Jump to content

issues on computer

bevj3

By bevj3
in Resolved Malware Removal Logs

 Share

Recommended Posts

bevj3

bevj3

Posted
Posted

I'm on my husbands computer and have been trying to clean it up for him.  He has some issues.  I did a malware scan and he had over 200 malwares.  I have removed them all.  He now has a thing that pops up when he restarts saying something about a conduit rdll file cannot be found.  Not sure what that could mean.  I am no computer tech so decided to check with someone with knowledge.  LOL  If you could help that would be great. 

 

Thanks

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
bevj3

bevj3

Posted
  • Author
Posted

.

 

============== Running Processes ===============

 

.

 

C:\Windows\system32\lsm.exe

 

C:\Windows\system32\svchost.exe -k DcomLaunch

 

C:\Windows\system32\svchost.exe -k RPCSS

 

c:\Program Files\Microsoft Security Client\MsMpEng.exe

 

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

 

C:\Windows\system32\atiesrxx.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

 

C:\Windows\system32\svchost.exe -k LocalService

 

C:\Windows\system32\svchost.exe -k netsvcs

 

C:\Program Files\IDT\WDM\STacSV64.exe

 

C:\Windows\system32\Hpservice.exe

 

C:\Windows\system32\svchost.exe -k NetworkService

 

C:\Windows\System32\spoolsv.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

 

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

 

C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

 

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

 

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

 

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

 

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

 

C:\Windows\System32\svchost.exe -k HPZ12

 

C:\Windows\System32\svchost.exe -k HPZ12

 

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

 

C:\Windows\system32\svchost.exe -k imgsvc

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

 

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

 

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

 

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

 

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

 

c:\Program Files\Microsoft Security Client\NisSrv.exe

 

C:\Windows\system32\svchost.exe -k bthsvcs

 

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

 

C:\Windows\system32\atieclxx.exe

 

C:\Windows\system32\Dwm.exe

 

C:\Windows\Explorer.EXE

 

C:\Windows\system32\taskhost.exe

 

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

 

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

 

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

C:\Program Files\Microsoft Security Client\msseces.exe

 

C:\Program Files\IDT\WDM\sttray64.exe

 

C:\Windows\system32\taskeng.exe

 

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

 

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

 

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

 

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

 

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

 

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

C:\Windows\system32\SearchIndexer.exe

 

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

 

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

 

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

 

C:\Windows\system32\svchost.exe -k HPService

 

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

 

C:\Windows\system32\svchost.exe -k SDRSVC

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

C:\Windows\System32\cscript.exe

 

.

 

============== Pseudo HJT Report ===============

 

.

 

 

mWinlogon: Userinit = userinit.exe,

 

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

 

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

 

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

 

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

 

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

 

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

 

EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>

 

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

 

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

 

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

 

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

 

mPolicies-Explorer: NoActiveDesktop = dword:1

 

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

 

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

 

mPolicies-System: ConsentPromptBehaviorUser = dword:3

 

mPolicies-System: EnableUIADesktopToggle = dword:0

 

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

 

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

 

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

 

TCP: NameServer = 192.168.1.254 75.153.176.1

 

TCP: Interfaces\{56F51A80-DBEA-4097-A78E-AA967EC8998E} : DHCPNameServer = 192.168.1.254 75.153.176.1

 

TCP: Interfaces\{56F51A80-DBEA-4097-A78E-AA967EC8998E}\44F627D6F514F535F6574786 : DHCPNameServer = 192.168.2.1

 

TCP: Interfaces\{56F51A80-DBEA-4097-A78E-AA967EC8998E}\74164756771697 : DHCPNameServer = 69.31.192.12 69.31.192.11

 

TCP: Interfaces\{E543E218-9D28-45CD-BE20-44E1D83C81D0} : DHCPNameServer = 192.168.42.129

 

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

 

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

 

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 

SSODL: WebCheck - <orphaned>

 

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

 

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

 

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

 

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

 

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

 

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

 

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

 

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

 

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

 

x64-SSODL: WebCheck - <orphaned>

 

x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn

 

x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]

 

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]

 

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]

 

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

 

R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-10-7 295696]

 

R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-20 589872]

 

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-9-10 265872]

 

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-9-10 384432]

 

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]

 

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]

 

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]

 

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

 

R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]

 

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

 

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

 

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

 

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]

 

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

 

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-27 418376]

 

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-27 701512]

 

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]

 

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]

 

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

 

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]

 

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]

 

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-7 46136]

 

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]

 

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000]

 

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]

 

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616]

 

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752]

 

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]

 

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584]

 

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256]

 

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992]

 

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560]

 

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

 

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-27 25928]

 

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]

 

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-7 258664]

 

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-7 565352]

 

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

 

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

 

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

 

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

 

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

 

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-7 56448]

 

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

 

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

 

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-1-19 51872]

 

S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]

 

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

 

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

 

S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-1-19 36128]

 

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

 

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

 

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

 

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-3-16 16152]

 

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

 

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

 

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-7 1255736]

 

.

 

=============== Created Last 30 ================

 

.

 

2013-10-29 12:33:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

 

2013-10-29 12:33:15 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

 

2013-10-29 12:33:15 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

 

2013-10-29 12:33:15 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

 

2013-10-29 12:33:15 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

 

2013-10-29 12:33:15 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

 

2013-10-29 12:33:15 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

 

2013-10-29 12:11:25 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13600C91-69BB-47AA-9DBD-B877895D6989}\mpengine.dll

 

2013-10-28 23:55:00 10280728 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

 

2013-10-28 14:18:11 -------- d-----w- C:\Users\deral\AppData\Local\{AEA5AAD6-0C97-4488-BC78-1ADE53328FB3}

 

2013-10-28 00:01:47 -------- d-----w- C:\Users\deral\AppData\Roaming\Malwarebytes

 

2013-10-28 00:01:36 -------- d-----w- C:\ProgramData\Malwarebytes

 

2013-10-28 00:01:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

 

2013-10-28 00:01:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

 

2013-10-25 21:50:52 -------- d-----w- C:\Users\deral\AppData\Local\Wajam

 

2013-10-25 21:49:39 -------- d-----w- C:\Users\deral\AppData\Local\VisualBeeExe

 

2013-10-25 21:49:13 -------- d-----w- C:\ProgramData\VisualBee

 

2013-10-25 14:42:19 -------- d-----w- C:\Users\deral\AppData\Local\{412644C1-F7A4-4694-9B8A-5A0176EAB7A2}

 

2013-10-24 13:40:05 -------- d-----w- C:\Users\deral\AppData\Local\{0933108B-5057-473B-BFB4-58DD21E0FCC2}

 

2013-10-23 13:56:00 -------- d-----w- C:\Users\deral\AppData\Local\{B56A3A61-3111-4AC0-B730-C761DF8E5430}

 

2013-10-23 01:43:49 -------- d-----w- C:\Users\deral\AppData\Local\{8377513F-736E-4DA7-99FC-3C16C0DFA36F}

 

2013-10-22 20:16:11 -------- d-----w- C:\Program Files (x86)\Mobogenie

 

2013-10-22 20:15:59 -------- d-----w- C:\ProgramData\Babylon

 

2013-10-22 13:43:25 -------- d-----w- C:\Users\deral\AppData\Local\{A5D3CD22-FC6D-4A6A-BD12-F0EB9875C648}

 

2013-10-22 00:15:57 -------- d-----w- C:\Program Files (x86)\Common Files\337

 

2013-10-22 00:15:32 -------- d-----w- C:\Users\deral\AppData\Roaming\337

 

2013-10-21 20:58:59 -------- d-----w- C:\ProgramData\Conduit

 

2013-10-21 20:58:49 -------- d-----w- C:\5be1404deaad89cc86bd8ffb

 

2013-10-21 20:54:38 -------- d-----w- C:\dd23de662f5489ee5b1441a55dcd

 

2013-10-21 20:39:03 -------- d-----w- C:\Users\deral\.android

 

2013-10-21 20:12:17 -------- d-----w- C:\Program Files (x86)\Amazon

 

2013-10-21 20:06:21 -------- d-----w- C:\Users\deral\AppData\Local\cache

 

2013-10-21 20:06:17 -------- d-----w- C:\Users\deral\AppData\Local\Mobogenie

 

2013-10-21 20:03:38 -------- d-----w- C:\Users\deral\AppData\Local\FileTypeAssistant

 

2013-10-21 20:03:28 -------- d-----w- C:\Program Files (x86)\File Type Assistant

 

2013-10-21 20:01:35 -------- d-----w- C:\Users\deral\AppData\Local\Programs

 

2013-10-21 13:59:57 -------- d-----w- C:\Users\deral\AppData\Local\{0C03BE83-3DCD-4FF6-9BB6-CF09CB763F8C}

 

2013-10-20 13:13:01 -------- d-----r- C:\Users\deral\Dropbox

 

2013-10-20 12:52:03 -------- d-----w- C:\Users\deral\AppData\Roaming\Dropbox

 

2013-10-20 12:32:45 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59871990-2164-4F6E-B17A-317CCF02A930}\gapaengine.dll

 

2013-10-20 12:20:27 -------- d-----w- C:\Users\deral\AppData\Local\{4216B4A8-E50A-473A-A812-5A3ACEC6D689}

 

2013-10-20 12:20:27 -------- d-----w- C:\SearchProtect

 

2013-10-15 20:20:46 -------- d-----w- C:\Users\deral\AppData\Roaming\Individual Software

 

2013-10-15 20:18:05 -------- d-sha-r- C:\ProgramData\Key-Base

 

2013-10-15 20:12:47 -------- d-----w- C:\ProgramData\Individual Software

 

2013-10-15 20:11:53 -------- d-----w- C:\Program Files (x86)\ResumeMaker Professional

 

2013-10-15 12:46:12 -------- d-----w- C:\Users\deral\AppData\Local\{384984CE-0467-4B4C-9F9E-ECF5AFA64E9B}

 

2013-10-14 22:57:43 -------- d-----w- C:\Users\deral\AppData\Local\{9A790A03-20D7-42A7-A511-3E251F8C6DD6}

 

2013-10-12 13:03:26 -------- d-----w- C:\Users\deral\AppData\Local\{C0C8C3F0-8858-4DA5-8D71-AC5D1084A542}

 

2013-10-11 16:27:53 -------- d-----w- C:\Users\deral\AppData\Local\{F11D464B-879E-435E-9008-F51DF82B946C}

 

2013-10-10 16:23:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

 

2013-10-10 16:22:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys

 

2013-10-10 16:15:38 -------- d-----w- C:\Users\deral\AppData\Local\{63306A64-13CF-41B4-8BF2-B11C7D207C00}

 

2013-10-09 14:37:32 -------- d-----w- C:\Users\deral\AppData\Local\{808EDB7E-621E-496D-88D9-D11FF27D6E0D}

 

2013-10-08 22:32:33 -------- d-----w- C:\ProgramData\Farm Frenzy

 

2013-10-08 22:25:23 -------- d-----w- C:\ProgramData\Playrix Entertainment

 

2013-10-08 13:00:35 -------- d-----w- C:\Users\deral\AppData\Local\{9B6B30E7-5BAE-4F59-93BF-58D4EA206051}

 

2013-10-07 13:15:05 -------- d-----w- C:\Users\deral\AppData\Local\{D31F50D2-FAD3-4847-88CF-5CEA9DC62B1F}

 

2013-10-06 14:55:43 -------- d-----w- C:\Users\deral\AppData\Local\{9F231D01-076D-4689-8587-E2B784060A13}

 

2013-10-05 15:30:06 -------- d-----w- C:\Users\deral\AppData\Local\{85492CF5-CDF7-490F-9576-B998D381AFAB}

 

2013-10-05 15:29:32 -------- d-----w- C:\Users\deral\AppData\Local\{E3DBD265-A8AD-4E07-AC2E-E5ACEBE1AF62}

 

2013-10-05 02:42:30 -------- d-----w- C:\Users\deral\AppData\Local\{8885EE57-66AE-4A56-9D42-40CE85D2486B}

 

2013-10-05 02:29:52 -------- d-----w- C:\Users\deral\AppData\Local\{64237105-6BB9-4DE5-9121-33D9F4D6E868}

 

2013-10-04 12:17:38 -------- d-----w- C:\Users\deral\AppData\Local\{ECA3B82C-0A09-4192-9DD4-DC2202C3FE7B}

