Jump to content

Recommended Posts

Hi, I am unfamiliar with posting to forums, but I was hoping someone could possibly help me or steer me in the right direction if at all possible. I feel that I have some Trojan 'backdoor' rootkit virus, as security essentials is the only program that found threats out of Advanced system care(iobit) and Malwarebytes. The threats found were; Exploit: Java/CVE-2013-0431.. Trojan downloader: ASX/Wimad.DQ and Trojan:Win32/Sirefef!cfg. I tried running MBAM chameleon and it found no threats either. At this point I have made it to a clean PC to post this, I also downloaded the more common fix tools I've read in the threads onto CD and will be taking that home to the infected PC tonight to run and possibly eradicate this virus myself. I've tried running MBAM in safemode and it would never update. I downloaded TDSSKILLER and ran it but then I think it was soon after disabled by the malware. After reading the threads I realize I should have went to a clean PC for help right away but I was thinking by updating my active software I could possibly fix my issues.  At this point I don't think I can do this alone, I am hoping that I will be able to get this resolved with some expert advice. I appreciate any help I can receive and will be trying to keep up through my phone and visits to uninfected PC to post. I will be trying to run DDS on infected PC tonight as well and will attempt to post log results asap. Thanks in advance... Sincerely, Confused computer user :/

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif

    Download DDS and save it to your desktop

    Link1

    Link2

    Link3

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
Link to post
Share on other sites

Hi Gringo, thanks for the reply. Today I was able to get DDS to run and will now attach logs. I haven't downloaded or ran any tools other than those ran before I came to get help. (Those were adv. system care 'iobit' and my :( outdated version of Malwarebytes. I know, should have kept up to date.. definitely will from now on.) I am about 30 minutes away from a clean computer so I downloaded some of the more obviously used softwares or malware removal tools onto CD-rewrite in order to have them to use, as instructed by you. I will send you logs now, and wait for reply. Thanks in advance. I also thought I should mention, I run off of my home network, which has a 1998 desktop computer running windows 2000xp which I use as the central hub for my router and Modem, I have been told there are other ways to run a network. I'm not very tech savvy and as a result this network has been setup and ran this way without issues for, years.. I fear that the "dinosaur" desktop may be infected as well. Hope I haven't completely ran into a roadblock with this. AT THIS POINT, both computers are USABLE. Slow, but usable, and does not redirect to harmful websites, but it appears obvious that that IS the goal is to redirect. The computer takes so much time to download that when trying to run DDS it took me close to 10 attempts at least and I did finally get the process to run, after having multiple failed download attempts. Logs are as follows::

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by cswink at 0:05:41 on 2013-09-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4024.1542 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\spool\DRIVERS\x64\3\dlecserv.exe
C:\Windows\system32\dleccoms.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Dell P713w\dlecmon.exe
C:\Program Files (x86)\Dell P713w\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUEyQjYtVEFJQ00tMkpUSjctQVJRMlgtUUJROTMtTg"&"inst=NzYtOTI5NjMyNjg5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1TVTNUKzEtVFVHKzMtRkkrMS1ERFQrMC1MU0QrMi1GT0krMS1ERDEwKzEtU1QxMEFQUCsxLVNUMTJGT0krMS1TVDEyQVBQMTBJTlNUUklBTCsxLVNUMTJBUFArMS1FVUxBKzE"&"prod=94"&"ver=2012.0.1831"&"mid=1ade2c7a54194e2999525f1244ddb83d-af20cc8f592eee997abd4636b4bf13ce08cb9cc9
mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.









TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D93120EC-9792-4765-8F33-DC7C2EE4DF70} : DHCPNameServer = 192.168.0.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-7315u|http://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\cswink\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-31 10:53; ascsurfingprotection@iobit.com; C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 6499ecd400000000000000225f309892
FF - user.js: extensions.BabylonToolbar_i.hardId - 6499ecd400000000000000225f309892
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108317
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-5-16 17720]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-3-13 574272]
R2 dlec_device;dlec_device;C:\Windows\System32\dleccoms.exe -service --> C:\Windows\System32\dleccoms.exe -service [?]
R2 dlecCATSCustConnectService;dlecCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dlecserv.exe [2013-2-16 45224]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-22 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-9-24 335168]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-10-22 293376]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2013-6-11 23048]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-8-13 126976]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-9-5 36680]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-5-13 62424]
R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-6-11 51800]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2013-6-11 34336]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2013-6-11 23016]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-2-21 393728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-8-31 2298704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-21 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-09-06 01:45:17 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-15 21:31:14 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2013-08-15 07:05:36 78161360 ----a-w- C:\Windows\System32\mrt.exe
2013-08-10 05:49:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-10 05:49:53 263592 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-08-10 05:49:53 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-08-10 05:49:53 175016 ----a-w- C:\Windows\SysWow64\java.exe
2013-08-10 05:49:52 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-10 05:49:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-06 16:48:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-06 16:48:58 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-06 16:34:59 1068176 ----a-w- C:\Users\cswink\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-29 15:03:12 589824 ----a-w- C:\ProgramData\SPLB79D.tmp
2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 03:58:11 1417664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-05 02:15:19 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2012-11-15 17:56:58 179328 ----a-w- C:\Program Files (x86)\2pres.dll
2012-10-10 19:56:16 175232 ----a-w- C:\Program Files (x86)\5zres.dll
.
============= FINISH:  0:06:31.01 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/22/2008 1:04:51 PM
System Uptime: 9/6/2013 2:12:13 PM (82 hours ago)
.
Motherboard: Gateway                          |  |                                
Processor: Intel® Pentium® Dual  CPU  T3200  @ 2.00GHz | uFCPGA2 | 2000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 30.821 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 71.507 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1599: 9/5/2013 5:02:01 PM - IObit Uninstaller restore point
RP1600: 9/5/2013 5:03:28 PM - IObit Uninstaller restore point
RP1601: 9/5/2013 5:06:51 PM - IObit Uninstaller restore point
RP1602: 9/5/2013 5:07:36 PM - IObit Uninstaller restore point
RP1603: 9/5/2013 5:09:00 PM - IObit Uninstaller restore point
RP1604: 9/5/2013 9:30:49 PM - Removed Windows Live ID Sign-in Assistant
RP1605: 9/5/2013 9:31:36 PM - Removed Windows Live Messenger
RP1606: 9/6/2013 4:12:21 PM - IObit Uninstaller restore point
RP1607: 9/8/2013 12:00:01 AM - Scheduled Checkpoint
RP1608: 9/9/2013 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Camera Assistant Software for Gateway
Catalina Savings Printer
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
CyberLink Power2Go
Dell P713w
Dell Toolbar
FrostWire 5.3.2
Game Booster
Gateway Recovery Management
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IObit Malware Fighter
iTunes
Java 7 Update 17
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
O2Micro Flash Memory Card Reader Driver (x64)
PrintCoupon
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Smart Defrag 2
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Wiley CulinarE-Companion
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 2:23:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/8/2013 2:23:18 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/8/2013 2:23:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/8/2013 1:39:40 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/7/2013 2:23:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/7/2013 2:23:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1270.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/6/2013 2:14:39 PM, Error: Service Control Manager [7034]  - The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
9/6/2013 2:14:39 PM, Error: Service Control Manager [7022]  - The Diagnostic System Host service hung on starting.
9/6/2013 2:14:36 PM, Error: Service Control Manager [7022]  - The Diagnostic Service Host service hung on starting.
9/6/2013 2:13:36 PM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer hp psc 1100 series with shared resource name hp psc 1100 series. Error 1. The printer cannot be used by others on the network.
9/6/2013 2:13:36 PM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer HP Deskjet 3050 J610 series (Network) with shared resource name HP Deskjet 3050 J610 series (Network). Error 1. The printer cannot be used by others on the network.
9/5/2013 6:19:24 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1086.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
9/5/2013 6:19:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/5/2013 6:07:43 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 6:06:46 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MpFilter spldr Wanarpv6
9/5/2013 6:06:46 PM, Error: Service Control Manager [7001]  - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 6:06:46 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 6:06:46 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 6:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/5/2013 6:06:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2013 6:05:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/4/2013 8:56:53 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name.  The server could not start.
9/3/2013 7:58:18 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
9/3/2013 3:02:44 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1049.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x80072ee2   Error description: The operation timed out
9/3/2013 3:02:44 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.1049.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x80072ee2   Error description: The operation timed out
9/3/2013 2:58:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee2   Error description: The operation timed out
9/3/2013 2:58:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee2   Error description: The operation timed out
9/3/2013 2:51:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2805304.
9/3/2013 2:50:51 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee2   Error description: The operation timed out
9/3/2013 2:50:51 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Download   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: cswink-PC\cswink   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee2   Error description: The operation timed out
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Staff

