COMPUTER RUNNING SLOW ALL THE TIME

yosoy4ever · August 18, 2013

Hello - my PC is running very slow the last two weeks. I use Norton Internet Security and Norton Utilities on a regular basis, and nothing seems out of the ordinary when I clean my disks, etc. The last time I used this forum I was given help and believe my malware problems were solved...but they seem to be back again. I uninstalled the malewarebytes.org maleware removal program as I kept getting a pop-up from Norton at that time, telling me that malewarebytes program is INCOMPATIBLE with Norton, so I uninstalled it. Has that "warning" from Norton changed in the last few months, and what do YOU SUGGEST I do now to find out if my PC is again being effected by malware of some kind and what program do YOU suggest I now download to help you analyze my PC's lethargic operation ? Thank you for your help.

Maniac · August 18, 2013

Hello yosoy4ever! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

yosoy4ever · August 19, 2013

I ran malewarebytes and found the following:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

8/19/2013 4:11:07 PM
MBAM-log-2013-08-19 (17-20-15).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\PermissionResearch (Spyware.PermissionResearch) -> No action taken.

Files Detected: 4
C:\Program Files (x86)\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> No action taken.
C:\Program Files (x86)\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> No action taken.
C:\Program Files (x86)\PermissionResearch\prmrsr.exe (Spyware.PermissionResearch) -> No action taken.
C:\Program Files (x86)\PermissionResearch\proci.bin (Spyware.PermissionResearch) -> No action taken.

(end)

I then ran DDS and found the following TWO logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
Run by NewDesktop_3_2010 at 17:34:30 on 2013-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1474 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Norton Utilities 14\nu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files (x86)\MyPoints Point Finder\Helper.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f3954c17-b785-b6e4-e583-60efe47cb84a} - C:\Program Files (x86)\MyPoints Toolbar\Helper.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: InboxDollars BHO: {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MyPoints Toolbar BHO: {948548C2-1801-7A14-F509-7FE523202B1D} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll
TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
TB: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: $talisma_url$
Trusted Zone: turbotax.com

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CC9D20E2-0AA7-493D-93FC-2A91893487D6} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-20 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130813.001\IDSviA64.sys [2013-8-13 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-2-8 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-8 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-7-9 342528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2010-3-10 411136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-8 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-8-10 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-26 1255736]
.
=============== Created Last 30 ================
.
2013-08-19 20:05:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-19 20:05:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-17 20:36:11 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B91F7E1-3346-48B3-80AB-284A25429D20}\offreg.dll
2013-08-16 16:18:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B91F7E1-3346-48B3-80AB-284A25429D20}\mpengine.dll
2013-08-14 17:37:07 -------- d-----w- C:\Program Files (x86)\PermissionResearch
2013-08-14 13:37:13 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 13:37:13 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 13:37:13 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 13:37:13 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 13:37:12 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 13:37:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 13:37:12 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 13:37:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-09 15:09:04 -------- d-----w- C:\Windows\System32\MR APP
2013-08-08 16:56:27 -------- d-----w- C:\Windows\System32\MRT
2013-07-30 17:39:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-07-30 17:39:47 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-30 17:39:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 12:26:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 12:26:48 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-17 21:41:20 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-28 21:14:49 1076 ----a-w- C:\Windows\System32\cc_20130528_171439.reg
2013-05-24 15:45:42 518 ----a-w- C:\Windows\System32\cc_20130524_114537.reg
2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
.
============= FINISH: 17:35:31.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2010 10:05:21 PM
System Uptime: 8/18/2013 12:03:22 PM (29 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Intel® Celeron® CPU          450 @ 2.20GHz | CPU 1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 588 GiB total, 532.404 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 596 GiB total, 38.466 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP861: 8/12/2013 12:42:59 AM - Made by Norton Utilities
RP862: 8/12/2013 7:01:11 PM - Windows Backup
RP863: 8/13/2013 11:54:01 AM - Made by Norton Utilities
RP864: 8/14/2013 9:28:37 AM - Windows Update
RP865: 8/14/2013 1:35:41 PM - Installed PermissionResearch
RP866: 8/15/2013 3:00:45 AM - Windows Update
RP867: 8/15/2013 1:25:18 PM - Made by Norton Utilities
RP868: 8/17/2013 4:34:35 PM - Removed e-Rewards Notify
RP869: 8/17/2013 4:37:50 PM - Removed Java 7 Update 21 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Amazon MP3 Downloader 1.0.17
American Airlines Timetable
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AT&T Troubleshoot & Resolve Tool
Avanquest update
CameraHelperMsi
CardRd81
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
CR2
D3DX10
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
DHTML Editing Component
Digital Line Detect
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
EPSON Scan
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
File Type Assistant
Free File Viewer 2011
Garmin USB Drivers
Garmin WebUpdater
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Graboid Video 3.58
Graboid Video 3.58 Setup
IBM ViaVoice Integration With 1-2-3
IBM ViaVoice Outloud Runtime - US English
IBM ViaVoice Technology, Dictation Runtime 5.3
InboxDollars
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
ItsDeductible Express
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Kodak EasyShare software
Lexmark 3400 Series
Lexmark Toolbar
Logitech Vid HD
Logitech Webcam Software
Lotus 1-2-3
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.96.112.08260
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Modem Diagnostic Tool
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPoints Point Finder
MyPoints Toolbar
netbrdg
Norton Identity Safe
Norton Internet Security
Norton Utilities
novaPDF Professional Desktop 7.5 printer
OfotoXMI
ParetoLogic Data Recovery
PDFZilla V1.2.9
Power E*TRADE Pro
PowerDVD DX
Quicken 2010
QuickTime
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 6.3
staticcr
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 1.0.1
VPRINTOL
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/14/2013 9:55:27 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
8/14/2013 9:55:27 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================

Please tell me what you want me to do next to fix this problem that is causing my PC to be very lethargic and slow. Thank you. yosoy4ever monday august 19, 2013 at 5:54 pm edst

Maniac · August 19, 2013

Hello yosoy4ever! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

Coupon Printer for Windows

InboxDollars

InstallIQ Updater

MyPoints Point Finder

MyPoints Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Junkware Removal Tool log
AdwCleaner log
Malwarebytes' Anti-Malware log
RogueKiller log

yosoy4ever · August 20, 2013

Hi - I uninstalled the FIVE applications you told me to.

Here are the FOUR LOGS you told me to send you:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by NewDesktop_3_2010 on Tue 08/20/2013 at 15:47:37.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35873018-17FA-4A35-AEA0-74D4B70FFEF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C80176C-7E98-42A4-A3BD-1A20AEFC4E72}

~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{16E6A2AA-2F4F-4833-8481-3ACE8DB18A7F}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{233F8C70-8A6F-4120-B878-CA598F6BFFD2}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{33CD73F0-C734-47F1-99E8-7B4AA084CDCD}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{3469F800-7646-4A09-9237-6EF7A51147EC}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{696F828E-B79F-45BA-8405-CCDBD1C58A09}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{9C14CAE3-97F9-4D2B-926A-9DDA2C9F474B}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{9E4887CD-27BC-4988-90EC-61491A0A35A1}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{A2BC8D50-EF31-4708-A1B1-A6F5D50BE538}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{ABAFDB53-2168-46AC-A7C4-86761C316799}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{B243935A-C13C-4124-9FFB-515297BF9C76}
Successfully deleted: [Empty Folder] C:\Users\NewDesktop_3_2010\appdata\local\{BB7EFCB5-0C65-4A66-8641-B1AC08EA922B}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 16:01:39.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.000 - Report created 20/08/2013 at 16:18:19
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NewDesktop_3_2010 - NEWDESKTOP_3_10
# Running from : C:\Users\NewDesktop_3_2010\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ File : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1084 octets] - [20/08/2013 16:14:32]
AdwCleaner[s0].txt - [1024 octets] - [20/08/2013 16:18:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1084 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

8/20/2013 4:26:47 PM
mbam-log-2013-08-20 (16-26-47).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NewDesktop_3_2010 [Admin rights]
Mode : Scan -- Date : 08/20/2013 17:03:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\NEWDES~1\AppData\Local\Temp\IHUD48.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] ef06590f8dbef73356b8fe325407a46f
[bSP] 03f896d43fd327991aba875e0b041025 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 8818 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18171904 | Size: 601606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 3f9702d70b60c97087314a200ff2a8fd
[bSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08202013_170345.txt >>

Please let me know what you want me to do next. Thanks and regards, yosoy4ever Tuesday August 20, 2013 at 5:14 pm edst

yosoy4ever · August 20, 2013

One additional thing I would like to ask: Was I suppose to DELETE or do SOMETHING ELSE with the 7 line items that Rogue Killer found ? Please let me know what I need to do with these 7 items. thanks, yosoy4ever tuesday august 20, 2013 at 5:46 pm edst

Maniac · August 20, 2013

No, do not fix anything with RogueKiller.

How are things now?

yosoy4ever · August 20, 2013

Hi - my PC still seems LETHARGIC and not working as FAST and smooth as three weeks ago. Was there alot of malware in my system, and has it all been removed now ? How did my logs look to you, has all the bad stuff been removed now ? What is the next step, or is this as far as you can take me and now all there is to do is REMOVE all your tools ? Please let me know. thanks, yosoy4ever tuesday august 20, 2013 at 7:01 pm edst

Maniac · August 21, 2013

I just want to know if there is any progress at all.

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

yosoy4ever · August 22, 2013

Hi - I did what you said, but now I realize that there is a very BIG problem in trying to get this ESET ONLINE SCAN to run !! The scan now says 86% - BUT - the scan has been RUNNING for 8 hours 30 minutes and 55 seconds !! At 2:47:05 the scan had read 193,318 files..and was at 86% AT THAT TIME - then, at 5:27:47, and still at 86% it had read 194,118 files; and then, at 7:26:54 and still at 86% it had read 194,905 files......and now at 8:30:55 and still at 86% it has read 195,444 files.....and at ALL OF THESE VARIOUS POINTS in the scan, it has DETECTED 4 infrected files - and it says: CURRENT SCAN RESULT: threats found !! and then four lines of description, all saying: multiple threats, multiple threats, multiple threats and multiple threats !! THE PROBLEM THAT IS SEE IS THIS: the "target" is NOW my E:\ "files" - which is my fixed hard disk BACKUP drive !! So now it will probably take MANY MORE hours or even DAYS to get this scan DONE !! I don't want to hit STOP....AS IT WILL START THE SCAN ALL OVER AGAIN....WON'T IT ? Please tell me what to do NOW - as I want to be able to get the SCAN COMPLETED so that I can get to the LIST THREATS, export, save, go back and FINISH...but I don't think I can do THAT since I am in this NEVER ENDING scan !! What do you suggest ? Should I hit STOP and then "disconnect" my back up E:\ drive and do the scan again ? Thank you for your help and continued guidance Maniac !! yosoy4ever wednesday august 21, 2013 at 9:36 pm edst

yosoy4ever · August 22, 2013

Hi - one thing I DO NOT KNOW is if the 4 infected files were FOUND BY THE SCAN on my c:\ drive or my E:\ drive...so I am even more confused as to what I need to do from this point and need YOUR ASSISTANCE AND ADVISE. thanks, yosoy4ever wednesday august 21, 2013 at 9:37 pm edst

yosoy4ever · August 22, 2013

Hi Maniac: THE SCAN IS COMPLETE !! It took 9 hours 32 minutes and 36 seconds !! I did what you asked and clicked LIst Threats and pasted it to my desktop with Export, then back and then finish. HERE IS THE LOG:

E:\NEWDESKTOP_3_10\Backup Set 2010-05-05 065336\Backup Files 2010-05-23 190000\Backup files 1.zip multiple threats
E:\NEWDESKTOP_3_10\Backup Set 2010-05-24 131919\Backup Files 2010-05-24 131919\Backup files 9.zip multiple threats
E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip multiple threats
E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip multiple threats

So it appears that the bad files ARE ON MY E:\ backup hard disk. So please, let me know what you want me to do next. Thanks, yosoy4ever august 21, 2013 wednesday at 10:45 pm edst

Maniac · August 22, 2013

You need to clean those files, because they could be such a serious infections.

yosoy4ever · August 22, 2013

OK - I understand that they may contain the BAD FILES, and of course I realize that all those bad files need to be deleted......BUT...... how do I "clean them" ? Is there some PROGRAM that YOU PERSONALLY can suggest I can use where I can specifically select my E:\ drive rather than the program just defaulting to my C:\ dirve or ALL my drives ? i need your professional guidance and assistance to tell me exactly what I need to do next. I appreciate your help and candor, but I need your specific instructions here and NOW to clean this E:\ drive, since the ESETOnline Scan did NOT find any problems on my C:\ drive - so we can pursue our actions to my back up drive. thanks for you continued assistance. yosoy4ever thursday august 22, 2013 at 9:26 m edst

Maniac · August 22, 2013

Extract those archives and scan them with ESET Online scanner.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

yosoy4ever · August 22, 2013

Hi Maniac - ok, BUT HOW DO I DO THAT EXRACTION on my E:\ drive ? Those are the SPECIFIC instructions I need from you. I am not really highly trained in ANY of this PC stuff, but I do know how to follow YOUR directions. I ran the ComboFix as you requested, and here is the LOG below. I DO NOT SEE ANYWHERE that anything on the E:\ drive was scanned - is that true ? Please let me know what to do next, and specifically HOW TO I GET RID of that BAD stuff on my E:\ back up drive. Is there a way to do the ESET Online scanner ONLY on my E:\ drive again ? I await your next instruction. thanks, yosoy4ever thursday august 22, 2013 at 11:59 am edst

ComboFix 13-08-21.01 - NewDesktop_3_2010 08/22/2013 11:03:29.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2766 [GMT -4:00]
Running from: c:\users\NewDesktop_3_2010\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-22 to 2013-08-22 )))))))))))))))))))))))))))))))
.
.
2013-08-22 15:14 . 2013-08-22 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-22 15:14 . 2013-08-22 15:14 -------- d-----w- c:\users\Lexmark\AppData\Local\temp
2013-08-22 15:14 . 2013-08-22 15:14 -------- d-----w- c:\users\DELL\AppData\Local\temp
2013-08-22 15:14 . 2013-08-22 15:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-22 15:14 . 2013-08-22 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 12:57 . 2013-08-21 12:57 -------- d-----w- c:\program files (x86)\ESET
2013-08-21 06:12 . 2013-08-22 15:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAB5F8B2-3642-4C22-8C33-EC07D0E62910}\offreg.dll
2013-08-20 20:14 . 2013-08-20 20:18 -------- d-----w- C:\AdwCleaner
2013-08-20 19:47 . 2013-08-20 19:47 -------- d-----w- c:\windows\ERUNT
2013-08-20 13:19 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAB5F8B2-3642-4C22-8C33-EC07D0E62910}\mpengine.dll
2013-08-19 20:05 . 2013-08-19 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-19 20:05 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-14 13:37 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 13:37 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 13:37 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 13:37 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 13:37 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 13:37 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 13:37 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 13:37 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-09 15:09 . 2013-08-09 15:09 -------- d-----w- c:\windows\system32\MR APP
2013-08-08 16:56 . 2013-08-15 07:08 -------- d-----w- c:\windows\system32\MRT
2013-07-30 17:39 . 2013-07-30 17:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:05 . 2010-04-15 11:11 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-30 17:39 . 2012-08-31 12:34 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-30 17:39 . 2010-07-27 12:42 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-10 12:26 . 2013-05-02 18:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 12:26 . 2013-05-02 18:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 13:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-17 21:41 . 2012-11-20 14:39 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-05 03:34 . 2013-07-10 11:50 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 11:50 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 11:50 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-28 21:14 . 2013-05-28 21:14 1076 ----a-w- c:\windows\system32\cc_20130528_171439.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Lexmark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ShopAtHomeWatcher"=c:\users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130821.003\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130821.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 12:26]
.
2013-08-10 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-05-08 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-02 19:24]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 15:35]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 15:35]
.
2013-08-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-05-07 2794496]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: aa.com\jetnet
Trusted Zone: adobe.com\www
Trusted Zone: etrade.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: java.com\www
Trusted Zone: microsoft.com\answers
Trusted Zone: mypoints.com\www
Trusted Zone: optionshouse.com\www
Trusted Zone: restaurant.com\www
Trusted Zone: restaurant.com\www2
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254

.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\10.0\Word\Text Converters\Import\¬ ¶* s**]
"Name"="C\1e\19\1d"
"Path"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\TextConv\\MSWRD632.CNV"
"Extensions"="C\1e\19\1d"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2013-08-22 11:50:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-22 15:50
.
Pre-Run: 571,349,581,824 bytes free
Post-Run: 570,815,176,704 bytes free
.
- - End Of File - - 31FC359EAF001F0B7C809C8D1C97730A
A36C5E4F47E84449FF07ED3517B43A31

Maniac · August 22, 2013

Check your log file from ESET Online Scanner again:

E:\NEWDESKTOP_3_10\Backup Set 2010-05-05 065336\Backup Files 2010-05-23 190000\Backup files 1.zip multiple threats

E:\NEWDESKTOP_3_10\Backup Set 2010-05-24 131919\Backup Files 2010-05-24 131919\Backup files 9.zip multiple threats

E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip multiple threats

E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip multiple threats

Okay, step by step we will clean them.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

yosoy4ever · August 22, 2013

Hi - I am presently running KASPERSKY as you instructed and it has been running 6 hours and 12 minutes, and on the screen it says: completed 32% and finish in 12 hours !! It also says it has found: 3 threats detected and a RED VIRUS REMOVAL TOOL ALARM popped up and it says: HEUR: TROJAN-DOWNLOADER.SCRIPT.GENERIC. On the ALARM there are THREE choices: Quarantine (recommended), Delete and Skip. There is also a box in the bottom left corner that says: APPLY TO ALL OBJECTS. So what do I do, just let it run for 12 more hours and just keep following your directions ? Do I click on any of the THREE "alarm" choices and do I put a "check mark" in the apply to all objects box ? Please let me know what you want me to do from this point on . thanks for your assistance. yosoy4ever thursday august 22, 2013 at 7:12 pm edst

yosoy4ever · August 23, 2013

Hi - something seems WRONG with this KASPERSKY scan. I just looked at my PC and saw that the Kaspersky scan has been running for 8 hours and 51 minutes, and it is NOW SAYING that it will FINISH IN 17 HOURS !! It has read 421,017 objects and it STILL says that 3 threats were detected, and they are all that HEUR.Trojan programs. I don't know why it is always taking so long to complete any of these scans you are having me perform. Is it because of my E:\ back up drive or the fact that I have so many files on my PC ? Please let me know what to do, I will let it run over night and will see what Kaspersky says in the morning. Thank you for your help. yosoy4ever thursday august 22, 2013 at 9:50 pm edst

Maniac · August 23, 2013

Scan time depends on several factors. Some of them are: the type of your files, their size and so on.

Choose on all of them Delete action.

yosoy4ever · August 24, 2013

Hi - the Kaspersky scan FINALLY completed. I had a power failure since I last wrote you and my PC "restarted" on its own and the PREVIOUS scan was lost and I am not able to forward you the RESULTS of that 12 hour scan on its own, but it was at the point of having detected 12 detected threats, all on the E:\ back up drive, and all were DELETED as I had checked off that BOX that you told me to and had told the program to DELETE all simiiar findings. That scan included all nine line items UNDER scan scope, UP TO AND INCLUDING E:\. Obviously I was unable to "save" the list of those 12 to send to you, but I did write down that all 12 were entitled: EXPLOIT.JAVA.AGENT.h - and as I said they were ALL on my E:\ drive. So when I did the NEW SCAN, I ONLY SCANNED E:\ - and here is the LOG for that one. It ran 17 hours, 12 minutes, 16 seconds and found 26 THREATS DETECTED and included 2,537,182 objects completed and ALL WERE DELETED as you had instructed.

Status: Disinfected (events: 26)
8/23/2013 12:28:17 PM Disinfected Trojan program Trojan.Java.Agent.ac E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip High
8/23/2013 12:28:17 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9 High
8/23/2013 12:25:23 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/Emailer.class High
8/23/2013 12:28:43 PM Disinfected Trojan program Trojan.Java.Agent.ac E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip High
8/23/2013 12:28:43 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9 High
8/23/2013 12:25:47 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/Emailer.class High
8/23/2013 12:25:23 PM Disinfected Trojan program Exploit.Java.Agent.f E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/Familie.class High
8/23/2013 12:25:23 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/PhonBook.class High
8/23/2013 12:25:47 PM Disinfected Trojan program Exploit.Java.Agent.f E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/Familie.class High
8/23/2013 12:25:47 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4f427469-2a1531c9/gogol/PhonBook.class High
8/23/2013 12:28:43 PM Disinfected Trojan program Trojan.Java.Agent.ab E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932 High
8/23/2013 12:26:57 PM Disinfected Trojan program Trojan.Java.Agent.ab E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/Is.class High
8/23/2013 12:28:17 PM Disinfected Trojan program Trojan.Java.Agent.ab E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932 High
8/23/2013 12:26:47 PM Disinfected Trojan program Trojan.Java.Agent.ab E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/Is.class High
8/23/2013 12:26:47 PM Disinfected Trojan program Trojan.Java.Agent.aa E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/MyName.class High
8/23/2013 12:26:57 PM Disinfected Trojan program Trojan.Java.Agent.aa E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/MyName.class High
8/23/2013 12:26:47 PM Disinfected Trojan program Trojan.Java.Agent.ac E:\NEWDESKTOP_3_10\Backup Set 2010-06-13 000002\Backup Files 2010-06-13 000002\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/Phone.class High
8/23/2013 12:26:57 PM Disinfected Trojan program Trojan.Java.Agent.ac E:\NEWDESKTOP_3_10\Backup Set 2010-07-05 180017\Backup Files 2010-07-05 180017\Backup files 9.zip/C\Users\NewDesktop_3_2010\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3534cc33-6aba0932/Phone.class High
8/24/2013 2:13:53 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2012-11-08 154604\Backup Files 2012-11-08 154604\Backup files 4.zip/C\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\script\NIS12_download.vbs High
8/24/2013 2:11:01 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-04-01 190023\Backup Files 2013-04-01 190023\Backup files 16.zip/C\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\script\NIS12_download.vbs High
8/24/2013 2:11:01 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-04-01 190023\Backup Files 2013-04-01 190023\Backup files 16.zip High
8/24/2013 2:13:53 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2012-11-08 154604\Backup Files 2012-11-08 154604\Backup files 4.zip High
8/24/2013 2:36:18 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-04-08 190015\Backup Files 2013-04-08 190015\Backup files 17.zip/C\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\script\NIS12_download.vbs High
8/24/2013 2:36:18 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-04-08 190015\Backup Files 2013-04-08 190015\Backup files 17.zip High
8/24/2013 3:04:36 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-06-17 143019\Backup Files 2013-06-17 143019\Backup files 17.zip/C\Users\NewDesktop_3_2010\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\script\NIS12_download.vbs High
8/24/2013 3:04:36 AM Disinfected Trojan program HEUR:Trojan-Downloader.Script.Generic E:\NEWDESKTOP_3_10\Backup Set 2013-06-17 143019\Backup Files 2013-06-17 143019\Backup files 17.zip High

I rebooted my PC after this SCAN COMPLETED and it seems a little bit better. Please let me know what YOU want me to do next. thanks, yosoy4ever saturday august24, 2013 at 8:25 am edst

Maniac · August 24, 2013

How are things now? Do you need anymore help?

yosoy4ever · August 24, 2013

hI - I don't think so, BUT how do I remove all these LOGS and TOOLS and OTHER PROGRAMS that now sit on my desktop ? Should I KEEP ANY OF THEM, or only the malwarebytes program ? Please let me know, and thanks for all your help. If I have ANY OTHER PROBLEMS I will contact you. yosoy4ever saturday august 24, 2013 at 10:55 am edst

Maniac · August 24, 2013

That's our last work here to clean all of the tools. You should keep only Malwarebytes' Anti-Malware.

Step 1

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Double click on AdwCleaner.exe to run the tool.
Click on Uninstall
Confirm with Yes

Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Some good suggestions for PC perfomance:

http://forums.malwarebytes.org/index.php?showtopic=81990

Safe surfing!

yosoy4ever · August 24, 2013

Hi- Norton WILL NOT LET ME download OTC at all to my desktop. A pop up says it is UNSAFE and Norton will not allow it to be downloaded to my desktop. or even to run it. What do I do NOW ? I deleted all the LOGS on my desktop, and uninstalled Kaspersky, AdwCleaner and ESET - but still on my desktop APPEAR: dds, JRT, RogueKiller and ComboFix. How do I get OTC to load ? Please let me know asap. thanks, yosoy4ever saturday august 24, 2013 at 12:29 pm edst

COMPUTER RUNNING SLOW ALL THE TIME

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information