 

2013-10-03 14:16:50 -------- d-----w- C:\Users\deral\AppData\Roaming\Hoyle Blackjack

 

2013-10-03 14:14:25 -------- d-----w- C:\Users\deral\AppData\Roaming\Hoyle FaceCreator

 

2013-10-03 14:14:24 -------- d-----w- C:\Users\deral\AppData\Roaming\Hoyle Card Games

 

2013-10-03 13:05:42 -------- d-----w- C:\Users\deral\AppData\Local\{D3E7DF84-05AE-436E-B53B-912ED301555F}

 

2013-10-02 13:16:46 -------- d-----w- C:\Users\deral\AppData\Local\{9FF171C7-5C25-4730-8B29-3EA16EDDD0BF}

 

2013-10-01 22:03:23 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll

 

2013-10-01 21:59:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

 

2013-10-01 21:59:18 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

 

2013-10-01 21:59:18 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

 

2013-10-01 21:59:17 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

 

2013-10-01 21:58:15 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

 

2013-10-01 15:11:06 -------- d-----w- C:\Users\deral\AppData\Local\{C1E2132C-625D-4B57-A29E-BC81E87FEA4C}

 

2013-09-30 15:40:06 -------- d-----w- C:\Users\deral\SyncFolder

 

2013-09-30 14:17:46 -------- d-----w- C:\Program Files (x86)\MyPC Backup

 

2013-09-30 14:17:31 -------- d-----w- C:\Program Files (x86)\DriverUpdate

 

2013-09-30 13:22:53 -------- d-----w- C:\Users\deral\AppData\Local\Apps

 

2013-09-30 13:22:52 -------- d-----w- C:\Users\deral\AppData\Local\Deployment

 

2013-09-30 12:59:48 -------- d-----w- C:\Users\deral\AppData\Local\{92C01B98-8DAB-4AF5-86D3-AC979DA33F6B}

 

.

 

==================== Find3M  ====================

 

.

 

2013-10-28 14:13:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 

2013-10-28 14:13:44 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

 

2013-10-22 00:21:57 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

 

2013-10-22 00:15:14 421032 ----a-w- C:\Windows\SysWow64\msvcp100.dll

 

2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll

 

2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll

 

2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

 

2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

 

2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll

 

2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

 

2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

 

2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

 

2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

 

2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

 

2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

 

2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

 

2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

 

2013-09-11 05:18:28 295696 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

 

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

 

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

 

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

 

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

 

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

 

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

 

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

 

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

 

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

 

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

 

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

 

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

 

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

 

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

 

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

 

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

 

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

 

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

 

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

 

2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys

 

2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll

 

2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

 

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

 

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

 

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

 

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

 

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

 

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

 

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

 

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

 

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

 

2013-08-01 09:19:34 265152 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

 

2013-08-01 09:19:33 984512 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

 

