expy45 Posted August 21, 2013 ID:718046 Share Posted August 21, 2013 The program Snap.Do has attached itself to my Google Chrome. My assumption is it attached to my computer when I recently did an update for my utorrent. I cannot figure out how to remove it given that it is not listed in my Program Lists to uninstall. I have uninstalled my utorrent and ran a quick scan and full scan with my malwarebytes. I didn't save a log but the quick scan had about 6 infections which I removed them and restarted and nothing changed. Then I ran the full scan and nothing came up. Please help. Since this attached my computer has been running slowly and I keep having issues connecting to my wireless internet. Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718052 Share Posted August 21, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718067 Share Posted August 21, 2013 RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Brett [Admin rights]Mode : Scan -- Date : 08/20/2013 22:31:17| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2843806757-2209037955-1469369747-1000\[...]\Run : Google Update ("C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2843806757-2209037955-1469369747-1000UA.job : C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2843806757-2209037955-1469369747-1000Core.job : C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2843806757-2209037955-1469369747-1000Core : C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2843806757-2209037955-1469369747-1000UA : C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++--- User ---[MBR] 494a596f95bf331259e089c669aa9937[bSP] d7b32b9320f58355c2afb7cb7d216e5d : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 700302 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08202013_223117.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718070 Share Posted August 21, 2013 DDS.txt and Attach.txt logs????? MrC Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718072 Share Posted August 21, 2013 I don't know what you're asking. I ran the Rouge Killer and that was the log that went on my desktop. Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718208 Share Posted August 21, 2013 My instructions......the first item: http://forums.malwarebytes.org/index.php?showtopic=131498&p=718052 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes) MrC Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718250 Share Posted August 21, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Brett at 8:46:46 on 2013-08-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.3772 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Intel\WiMAX\Bin\AppSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Intel\WiMAX\Bin\DMAgent.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Windows\System32\rundll32.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\splwow64.exeC:\Program Files (x86)\PowerISO\PWRISOVM.EXEC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\windows\system32\WLANExt.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exeC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>uRun: [Google Update] "C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonmRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoActionmRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXEmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: NameServer = 10.22.1.10TCP: Interfaces\{46025AEB-E3A4-4C29-ACE4-B6CEF5607045} : DHCPNameServer = 10.22.1.10TCP: Interfaces\{46025AEB-E3A4-4C29-ACE4-B6CEF5607045}\35072796E6768696C6C602355796475637 : DHCPNameServer = 12.127.16.67 12.127.17.71 8.8.8.8TCP: Interfaces\{46025AEB-E3A4-4C29-ACE4-B6CEF5607045}\358656C6C65697723702F46666963656 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{46025AEB-E3A4-4C29-ACE4-B6CEF5607045}\C416465627160274575637470275966696 : DHCPNameServer = 10.0.0.1 208.67.222.222 8.8.8.8TCP: Interfaces\{46025AEB-E3A4-4C29-ACE4-B6CEF5607045}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>x64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Trayx64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-4-24 65336]R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-4-24 189936]R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-1-25 55856]R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-4-5 1030952]R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-4-5 378944]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-25 89600]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-4-5 33400]R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-4-5 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-25 13336]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-25 2655768]R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-1-25 176096]R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-1-25 317440]R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-25 406632]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-20 136000]R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-20 406336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-3-13 187912]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-25 250984]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-25 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-08-21 12:45:36 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B97D2BA-0A3A-4C43-B2AC-F7A8DEBD90DB}\mpengine.dll2013-08-20 01:30:59 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-20 01:30:58 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-20 01:30:57 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-20 01:30:57 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-20 01:30:56 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-20 01:30:56 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-20 01:30:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-20 01:30:53 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-20 01:30:53 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-20 01:30:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-20 01:30:53 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-17 19:43:46 -------- d-----w- C:\Program Files\iPod2013-08-17 19:43:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-17 19:43:45 -------- d-----w- C:\Program Files\iTunes2013-08-17 19:43:45 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-16 00:12:24 1472512 ----a-w- C:\windows\System32\crypt32.dll2013-08-16 00:11:56 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys2013-08-16 00:11:52 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-07-30 23:56:30 -------- d-----w- C:\Users\Brett\AppData\Local\Mozilla2013-07-28 19:38:21 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2013-07-28 19:37:23 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2013-07-24 07:01:43 -------- d-----w- C:\windows\System32\MRT.==================== Find3M ====================.2013-08-21 03:07:33 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 03:07:33 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll2013-07-03 14:45:44 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-03 14:45:40 867240 ----a-w- C:\windows\SysWow64\npdeployJava1.dll2013-07-03 14:45:40 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-06-30 19:07:39 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys2013-06-30 19:07:39 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll.============= FINISH: 8:47:16.60 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 3/20/2012 11:43:18 PMSystem Uptime: 8/21/2013 3:48:27 AM (5 hours ago).Motherboard: Dell Inc. | | 034W60Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 684 GiB total, 441.797 GiB free.D: is CDROM ()E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP153: 8/2/2013 9:21:43 AM - Windows UpdateRP154: 8/6/2013 10:07:52 PM - Windows UpdateRP155: 8/13/2013 4:00:01 AM - Windows UpdateRP156: 8/16/2013 3:01:03 AM - Windows UpdateRP157: 8/19/2013 10:07:40 PM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Digital Editions 2.0Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7) MUIAdvanced Audio FX EngineApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourCanon Easy-PhotoPrint EXCanon IJ Network Scanner Selector EXCanon IJ Network ToolCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MP Navigator EX 4.1Canon MX410 series MP DriversCanon MX410 series User RegistrationCanon My PrinterCanon Solution Menu EXCanon Speed Dial UtilityD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Digital DeliveryDell Edoc ViewerDell Getting Started GuideDell TouchpadDell Webcam CentralDownloadX ActiveX Download Control 1.6.7FormatFactory 2.96Google ChromeGoogle DriveGoogle Talk PluginGoogle Update HelperIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology Monitor 2.0Intel® WiDiIntel® Wireless DisplayIntel® PROSet/Wireless WiMAX SoftwareiTunesJava 7 Update 25Java Auto UpdaterJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Access 2010Microsoft Application Error ReportingMicrosoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access 2010Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Click-to-Run 2010Microsoft Office Home and Student 2010 - EnglishMicrosoft Office Office 64-bit Components 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)My DellNero 10 Movie ThemePack BasicNero Blu-ray PlayerNero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero UpdatePlayReady PC Runtime x86PowerISOQuickset64QuickTimeRealtek Ethernet Controller DriverRealtek USB 2.0 Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSyncUPTI USB 3.0 Host Controller DriverTI USB3 Host DriverUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.00 (64-bit)WinRAR 4.20 (32-bit)Zinio Reader 4.==== Event Viewer Messages From Past Week ========.8/20/2013 9:46:04 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.12 with the system having network hardware address 2C-9E-FC-0F-08-D0. Network operations on this system may be disrupted as a result.8/20/2013 11:41:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}8/20/2013 11:41:52 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.8/19/2013 9:07:00 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.8/18/2013 12:45:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718259 Share Posted August 21, 2013 Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.MrC Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718471 Share Posted August 21, 2013 Sorry for the delay, I was having trouble keeping an wireless connection at my office today.. Here is the AdwCleaner # AdwCleaner v3.000 - Report created 21/08/2013 at 17:55:12# Updated 20/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Brett - BRETT-PC# Running from : C:\Users\Brett\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Brett\AppData\Local\Temp\Uninstall.exeFile Found : C:\windows\System32\Tasks\DSiteFile Found : C:\windows\Tasks\DSite.jobFolder Found C:\Program Files (x86)\ConduitFolder Found C:\ProgramData\BabylonFolder Found C:\Users\Brett\AppData\Local\ConduitFolder Found C:\Users\Brett\AppData\Local\Temp\AirInstallerFolder Found C:\Users\Brett\AppData\LocalLow\ConduitFolder Found C:\Users\Brett\AppData\Roaming\DSite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\1ClickDownloadKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\BabylonToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\IGearSettingsKey Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : [x64] HKCU\Software\1ClickDownloadKey Found : [x64] HKCU\Software\BabylonToolbarKey Found : [x64] HKCU\Software\ConduitKey Found : [x64] HKCU\Software\IGearSettingsKey Found : [x64] HKCU\Software\InstallCoreKey Found : HKLM\SOFTWARE\5c55da8cbc3ab845Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCSKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : [x64] HKLM\SOFTWARE\Tarma InstallerValue Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v [ File : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : search_urlFound : icon_urlFound : search_urlFound : keyword ************************* AdwCleaner[R0].txt - [4312 octets] - [21/08/2013 17:55:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4372 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718476 Share Posted August 21, 2013 OK...Next: Double click on AdwCleaner.exe to run the tool again.Click on the Scan button.AdwCleaner will begin to scan your computer like it did before.After the scan has finished...This time click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Then......... Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718486 Share Posted August 21, 2013 # AdwCleaner v3.000 - Report created 21/08/2013 at 18:31:37# Updated 20/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Brett - BRETT-PC# Running from : C:\Users\Brett\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Users\Brett\AppData\Local\ConduitFolder Deleted : C:\Users\Brett\AppData\Local\Temp\AirInstallerFolder Deleted : C:\Users\Brett\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Brett\AppData\Roaming\DSiteFile Deleted : C:\Users\Brett\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\windows\Tasks\DSite.jobFile Deleted : C:\windows\System32\Tasks\DSite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCSKey Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC- 92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E- A21A348E59F5}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68- 0333EA26E113}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5- 4EB7-A673-4ED3E9456D39}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98- AF68-0333EA26E113}]Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DataMngrKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Google Chrome v [ File : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : search_urlDeleted : icon_urlDeleted : keyword ************************* AdwCleaner[R0].txt - [4484 octets] - [21/08/2013 17:55:12]AdwCleaner[R1].txt - [4544 octets] - [21/08/2013 18:30:48]AdwCleaner[s0].txt - [3998 octets] - [21/08/2013 18:31:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4058 octets] ########## Link to post Share on other sites More sharing options...
expy45 Posted August 21, 2013 Author ID:718489 Share Posted August 21, 2013 everything looks great thank you for your help Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718490 Share Posted August 21, 2013 OK.....Good: A little clean up to do.... Please Uninstall ComboFix: (if you used it) Press the Windows logo key + R to bring up the "run box" Copy and paste next command in the field: ComboFix /uninstall Make sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point (If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller) --------------------------------- If you used FRST: Download the fixlist.txt to the same folder as FRST. Run FRST and click Fix only once and wait That will delete the quarantine folder created by FRST. ----------------------------- If you used DeFogger to disable your CD Emulation drivers, please re-enable them. ------------------------------- Please download OTC to your desktop. http://oldtimer.geekstogo.com/OTC.exe Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator") Click on the CleanUp! button and follow the prompts. (If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.) You will be asked to reboot the machine to finish the Cleanup process, choose Yes. After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind. Any other programs or logs you can manually delete. IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall. ------------------------------- Any questions...please post back. If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed. Take a look at My Preventive Maintenance to avoid being infected again. Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted August 22, 2013 ID:718833 Share Posted August 22, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts