07-13 14:20:07 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-13 14:20:06 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-13 14:20:05 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-13 14:20:05 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-13 14:20:05 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-13 14:20:05 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-13 14:20:04 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-13 14:19:44 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-13 14:19:42 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-13 14:19:38 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-13 14:19:37 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-13 14:18:49 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-13 14:18:45 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-13 14:18:45 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-13 14:18:45 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 14:18:44 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 14:18:44 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-13 14:16:16 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-13 14:16:15 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-08-08 18:11:47 137232 ----a-w- C:\windows\SysWow64\atashost.exe
2013-08-08 18:11:46 227344 ----a-w- C:\windows\SysWow64\atsckernel.exe
2013-08-01 15:50:22 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-08-01 15:50:22 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-21 02:35:38 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 02:35:38 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:29:36 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-07-09 04:29:36 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-04 23:07:44 95152 ----a-w- C:\windows\System32\drivers\ctxusbm.sys
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
.
============= FINISH: 10:18:43.43 ===============
 
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2011 3:03:43 AM
System Uptime: 8/9/2013 9:39:53 AM (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | QX311/QX411/QX412/QX511
Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 365 GiB total, 160.284 GiB free.
D: is FIXED (NTFS) - 547 GiB total, 546.614 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP216: 7/27/2013 10:03:32 AM - Windows Update
RP217: 7/31/2013 9:46:02 AM - Windows Update
RP218: 8/1/2013 11:45:15 AM - Installed Java 7 Update 25
RP219: 8/6/2013 3:00:18 AM - Windows Update
RP220: 8/9/2013 9:55:21 AM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe CS6 Design and Web Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Reader XI (11.0.03)
Adobe Widget Browser
Adobe® Content Viewer
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Atheros Client Installation Program
avast! Free Antivirus
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bamboo
BatteryLifeExtender
Best Buy pc app
Canon IJ Network Tool
Canon MX870 series MP Drivers
ChargeableUSB
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
eReg
ETDWare PS/2-X64 10.0.7.2_WHQL
Evernote v. 4.6.6
Fast Start
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HP LaserJet Professional P1100-P1560-P1600 Series
HP Mouse Suite
hppLaserJetService
hppP1100P1560P1600SeriesLaserJetService
hppusgP1100P1560P1600Series
HPSSupply
inSSIDer 3
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
KONICA MINOLTA C652Series
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.0.0
Movie Color Enhancer
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Multimedia POP
Online Plug-in
PDF Settings CS6
Phone F USB Driver
Pidgin
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.95
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for SQL Server 2008 (KB2285068)
Sql Server Customer Experience Improvement Program
Synology Assistant (remove only)
Thermostat for Windows 1.16.0
Topaz e-Signatures SigPlus 4.4.0.6
Topaz MSOffice Plug-In 3.0.2
Topaz MSOffice Plug-In 3.0.4
TRENDnet Powerline Utility
UltiDev Web Server Pro
Update for Image Editor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
User Guide
Walletx - Sinew Software Systems
Webroot SecureAnywhere
WebTablet FB Plugin 64 bit
Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385)
Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385)
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinPcap 4.1.2
WinRAR 4.20 (32-bit)
Wireshark 1.8.6 (64-bit)
Zoolz2
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 9:49:23 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
8/9/2013 9:46:24 AM, Error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
8/9/2013 9:41:41 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
8/9/2013 9:40:08 AM, Error: Service Control Manager [7000]  - The WRSVC service failed to start due to the following error:  The system cannot find the file specified.
8/8/2013 6:50:54 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/6/2013 9:32:48 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
8/6/2013 9:32:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EvtEng service.
8/6/2013 7:29:53 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP LaserJet Service service to connect.
8/6/2013 7:29:53 PM, Error: Service Control Manager [7000]  - The HP LaserJet Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/6/2013 6:57:53 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/2/2013 5:22:11 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
8/2/2013 5:22:11 PM, Error: Service Control Manager [7000]  - The Intel® PROSet/Wireless Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/2/2013 5:22:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 87
.
==== End Of File ===========================
 

 

dds.txt

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Below are the results from roguekiller.

 

 

 

 

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : eban [Admin rights]
Mode : Scan -- Date : 08/09/2013 11:38:48
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] hpwjd.exe -- C:\ProgramData\HP Mouse Suite Config\hpwjd.exe [7] -> KILLED [TermProc]
[sUSP PATH] hpwmsd.exe -- C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2387057840-3057239107-685640680-1001\[...]\Run : Google Update ("C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 8 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2387057840-3057239107-685640680-1001UA.job : C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2387057840-3057239107-685640680-1001Core.job : C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V1][sUSP PATH] DSite.job : C:\Users\EBAN~1.OWN\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][ROGUE ST] 4924 : wscript.exe - C:\Users\EBAN~1.OWN\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][sUSP PATH] DSite : C:\Users\EBAN~1.OWN\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][sUSP PATH] EPUpdater : C:\Users\EBAN~1.OWN\AppData\Roaming\BabMaint.exe [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2387057840-3057239107-685640680-1001Core : C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2387057840-3057239107-685640680-1001UA : C:\Users\eban.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
 
¤¤¤ Startup Entries : 3 ¤¤¤
[Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[eban][sUSP PATH] Best Buy pc app.lnk : C:\Users\eban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HN-M101MBB +++++
--- User ---
[MBR] 6ea1f04c20659d42ab1a25890c1f9a2a
[bSP] eaf3c87199ad4822c87a83a36c728edd : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 373760 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 765667328 | Size: 560546 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1913665536 | Size: 19462 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08092013_113848.txt >>
Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Below are the results for ADwCleaner.

 

Thank you!

 

 

 

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 12:12:55
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : eban - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\eban.owner-PC\Desktop\adwcleaner.exe
# Option [search]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\windows\Tasks\DSite.job
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\584d7d8bc3dbf44
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\584d7d8bc3dbf44
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2387057840-3057239107-685640680-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
*************************
 
AdwCleaner[R1].txt - [5888 octets] - [09/08/2013 12:12:55]
 
########## EOF - C:\AdwCleaner[R1].txt - [5948 octets] ##########
Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

AdwCleaner and Junkware Removal Tool logs posted below.

 

Thank you!

 

 

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 12:58:41
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : eban - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\eban.owner-PC\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\windows\Tasks\DSite.job
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\eban.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\584d7d8bc3dbf44
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\584d7d8bc3dbf44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
*************************
 
AdwCleaner[R1].txt - [5967 octets] - [09/08/2013 12:12:55]
AdwCleaner[R2].txt - [6027 octets] - [09/08/2013 12:58:24]
AdwCleaner[s1].txt - [5996 octets] - [09/08/2013 12:58:41]
 
########## EOF - C:\AdwCleaner[s1].txt - [6056 octets] ##########
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.9 (08.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by eban on Fri 08/09/2013 at 13:08:37.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3FE2DA6B-7058-4DCA-8035-E294EB279C0E}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\eban.owner-PC\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\eban.owner-PC\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\eban.owner-PC\appdata\locallow\delta"
Successfully deleted: [Empty Folder] C:\Users\eban.owner-PC\appdata\local\{78BC43BF-59D8-466A-B1B8-65F4EBE37953}
Successfully deleted: [Folder] "C:\Users\eban.owner-PC\appdata\locallow\asktoolbar"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/09/2013 at 13:17:56.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.