Hello computerconfusion

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Thank you SOO SOO much for the help Gringo, I seriously thought i was infected sick... after running the two programs you offered Adwclean and Junkware removal tool my browser is no longer redirecting and is running soooo much quicker. I was wondering, should I do the same thing to my desktop  computer I mentioned earlier? It seems to be running more smoothly than the notebook was, however, that computer is running windows 2000xp and has had some things added over the years such as google chrome, asktoolbar and the like, so I just wondered what would be my direction at this point, do you think these things are capable of slipping through free versions of protection such as Iobit or Adv. system care, or even malwarebytes? Thanks again for all your help!

 

# AdwCleaner v3.003 - Report created 11/09/2013 at 00:44:39
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : cswink - CSWINK-PC
# Running from : C:\Users\cswink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z754M8TD\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\Program Files (x86)\CouponXplorer_5z
[!] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[!] Folder Deleted : C:\Users\cswink\AppData\Local\Babylon
[!] Folder Deleted : C:\Users\cswink\AppData\Local\CouponXplorer_5z
[!] Folder Deleted : C:\Users\cswink\AppData\Local\Wajam
[!] Folder Deleted : C:\Users\cswink\AppData\Local\Temp\AskSearch
[!] Folder Deleted : C:\Users\cswink\AppData\Local\Temp\OpenCandy
[!] Folder Deleted : C:\Users\cswink\AppData\LocalLow\AVG Security Toolbar
[!] Folder Deleted : C:\Users\cswink\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\cswink\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\cswink\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [installIQUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Mozilla Firefox v23.0 (en-US)

[ File : C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108317");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "6499ecd400000000000000225f309892");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15391");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1713:59:05");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 95065734);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1713:59:05");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108317");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6499ecd400000000000000225f309892");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "6499ecd400000000000000225f309892");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15391");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:59:05");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012122602");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDman000");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "DF331A99-91F6-4F5C-8726-4BD7A8A97759");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.lastActivePing", "1356505733516");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "27101");

Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2012122602");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xdm070^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", "59605");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "E673ECA1-2DBC-4B1E-A338-C64C3FBD9892");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.lastActivePing", "1378403806220");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "27101");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponxplorer@mindspark.com");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\cswink\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10789 octets] - [11/09/2013 00:39:07]
AdwCleaner[s0].txt - [10751 octets] - [11/09/2013 00:44:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10812 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows Vista Home Premium x64
Ran by cswink on Wed 09/11/2013 at  1:05:11.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6BA7B3E2-E9D0-4FD4-B24E-656852B300F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{F194CFD8-D3D5-42DF-805C-0087A161448F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2664799048-1030474000-4091175638-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2664799048-1030474000-4091175638-1000\Software\Wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C06D95E6-318E-4A4B-9617-CF13E698450D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\friendschecker"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ FireFox

Successfully deleted: [File] C:\user.js

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/11/2013 at  1:13:01.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

After doing a little "surfing" and just doing some offline computer work, the computer seems to be running fine;however, the browser does seem to still be running more slowly than before the issue started and it did freeze temporarily going from google to another website, but only once. Thanks again for the assistance :)

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi Gringo, I ran combofix, i meant to mention this in earlier posts but had forgotten. Windows defender hadn't opened in some time, and would stop responding when I would try to manually open the program. I should also mention that this morning when trying to boot, the computer seemed to have a fairly difficult time, the initial boot would happen fine, but then after I logged in the screen was just black for several minutes, after a few minutes of sitting idle I opened taskmanager and while the processes were open, Winlog THEN started. After just a few more seconds my desktop did finally load. After combofix I went directly to turn on firewall and try windows defender, it actually opened and is now allowing me to scan the system. I do think I plan to remove all old anti-virus and malware removal tools and try to start over fresh. I wondered if you had any suggestions as to which programs to use, I know purchased is better than free but i was just wondering what you thought was best as far as free software goes and should programs like malwarebytes be used as an everyday detection program. Thanks for all your help. This is the log that combofix created.

 

ComboFix 13-09-10.03 - cswink 09/11/2013  15:38:17.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4024.2386 [GMT -4:00]
Running from: c:\users\cswink\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLB79D.tmp
c:\users\cswink\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\cswink\install_flashplayer11x32ax_chrd_awa_aih.exe
c:\users\cswink\PrintCoupon (1).exe
c:\users\cswink\PrintCoupon.exe
c:\windows\Documents\~WRL0297.tmp
c:\windows\Documents\~WRL1469.tmp
c:\windows\Documents\~WRL2636.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-11 to 2013-09-11  )))))))))))))))))))))))))))))))
.
.
2013-09-11 19:50 . 2013-09-11 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-11 19:50 . 2013-09-11 19:50 -------- d-----w- c:\users\cswink\AppData\Local\temp
2013-09-11 07:07 . 2013-07-31 13:42 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-09-11 05:14 . 2013-08-06 05:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE67F1CA-BB12-4C8D-BC1E-2BEA004D50B2}\mpengine.dll
2013-09-11 05:05 . 2013-09-11 05:05 -------- d-----w- c:\windows\ERUNT
2013-09-11 04:39 . 2013-09-11 04:44 -------- d-----w- C:\AdwCleaner
2013-09-10 19:36 . 2013-08-08 02:03 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-09-10 19:35 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2013-09-10 19:35 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2013-09-06 02:17 . 2013-09-06 02:16 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FC7A6EB-A483-4FD6-AB8D-2DE00FC71154}\gapaengine.dll
2013-09-06 02:16 . 2013-08-06 05:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 01:45 . 2013-09-06 01:45 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-04 19:36 . 2013-09-05 22:36 -------- d-----w- c:\users\cswink\mbar-1.05.0.1001
2013-09-03 18:58 . 2013-08-20 09:06 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-03 18:47 . 2013-09-03 18:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-03 18:47 . 2013-09-03 18:48 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-31 18:54 . 2013-08-15 21:31 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
2013-08-31 18:54 . 2013-09-04 17:23 -------- d-----w- c:\program files (x86)\Secure Speed Dial
2013-08-30 05:46 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3D55F6A-04CB-41A3-8406-0738C8A52650}\mpengine.dll
2013-08-28 05:08 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-28 05:08 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 07:10 . 2006-11-02 12:35 79143768 ----a-w- c:\windows\system32\mrt.exe
2013-09-11 05:19 . 2013-03-19 19:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 05:19 . 2013-03-19 19:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:49 . 2013-05-16 16:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-10 05:49 . 2012-05-07 20:54 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-10 05:49 . 2011-07-30 19:51 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-08 04:16 . 2013-08-14 10:59 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-11-15 17:56 . 2013-01-19 19:08 179328 ----a-w- c:\program files (x86)\2pres.dll
2012-10-10 19:56 . 2013-01-19 19:08 175232 ----a-w- c:\program files (x86)\5zres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2008-03-29 638976]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUEyQjYtVEFJQ00tMkpUSjctQVJRMlgtUUJROTMtTg&inst=NzYtOTI5NjMyNjg5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1TVTNUKzEtVFVHKzMtRkkrMS1ERFQrMC1MU0QrMi1GT0krMS1ERDEwKzEtU1QxMEFQUCsxLVNUMTJGT0krMS1TVDEyQVBQMTBJTlNUUklBTCsxLVNUMTJBUFArMS1FVUxBKzE∏=94&ver=2012.0.1831&mid=1ade2c7a54194e2999525f1244ddb83d-af20cc8f592eee997abd4636b4bf13ce08cb9cc9" [?]
"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 20:29 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 05:19]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 14:13]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 14:13]
.
2013-09-11 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-05 23:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 1021488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.0.1


FF - ProfilePath - c:\users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-7315u|http://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-31 10:53; ascsurfingprotection@iobit.com; c:\users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\extensions\ascsurfingprotection@iobit.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 5 - c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-11  15:52:42
ComboFix-quarantined-files.txt  2013-09-11 19:52
.
Pre-Run: 32,700,067,840 bytes free
Post-Run: 31,378,464,768 bytes free
.
- - End Of File - - D4F26691910AB7E19C0A9A363B7102A8
2D38F4A50470B53943A7DBD02E402E47
 

Link to post
Share on other sites

  • Staff

Hello computerconfusion

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
Link to post
Share on other sites

Hi Gringo,

 

Thanks for the reply, sorry for my premature post above^. I wanted to appologize for my delay in response as I hadn't had a lot of time to actually sit and browse for an extended period to see how things were running. As of now, after following your instruction for Internet explorer, it seems to have helped slightly. On obviously secure websites such as banking or government webpages the browser loads relatively quickly, although it doesn't seem as fast as it used to be, yet on websites such as yahoo mail or social networking sites, youtube, hotel webpages and such it is still lagging considerably and refuses to load most images. I opened my other current browser, mozilla firefox and it took an extremly long time to load the google homepage. It did finally load after about 2-3 minutes, and most images loaded. However, on the bottom in the scriptbar it showed something that said "waiting for data from CSI.g.static.com. I was unsure if this was something within google, but it didn't sound right to me. The browsers are usable, but definitely delayed. I was wondering, could this issue be caused by the fact that my modem and wireless router are run from the desktop that i mentioned in earlier posts, running windows2000xp, and possibly having the same issues "redirecting" in the browsers. Thanks for all you've done thus far, I hope together we can achieve a fix!

Link to post
Share on other sites

  • Staff

Hello computerconfusion

There can still be many reasons why the browsers are the way they are.

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
Link to post
Share on other sites

Hi gringo, I ran the scan and here are the results, thanks so much for your continued help.

 

OTL logfile created on: 9/13/2013 1:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cswink\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.93 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.24% Memory free
8.07 Gb Paging File | 6.13 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 29.85 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 70.46 Gb Free Space | 63.23% Space Free | Partition Type: NTFS
 
Computer Name: CSWINK-PC | User Name: cswink | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\cswink\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll ()
MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (dlec_device) -- C:\Windows\SysNative\dleccoms.exe ( )
SRV:64bit: - (dlecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dlecserv.exe ()
SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SecureUpdateSvc) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (dlecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe ()
SRV - (dlec_device) -- C:\Windows\SysWOW64\dleccoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\oem\int15\int15.sys (Acer, Inc.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys (IObit.com)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys (IObit)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-7315u
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 EB 81 42 E1 AF CE 01  [binary data]
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\..\SearchScopes\{081A25EA-CD10-48BB-B746-EAC0E0956DA1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACGW
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120208,6902,0,21,0"
FF - prefs.js..browser.startup.homepage: "http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-7315u|http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={07F1DA5D-1996-4DCA-BDAB-20C8CA9B2C84}&Version=3.6.5&Vintage=20120208&Defaultbrowserid=21&Productid=2138&Vendorid=3852&Offerid=6894&searchterm="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\cswink\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/06 13:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 14:40:08 | 000,000,000 | ---D | M]
 
