discodav Posted September 18, 2013 ID:731717 Share Posted September 18, 2013 Hi I am in need of advice, my pc seems to be infected with adware. I have scanned with jrt but there seems to be more. Any ideas? Link to post Share on other sites More sharing options...
MrCharlie Posted September 18, 2013 ID:731719 Share Posted September 18, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
discodav Posted September 18, 2013 Author ID:731734 Share Posted September 18, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 13/04/2011 15:37:40System Uptime: 18/09/2013 19:43:38 (0 hours ago).Motherboard: HP | | 3600Processor: AMD Turion X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 224 GiB total, 31.316 GiB free.D: is FIXED (NTFS) - 9 GiB total, 1.682 GiB free.E: is CDROM (CDFS).==== Disabled Device Manager Items =============DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16686Run by dave at 19:55:52 on 2013-09-18Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3070.1426 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\atieclxx.exeC:\Windows\System32\LEXBCES.EXEC:\Windows\System32\LEXPPS.EXEC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Users\dave\AppData\Local\FilesFrog Update Checker\update_checker.exeC:\Users\dave\AppData\Local\WebPlayer\AppsHat\WebPlayer.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\program files\a2zlyrics-1\a2zlyrics-1-bg.exeC:\Program Files\Internet Explorer\iexplore.exec:\Program Files\Microsoft Security Client\MpCmdRun.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\conhost.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNet.============== Pseudo HJT Report ===============.uURLSearchHooks: {3bbd3c14-4c16-4989-8366-95bc9179779d} - <orphaned>uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} - c:\program files\minibar\Minibar.dllBHO: a2zLyrics-1: {11111111-1111-1111-1111-110411151154} - c:\program files\a2zlyrics-1\a2zLyrics-1-bho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - c:\program files\minibar\Minibar.dllBHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.24.6\bh\delta.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.24.6\deltaTlbr.dlluRun: [sDP] c:\users\dave\appdata\local\filesfrog update checker\update_checker.exe /autouRun: [AppsHat] c:\users\dave\appdata\local\webplayer\appshat\WebPlayer.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\Minibar.dllTCP: NameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{90303D1D-5142-40EB-85DF-17ABB7667658} : DHCPNameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{90303D1D-5142-40EB-85DF-17ABB7667658}\244584F6D65684572623D2A5333323 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{A8D9FDD1-E3E4-4ED6-979B-4F322BE25417} : DHCPNameServer = 192.168.1.1 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllAppInit_DLLs= c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]R2 BitGuard;BitGuard;c:\programdata\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-9-18 2845152]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-7-11 13224]S3 Installer Service;Installer Service;c:\programdata\nokiainstallercache\productcache\{d5878294-c113-43c5-a24f-fc333c52015a}\{7964ae02-9127-42c0-a917-2ce4cd4efe3b}\installer\InstallerService.exe [2012-7-26 118784]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-25 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-14 1343400].=============== Created Last 30 ================.2013-09-18 18:45:32 -------- d-----w- c:\windows\system32\Extensions2013-09-18 18:45:31 -------- d-----w- c:\windows\system32\searchplugins2013-09-18 18:01:21 -------- d-----w- c:\users\dave\appdata\local\Bundled software uninstaller2013-09-18 18:01:12 -------- d-----w- c:\users\dave\appdata\local\AppsHat Mobile Apps2013-09-18 18:01:11 -------- d-----w- c:\users\dave\appdata\local\WebPlayer2013-09-18 18:01:05 -------- d-----w- c:\users\dave\appdata\local\Minibar2013-09-18 18:01:05 -------- d-----w- c:\program files\Minibar2013-09-18 18:00:49 -------- d-----w- c:\programdata\Kingsoft2013-09-18 17:59:23 -------- d-----w- c:\users\dave\appdata\roaming\Kingsoft2013-09-18 17:59:23 -------- d-----w- c:\program files\Kingsoft2013-09-18 17:58:40 -------- d-----w- c:\program files\a2zLyrics-12013-09-18 17:58:21 -------- d-----w- c:\program files\Delta2013-09-18 17:58:19 -------- d-----w- c:\programdata\BitGuard2013-09-18 17:58:15 -------- d-----w- c:\users\dave\appdata\roaming\Delta2013-09-18 17:57:43 -------- d-----w- c:\users\dave\appdata\roaming\BabSolution2013-09-18 17:57:40 -------- d-----w- c:\programdata\DSearchLink2013-09-18 17:56:41 -------- d-----w- c:\users\dave\appdata\roaming\Babylon2013-09-18 17:56:41 -------- d-----w- c:\programdata\Babylon2013-09-18 17:56:38 -------- d-----w- c:\users\dave\appdata\local\FilesFrog Update Checker2013-09-18 17:32:30 -------- d-----w- c:\windows\ERUNT2013-09-18 15:18:48 -------- d-----w- c:\windows\system32\appmgmt2013-09-18 14:59:58 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a04e5a5-067b-4ffa-817f-760d2da1af60}\offreg.dll2013-09-16 15:27:01 -------- d-----w- c:\users\dave\appdata\roaming\Video Media Download2013-09-16 15:26:56 -------- d-----w- c:\users\dave\appdata\roaming\52372330140ba03808001a3b2013-09-15 20:17:41 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a04e5a5-067b-4ffa-817f-760d2da1af60}\mpengine.dll2013-09-10 19:47:41 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-09-09 15:59:36 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce50b13b-c0f5-4b73-bb95-ee04b516e4a8}\gapaengine.dll2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2013-08-25 00:29:32 -------- d-----w- c:\windows\system32\MRT2013-08-24 20:57:06 652800 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-24 20:56:37 175104 ----a-w- c:\windows\system32\wintrust.dll2013-08-24 20:56:37 1166848 ----a-w- c:\windows\system32\crypt32.dll2013-08-24 20:56:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-24 20:56:34 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-08-24 20:56:06 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-24 20:56:05 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-24 20:56:04 1289096 ----a-w- c:\windows\system32\ntdll.dll2013-08-24 20:56:02 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-24 20:56:01 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-24 20:55:24 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-24 20:53:32 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.==================== Find3M ====================.2013-09-15 20:26:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-15 20:26:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 19:58:19.93 ===============.Class GUID:Description: Base System DeviceDevice ID: PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0150Manufacturer:Name: Base System DevicePNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0150Service:.Class GUID:Description: Base System DeviceDevice ID: PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0350Manufacturer:Name: Base System DevicePNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0350Service:.Class GUID:Description:Device ID: ACPI\ENE0100\4&160847D2&0Manufacturer:Name:PNP Device ID: ACPI\ENE0100\4&160847D2&0Service:.Class GUID:Description: Base System DeviceDevice ID: PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0450Manufacturer:Name: Base System DevicePNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0450Service:.==== System Restore Points ===================.RP282: 20/03/2013 18:05:25 - Windows UpdateRP283: 21/03/2013 17:27:28 - Windows UpdateRP284: 25/03/2013 20:13:58 - Windows UpdateRP285: 29/03/2013 12:02:21 - Windows UpdateRP286: 01/04/2013 22:12:18 - Windows UpdateRP287: 07/04/2013 21:17:40 - Windows UpdateRP288: 09/04/2013 21:46:20 - Windows UpdateRP289: 14/04/2013 13:25:21 - Windows UpdateRP290: 17/04/2013 16:39:36 - Windows UpdateRP291: 22/04/2013 17:21:34 - Windows UpdateRP292: 27/05/2013 19:20:34 - Windows UpdateRP293: 31/05/2013 21:06:09 - Windows UpdateRP294: 08/06/2013 12:59:25 - Windows UpdateRP295: 15/06/2013 11:07:43 - Windows UpdateRP296: 16/06/2013 08:22:19 - Windows UpdateRP297: 18/06/2013 20:06:05 - Windows UpdateRP298: 22/06/2013 12:09:17 - Windows UpdateRP299: 26/06/2013 15:02:29 - Windows UpdateRP300: 30/06/2013 20:09:00 - Windows UpdateRP301: 08/07/2013 13:26:55 - Windows UpdateRP302: 15/07/2013 15:26:32 - Windows UpdateRP303: 15/07/2013 18:41:06 - Windows UpdateRP304: 28/07/2013 22:46:42 - Windows UpdateRP305: 01/08/2013 23:57:24 - Windows UpdateRP306: 11/08/2013 20:10:37 - Windows UpdateRP307: 24/08/2013 21:55:26 - Windows UpdateRP308: 25/08/2013 01:17:44 - Windows UpdateRP309: 28/08/2013 14:00:14 - Windows UpdateRP310: 28/08/2013 14:33:12 - Windows UpdateRP311: 01/09/2013 16:22:27 - Windows UpdateRP312: 09/09/2013 16:54:58 - Windows UpdateRP313: 15/09/2013 21:17:14 - Windows UpdateRP314: 15/09/2013 23:10:58 - Windows UpdateRP315: 18/09/2013 16:17:30 - Removed PC Connectivity SolutionRP316: 18/09/2013 16:18:56 - Removed Nokia Software Updater..