..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2012 5:55:01 AM
System Uptime: 10/29/2013 6:35:20 AM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1849
Processor: AMD A6-4400M APU with Radeon HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 678 GiB total, 613.875 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.193 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.081 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP238: 10/21/2013 2:57:42 PM - Uniblue DriverScanner installation
RP239: 10/21/2013 6:37:28 PM - Removed DriverUpdate
RP240: 10/22/2013 2:25:10 PM - Removed Skype™ 6.9
RP241: 10/22/2013 2:31:03 PM - Removed Skype™ 6.9
RP242: 10/22/2013 2:32:15 PM - Removed Skype Click to Call
RP243: 10/22/2013 2:32:45 PM - Removed Skype™ 6.9
RP244: 10/23/2013 12:07:59 PM - Windows Update
RP245: 10/25/2013 4:03:40 PM - Device Driver Package Install: COMODO Network Service
RP246: 10/27/2013 5:49:41 PM - Windows Update
RP247: 10/27/2013 6:13:33 PM - Removed Google Talk Plugin
RP248: 10/27/2013 7:00:18 PM - Windows Backup
RP249: 10/29/2013 6:33:20 AM - Windows Update
.
==== Installed Programs ======================
.
100% Hidden Objects
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Atheros Bluetooth Suite (64)
Atheros Driver Installation Program
Barnyard Invasion
Bejeweled 3
Blackhawk Striker 2
Blio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Classic Fishdom 2 in 1 Pack
Cradle of Rome 2
Cut the Rope
CyberLink YouCam
D3DX10
Dora's World Adventure
Elevated Installer
ESU for Microsoft Windows 7 SP1
Evernote v. 4.5.2
Farm Frenzy
Farmscapes
FATE
File Type Assistant
Final Drive Fury
Garmin Express
Garmin Express Tray
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP 3D DriveGuard
HP Application Assistant
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
HP Power Manager
HP Quick Launch
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Into the Haze
Island of Death: Demons and Despair
Java 7 Update 21
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Living Legends: Ice Rose Collector's Edition
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Midnight Pool 3D
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
opensource
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PS_AIO_07_D110_SW_Min
Rapport
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Redemption Cemetery: Childrens Plight
ResumeMaker Professional
RollerCoaster Tycoon 3: Platinum
Royal Envoy 2 Collector's Edition
Rush for Gold Alaska
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Slingshot Puzzle
Summer Mahjong
swMSM
Synaptics Pointing Device Driver
The Treasures of Mystery Island: The Ghost Ship
Toolbox
Torchlight
Trusteer Endpoint Protection
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update Installer for WildTangent Games App
Vacation Adventures: Park Ranger
Virtual Villagers 4 - The Tree of Life
Way To Go!
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/29/2013 6:38:42 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/28/2013 6:49:21 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user deralj\deral SID (S-1-5-21-461216529-553505904-338273997-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/27/2013 9:49:43 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/27/2013 5:50:18 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.161.752.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10003.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/27/2013 5:05:17 PM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  %%-2147467243
10/26/2013 9:21:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/26/2013 9:21:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
10/26/2013 9:21:07 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/26/2013 7:58:49 PM, Error: Service Control Manager [7023]  - The WajamUpdaterV3 service terminated with the following error:  The system cannot find the file specified.
.
==== End Of File ===========================

Link to post
Share on other sites
bevj3

bevj3

Posted
  • Author
Posted

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy

 

mail : tigzyRK<at>gmail<dot>com

 

Feedback : http://www.adlice.com/forum/

 

Website : http://www.adlice.com/softwares/roguekiller/

 

Blog : http://tigzyrk.blogspot.com/

 

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

 

Started in : Normal mode

 

User : deral [Admin rights]

 

Mode : Scan -- Date : 10/29/2013 08:19:59

 

| ARK || FAK || MBR |

 

 

¤¤¤ Bad processes : 0 ¤¤¤

 

 

¤¤¤ Registry Entries : 2 ¤¤¤

 

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

 

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

 

[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\deral\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND

 

[V2][sUSP PATH] VisualBeeRecovery : C:\Users\deral\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe - /s [x] -> FOUND

 

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

 

¤¤¤ Web browsers : 0 ¤¤¤

 

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

 

¤¤¤ External Hives: ¤¤¤

 

 

¤¤¤ Infection :  ¤¤¤

 

 

¤¤¤ HOSTS File: ¤¤¤

 

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK7575GSX SATA Disk Device +++++

 

--- User ---

 

[MBR] b31600c78afa68a62d217238c1a719ab

 

[bSP] 43c03eaae9f7a55958589ca32715752b : Windows 7/8 MBR Code

 

Partition table:

 

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

 

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 694342 Mo

 

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1422422016 | Size: 20759 Mo

 

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

 

User = LL1 ... OK!

 

User = LL2 ... OK!

 

 

Finished : << RKreport[0]_S_10292013_081959.txt >>

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please open up notepad > Format > uncheck "word wrap"

-------------------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\deral\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
bevj3

bevj3

Posted
  • Author
Posted

When i downloaded a bunch of other things came up to?

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 09:07:13

 

# Updated 20/10/2013 by Xplode

 

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

# Username : deral - DERALJ

 

# Running from : C:\Users\deral\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\711JRROH\AdwCleaner.exe

 

# Option : Scan

 

 

***** [ Services ] *****

 

 

Service Found : CltMngSvc

 

 

***** [ Files / Folders ] *****

 

 

File Found : C:\END

 

File Found : C:\Users\Public\Desktop\eBay.lnk

 

File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

 

File Found : C:\Windows\System32\Tasks\LaunchApp

 

File Found : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

 

Folder Found C:\Program Files (x86)\Common Files\337

 

Folder Found C:\Program Files (x86)\Conduit

 

Folder Found C:\Program Files (x86)\KeyBar_1.8

 

Folder Found C:\Program Files (x86)\MyPC Backup

 

Folder Found C:\Program Files (x86)\MyPC Backup

 

Folder Found C:\Program Files (x86)\otshot

 

Folder Found C:\Program Files (x86)\Searchprotect

 

Folder Found C:\ProgramData\apn

 

Folder Found C:\ProgramData\Babylon

 

Folder Found C:\ProgramData\Conduit

 

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot

 

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot

 

Folder Found C:\ProgramData\VisualBee

 

Folder Found C:\Searchprotect

 

Folder Found C:\Users\deral\AppData\Local\Conduit

 

Folder Found C:\Users\deral\AppData\Local\Temp\apn

 

Folder Found C:\Users\deral\AppData\Local\Temp\WinZipper

 

Folder Found C:\Users\deral\AppData\Local\visualbeeexe

 

Folder Found C:\Users\deral\AppData\Local\Wajam

 

Folder Found C:\Users\deral\AppData\LocalLow\Conduit

 

Folder Found C:\Users\deral\AppData\LocalLow\KeyBar_1.8

 

Folder Found C:\Users\deral\AppData\LocalLow\PriceGong

 

Folder Found C:\Users\deral\AppData\Roaming\337

 

Folder Found C:\Users\deral\AppData\Roaming\Searchprotect

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

Key Found : HKCU\Software\Alexa Internet

 

Key Found : HKCU\Software\APN PIP

 

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

 

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

 

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

 

Key Found : HKCU\Software\AppDataLow\Software\KeyBar_1.8

 

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

 

Key Found : HKCU\Software\AppDataLow\Software\smartbar

 

Key Found : HKCU\Software\AppDataLow\Toolbar

 

Key Found : HKCU\Software\Conduit

 

Key Found : HKCU\Software\distromatic

 

Key Found : HKCU\Software\InstalledThirdPartyPrograms

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

 

Key Found : HKCU\Software\SearchProtect

 

Key Found : HKCU\Software\smartbar

 

Key Found : HKCU\Software\visualbee

 

Key Found : [x64] HKCU\Software\Alexa Internet

 

Key Found : [x64] HKCU\Software\APN PIP

 

Key Found : [x64] HKCU\Software\Conduit

 

Key Found : [x64] HKCU\Software\distromatic

 

Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms

 

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

 

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}

 

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

 

Key Found : [x64] HKCU\Software\SearchProtect

 

Key Found : [x64] HKCU\Software\smartbar

 

Key Found : [x64] HKCU\Software\visualbee

 

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B78662B-577F-4D86-82C1-3752D2A160E4}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

Key Found : HKLM\SOFTWARE\Classes\driverscanner

 

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

 

Key Found : HKLM\SOFTWARE\Classes\speedupmypc

 

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282134

 

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042

 

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287811

 

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3294791

 

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309350

 

Key Found : HKLM\Software\Conduit

 

Key Found : HKLM\Software\Desksvc

 

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

 

Key Found : HKLM\Software\KeyBar_1.8

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2748B070-6E4D-46CB-B242-9B8DCAAECB62}

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E68232EF-5BB0-4C72-8A36-547BC31F1F83}

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

 

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B78662B-577F-4D86-82C1-3752D2A160E4}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

 

Key Found : HKLM\Software\omigaplusSvc

 

Key Found : HKLM\Software\SearchProtect

 

Key Found : HKLM\Software\V9

 

Key Found : HKLM\Software\visualbee

 

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

 

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

 

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

 

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

 

Key Found : [x64] HKLM\SOFTWARE\DomaIQ

 

Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

 

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

 

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

 

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]

 

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]

 

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]

 

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

 

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]

 

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

 

Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v9.0.8112.16514

 

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [9414 octets] - [29/10/2013 09:07:13]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9474 octets] ##########

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.