[2012/05/07 22:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cswink\AppData\Roaming\Mozilla\Extensions
[2012/05/07 22:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cswink\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/09/05 17:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\extensions
[2013/08/31 14:53:40 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\extensions\ascsurfingprotection@iobit.com
[2012/05/11 18:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cswink\AppData\Roaming\Mozilla\Firefox\Profiles\mak6mpyz.default\extensions\toolbar@shopathome(49).com
[2013/08/06 13:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/06 13:22:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\CSWINK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAK6MPYZ.DEFAULT\EXTENSIONS\SPEEDDIAL@INSTAIR.NET
[2009/10/10 14:51:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/07 20:46:48 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
 
O1 HOSTS File: ([2013/09/11 15:50:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2664799048-1030474000-4091175638-1000\..Trusted Domains: http ([]http in Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} http://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (Reg Error: Value error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://24.172.47.190/activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93120EC-9792-4765-8F33-DC7C2EE4DF70}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\cswink\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\cswink\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/13 13:18:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cswink\Desktop\OTL.exe
[2013/09/11 15:52:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/11 15:52:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/11 15:52:45 | 000,000,000 | ---D | C] -- C:\Users\cswink\AppData\Local\temp
[2013/09/11 15:36:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/11 15:36:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/11 15:36:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/11 15:36:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/11 15:36:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/11 14:55:15 | 005,124,599 | R--- | C] (Swearware) -- C:\Users\cswink\Desktop\ComboFix.exe
[2013/09/11 03:08:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/11 03:08:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/11 03:08:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 03:08:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 03:08:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/11 03:08:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/11 03:08:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/11 03:08:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/11 03:08:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 03:08:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/11 03:08:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/11 03:08:09 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 03:08:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 03:08:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 03:08:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/11 01:05:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/11 00:59:52 | 001,029,490 | ---- | C] (Thisisu) -- C:\Users\cswink\Desktop\JRT.exe
[2013/09/11 00:39:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/10 15:35:57 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2013/09/10 15:35:57 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2013/09/05 20:48:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/04 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\cswink\mbar-1.05.0.1001
[2013/09/03 14:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/03 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/03 12:57:18 | 000,000,000 | ---D | C] -- C:\Windows\Documents\mbar-1.05.0.1001
[2013/08/31 14:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/28 01:08:02 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/28 01:08:01 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/06/11 22:43:41 | 000,889,480 | ---- | C] (CNET Download.com) -- C:\Users\cswink\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exe
[2013/06/11 00:06:11 | 000,889,480 | ---- | C] (CNET Download.com) -- C:\Users\cswink\cbsidlm-cbsi109-Advanced_SystemCare-BP-10407614.exe
[2013/03/19 15:06:11 | 000,896,928 | ---- | C] (Oracle Corporation) -- C:\Users\cswink\JavaSetup7u17.exe
[2013/03/19 14:41:16 | 001,017,152 | ---- | C] (Solid State Networks) -- C:\Users\cswink\install_flashplayer11x32ax_gtbp_chrd_aih.exe
[2012/08/27 12:51:29 | 001,296,712 | ---- | C] (Coupons.com Incorporated) -- C:\Users\cswink\CouponPrinter_exe
[2012/06/26 11:44:12 | 016,585,584 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\cswink\HITinstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/13 13:19:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cswink\Desktop\OTL.exe
[2013/09/13 13:18:05 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/13 13:18:05 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/13 13:18:05 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/13 13:14:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/09/13 13:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/13 12:35:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 12:35:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 12:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/13 10:24:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/13 04:28:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 04:28:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 15:50:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/11 15:35:57 | 005,124,599 | R--- | M] (Swearware) -- C:\Users\cswink\Desktop\ComboFix.exe
[2013/09/11 14:35:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013/09/11 14:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 14:35:29 | 4220,432,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 14:31:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/09/11 03:16:58 | 000,389,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 01:04:16 | 001,029,490 | ---- | M] (Thisisu) -- C:\Users\cswink\Desktop\JRT.exe
[2013/09/05 21:45:17 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/05 21:32:53 | 000,000,835 | ---- | M] () -- C:\Windows\Documents\My Sharing Folders.lnk
[2013/09/05 18:22:22 | 000,000,732 | ---- | M] () -- C:\Users\cswink\AppData\Local\d3d9caps64.dat
[2013/09/05 13:59:47 | 012,917,756 | ---- | M] () -- C:\Users\cswink\mbar-1.05.0.1001.zip
[2013/09/04 18:27:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/04 16:43:05 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/03 14:49:56 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/31 14:53:36 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/08/31 14:53:36 | 000,001,042 | ---- | M] () -- C:\Users\cswink\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2013/08/31 14:53:36 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/08/16 19:18:35 | 000,224,292 | ---- | M] () -- C:\Users\cswink\ShoppingList.pdf
[2013/08/15 17:31:14 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll
 
========== Files Created - No Company Name ==========
 
[2013/09/11 15:36:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/11 15:36:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/11 15:36:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/11 15:36:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/11 15:36:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/05 21:45:17 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/05 21:32:53 | 000,000,835 | ---- | C] () -- C:\Windows\Documents\My Sharing Folders.lnk
[2013/09/05 20:51:53 | 4220,432,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/05 18:17:03 | 000,000,732 | ---- | C] () -- C:\Users\cswink\AppData\Local\d3d9caps64.dat
[2013/09/03 14:48:08 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/03 12:55:34 | 012,917,756 | ---- | C] () -- C:\Users\cswink\mbar-1.05.0.1001.zip
[2013/08/31 14:54:16 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/16 19:18:31 | 000,224,292 | ---- | C] () -- C:\Users\cswink\ShoppingList.pdf
[2013/04/12 15:13:21 | 000,046,323 | ---- | C] () -- C:\Users\cswink\562303_10151347254126479_1521600300_n.jpg
[2013/03/13 15:59:56 | 001,440,846 | ---- | C] () -- C:\Users\cswink\mbam-chameleon-1.62.1.1000.zip
[2013/02/23 16:02:30 | 000,176,583 | ---- | C] () -- C:\Users\cswink\STF_2013-02-23_1361649913614.pdf
[2013/02/23 16:00:47 | 000,256,581 | ---- | C] () -- C:\Users\cswink\FTF_2013-02-23_1361649809802.pdf
[2013/02/16 00:16:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlecinpa.dll
[2013/02/16 00:16:57 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleccomx.dll
[2013/02/16 00:16:57 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleciesc.dll
[2013/02/16 00:16:57 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLECinst.dll
[2013/02/16 00:16:56 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dlecserv.dll
[2013/02/16 00:16:56 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dlecusb1.dll
[2013/02/16 00:16:56 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlecpmui.dll
[2013/02/16 00:16:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dlecins.dll
[2013/02/16 00:16:56 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dlecinsb.dll
[2013/02/16 00:16:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleccu.dll
[2013/02/16 00:16:56 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlecinsr.dll
[2013/02/16 00:16:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleccub.dll
[2013/02/16 00:16:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dlecjswr.dll
[2013/02/16 00:16:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleccur.dll
[2013/02/16 00:16:55 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlechbn3.dll
[2013/02/16 00:16:55 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleccoms.exe
[2013/02/16 00:16:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dleclmpm.dll
[2013/02/16 00:16:55 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleccomm.dll
[2013/02/16 00:16:55 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dlecih.exe
[2013/02/16 00:16:54 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleccomc.dll
[2013/02/16 00:16:54 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleccfg.exe
[2013/02/16 00:16:54 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLECcfg.dll
[2013/02/16 00:14:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLECsmr.dll
[2013/02/16 00:14:57 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLECsm.dll
[2013/01/28 16:36:13 | 000,026,122 | ---- | C] () -- C:\Users\cswink\552954_412568178819094_1449333790_n.jpg
[2013/01/23 14:20:58 | 000,083,429 | ---- | C] () -- C:\Users\cswink\friend faceboook.jpg
[2013/01/19 15:08:37 | 000,175,232 | ---- | C] () -- C:\Program Files (x86)\5zres.dll
[2013/01/19 15:08:22 | 000,179,328 | ---- | C] () -- C:\Program Files (x86)\2pres.dll
[2012/11/29 00:38:21 | 000,084,715 | ---- | C] () -- C:\Users\cswink\FB pic2.jpg
[2012/11/25 23:38:37 | 000,211,299 | ---- | C] () -- C:\Users\cswink\FB pic.jpg
[2012/04/18 11:41:50 | 000,004,096 | -H-- | C] () -- C:\Users\cswink\AppData\Local\keyfile3.drm
[2009/10/10 11:00:14 | 000,007,117 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/01/26 11:05:36 | 000,019,456 | ---- | C] () -- C:\Users\cswink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTLIE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value foundFF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value found:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hello Gringo, Thanks again for your continued support. I ran the OTL custom fix and the computer did reboot automatically. After running the computer still seemed to take a while from the bootup login screen to being able to see my desktop and all icons. After my initial log in the screen stayed black for about a minute, I control+alt+delete to get the task manager to start, after about another minute the desktop finally appeared. Upon bringing up the internet through "the Internet" Icon that our "fixes" placed on the desktop, it is Internet Explorer, and MSN as a homepage comes right up, but even nativating to Malwarebytes forum to reply to your response took about two minutes to load, longer than usual I would say. I have noticed the computer telling me that I couldn't successfully create a backup when attepted. the error message I recieved was: "the backup location cannot be found or is not valid review your backup settings and check your hardware configuration (0x81000006). I tried again, and did get the backuo to successfully take place, possibly because I tried AFTER running the OTL custom fix you offered. Here is the log for that scan and fix

 

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09B71986-2AC5-482d-B6CB-42EA34F4F85B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\cswink\Desktop\cmd.bat deleted successfully.
C:\Users\cswink\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: cswink
->Java cache emptied: 15872094 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 15.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: cswink
->Flash cache emptied: 58311 bytes
 
User: Default
->Flash cache emptied: 57472 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09162013_141942

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I would like you to go to this page - Troubleshooting and Internet Explorer’s (No Add-ons) Mode

Step 1 is going to show you how to run IE without any add/ons, If by running IE this way the problem goes away Then we can go to step 2

Step 2 will show you how to find the add/on that is causing the problem and then how to remove it

Gringo

Link to post
Share on other sites

Hi Gringo, I opened the browser without add ons, but to no avail. It seems odd, first thing in the mornings the browser seems to be a little faster, and MSN will always display within seconds, however, pretty much any other webpage just "loads" without finish, sometimes until it times out with a blank screen or partial webpage loaded. I have noticed my computer prompting me to update java.. but.. I'm scared... Isn't it possible Java is how I got here? Thanks for your continued support, I think I will go to Oracle and see if there is a confirmed Java update that I am due for.

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites

Hi gringo, thanks for the reply, I am currently trying to download the TDSS killer but it seems like it will not download. I've restarted the download at either 0% or 1% after 5-10 minutes sitting idle atleast 6-10 times, I will continue trying, I did want to ask though, I have a copy from a clean computer that was downloaded about a 10 days ago, would it be acceptable to run this copy if I can't get the application to download? Thanks again for your help!

Link to post
Share on other sites

Hi Gringo, After trying my best to reply to you last night. I completely lost internet connection. I have on multiple occasions checked within my network to ensure that all lines of communication were properly connected. Lastnight when I lost connectivity my modem actually lost all signal. I replaced my modem today and after replacement the connection seems to be working perfectly with up to 20mbps when doing connection tests. I DO think that I was infected and YOU have done an AMAZING!!!!! job to have walked me through these steps. Should I still download and run TDSS and Rogue killer or do you think that the malware issue, then mounted with the lack of signal strength to my modem may have been the issue all along? Thank you again, I honestly cannot thank you enough!!!

Link to post
Share on other sites

  • Staff

Hello computerconfusion

I think the last issues were most likely the modem going out

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.