==== Installed Programs ======================.Update for Microsoft Office 2007 (KB2508958)a2zLyrics-1Adobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.8)Apple Application SupportApple Mobile Device SupportApple Software UpdateAppsHat Mobile AppsBitGuardBlackBerry Desktop Software 7.1BlackBerry Device Software UpdaterBonjourBundled software uninstallerCasino at bet365Cortona® VRML ClientDelta Chrome ToolbarDelta toolbar FilesFrog Update CheckerGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHP Deskjet 2510 series Basic Device SoftwareHP Deskjet 2510 series HelpHP Deskjet 2510 series Product Improvement StudyHP Deskjet 2510 series Setup GuideHP Photo CreationsHP UpdateHPDiagnosticAlertiTunesJava Auto UpdaterJava 6 Update 33Jessops PhotoKingsoft Office 2013 (9.1.0.4256)Lexmark 1200 SeriesMacromedia Flash Player 8Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVC90_x86MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Nokia Connectivity Cable DriverPMBQuickShareQuickTimeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760588) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760823) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2767773) 32-Bit EditionSony Ericsson Update EngineSony Image Data SuiteSynaptics Pointing Device DriverTAS BasicsTom Clancy's EndWarTopArcadeHitsUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665).==== Event Viewer Messages From Past Week ========.18/09/2013 19:44:10, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter18/09/2013 19:44:10, Error: atikmdag [43029] - Display is not active18/09/2013 19:42:03, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.18/09/2013 19:00:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted September 18, 2013 ID:731738 Share Posted September 18, 2013 Log from RogueKiller??? MrC Link to post Share on other sites More sharing options...
discodav Posted September 18, 2013 Author ID:731745 Share Posted September 18, 2013 RogueKiller V8.6.12 [sep 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : dave [Admin rights] Mode : Scan -- Date : 09/18/2013 20:12:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> KILLED [TermProc] [sUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> KILLED [TermProc] [sUSP PATH] update_checker.exe -- C:\Users\dave\AppData\Local\FilesFrog Update Checker\update_checker.exe [7] -> KILLED [TermProc] [sUSP PATH] WebPlayer.exe -- C:\Users\dave\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SDP (C:\Users\dave\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : AppsHat (C:\Users\dave\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1906477707-3917754517-7915792-1003\[...]\Run : SDP (C:\Users\dave\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1906477707-3917754517-7915792-1003\[...]\Run : AppsHat (C:\Users\dave\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll [7]) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] TopArcadeHits : C:\Users\dave\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS543225L9A300 ATA Device +++++ --- User --- [MBR] ca78c2a7c6748365a375e34a9747abb3 [bSP] 5f0bc09ea5a73f5d86111360600207bc : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228903 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468795392 | Size: 9568 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09182013_201243.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted September 18, 2013 ID:731750 Share Posted September 18, 2013 From your logs I guess your concerned about all the adware/spyware on the system. -------------------------Please uninstall these from your add/remove programs: (if you can)BitGuardDelta Chrome ToolbarDelta toolbarFilesFrog Update CheckerTopArcadeHitsThen......Look inside this folder for an uninstaller: (may look something like this: uninst.exe)c:\program files\minibarIf one is found please use it to uninstall minibar.--------------------------------Next.........Lets clean out any adware: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted September 20, 2013 ID:732461 Share Posted September 20, 2013 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
LDTate Posted September 21, 2013 ID:732888 Share Posted September 21, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts