KCCMedia Posted November 26, 2013 ID:758222 Share Posted November 26, 2013 Hello, having an issue with computer popping up with unwanted advertisements. Have run MalwareBytes and Adwcleaner, which each removed certain PUPs and Trojan.Agents, but problem is still occuring. Here are the log files. Do you also want the MalwareBytes and Adwcleaner logs? Thanks for the assistance. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.25.2Run by Nadine at 11:17:22 on 2013-11-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.2277 [GMT -7:00].AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\atiesrxx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\atieclxx.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\windows\system32\HPSIsvc.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\LogMeIn\x64\RaMaint.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exeC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exeC:\Program Files (x86)\Lenovo\Energy Management\utility.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXEC:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exeC:\Program Files (x86)\USB Camera2\VM332_STI.EXEC:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exeC:\Program Files (x86)\Lenovo\VeriFace\PManage.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\windows\system32\wuauclt.exeC:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\AVG\AVG2014\avgcfgex.exeC:\windows\system32\taskeng.exeC:\windows\system32\taskeng.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [AVG-Secure-Search-Update_0913b] C:\Users\Nadine\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid eaa2af7c72e047d183820d47e7bab38d-30890550372082b61cbd0af822b85473d2e3c007 --CMPID 0913bmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXEmRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /smRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exemRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exemRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYStartupFolder: C:\Users\Nadine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SONICW~1.LNK - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1 75.153.176.1 75.153.176.9TCP: Interfaces\{917CD869-CF62-43C3-8884-4FBFB07F71A8} : DHCPNameServer = 192.168.1.1 75.153.176.1 75.153.176.9TCP: Interfaces\{917CD869-CF62-43C3-8884-4FBFB07F71A8}\B456970234F6E6E656364796F6E637 : DHCPNameServer = 8.8.8.8 2.2.2.2TCP: Interfaces\{917CD869-CF62-43C3-8884-4FBFB07F71A8}\E616E63697 : DHCPNameServer = 192.168.1.254 192.168.1.254Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exex64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exex64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exex64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - plugin: C:\windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-10-17 73856]R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-10-17 28800]R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-9-2 192824]R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-9-2 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-17 57952]R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-17 39008]R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-9-25 148792]R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-9-2 212280]R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-17 13408]R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-10-17 204288]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-9 365568]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2012-4-19 126520]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-5-17 376144]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2013-6-3 72216]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-26 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-26 701512]R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2012-4-3 287016]R2 SWIPsec;SonicWALL IPsec Driver;C:\windows\System32\drivers\SWIPsec.sys [2013-6-3 100128]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-10-17 46136]R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-10-17 76912]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-26 25928]R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-10-17 44672]R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\System32\drivers\vm2uvcflt.sys [2011-10-17 15056]R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2011-10-17 234960]S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-8 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]S3 SWVNIC;SonicWALL Virtual Miniport;C:\windows\System32\drivers\SWVNIC.sys [2012-2-7 24600]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-8 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-8 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-15 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]S4 QuickBooksDB24;QuickBooksDB24;C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB24 --> C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB24 [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-26 16:50:46 -------- d-----w- C:\AdwCleaner2013-11-26 16:37:14 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-11-26 16:37:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-24 23:02:27 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance2013-11-24 23:01:49 -------- d-----w- C:\ProgramData\Nuance2013-11-21 23:01:55 -------- d-----w- C:\ProgramData\Updater2013-11-21 23:01:55 -------- d-----w- C:\ProgramData\RHelpers2013-11-21 23:01:46 -------- d-----w- C:\ProgramData\TubeDimmer2013-11-21 23:01:18 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-11-21 22:57:20 -------- d-----w- C:\Program Files (x86)\albrechto2013-11-21 22:56:24 -------- d-----w- C:\Users\Nadine\AppData\Local\TNT22013-11-20 19:21:07 26112 ----a-w- C:\windows\System32\rc4mon64.DLL2013-11-20 18:05:38 27648 ----a-w- C:\windows\System32\RIC56Mlm.DLL2013-11-14 15:15:23 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-11-14 15:14:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-14 15:14:56 2241536 ----a-w- C:\windows\System32\wininet.dll2013-11-13 14:45:45 1474048 ----a-w- C:\windows\System32\crypt32.dll2013-11-13 14:45:43 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll2013-11-13 14:45:23 497152 ----a-w- C:\windows\System32\drivers\afd.sys2013-11-13 14:45:10 1930752 ----a-w- C:\windows\System32\authui.dll2013-11-13 14:45:09 197120 ----a-w- C:\windows\System32\credui.dll2013-11-13 14:45:09 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll2013-11-13 14:45:09 1796096 ----a-w- C:\windows\SysWow64\authui.dll2013-11-13 14:45:09 168960 ----a-w- C:\windows\SysWow64\credui.dll2013-11-13 14:45:09 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll.==================== Find3M ====================.2013-10-26 15:39:21 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll2013-10-26 15:39:20 92488 ----a-w- C:\windows\System32\LMIinit.dll2013-10-26 15:39:20 35656 ----a-w- C:\windows\System32\LMIport.dll2013-10-19 15:39:17 92488 ----a-w- C:\windows\System32\LMIinit.dll.001.bak2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL2013-10-10 20:35:10 9584 ----a-w- C:\windows\SysWow64\ractrlkeyhook.dll2013-10-09 13:42:55 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-10-09 13:42:54 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 13:42:33 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll2013-09-26 03:07:30 148792 ----a-w- C:\windows\System32\drivers\avgdiska.sys2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe2013-09-09 04:11:42 31544 ----a-w- C:\windows\System32\drivers\avgrkx64.sys2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2013-09-02 16:59:14 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys2013-09-02 16:29:18 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys2013-09-02 16:26:50 192824 ----a-w- C:\windows\System32\drivers\avgidsha.sys2013-09-02 16:26:42 241464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe.============= FINISH: 11:18:36.30 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 11/01/2012 10:25:04 PMSystem Uptime: 26/11/2013 10:28:30 AM (1 hours ago).Motherboard: LENOVO | | InaguaProcessor: AMD C-50 Processor | Socket FT1 | 1000/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 254 GiB total, 196.537 GiB free.D: is FIXED (NTFS) - 29 GiB total, 26.894 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: SonicWALL Virtual NICDevice ID: ROOT\SWVNIC\0000Manufacturer: SonicWALLName: SonicWALL Virtual NICPNP Device ID: ROOT\SWVNIC\0000Service: SWVNIC.==== System Restore Points ===================.RP143: 27/10/2013 12:00:03 AM - Scheduled CheckpointRP144: 04/11/2013 12:54:20 PM - Scheduled CheckpointRP145: 12/11/2013 12:43:43 PM - Scheduled CheckpointRP146: 14/11/2013 7:53:45 AM - Windows UpdateRP147: 21/11/2013 12:38:05 PM - Scheduled CheckpointRP148: 25/11/2013 10:11:12 AM - Removed Microsoft Silverlight.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)AMD APP SDK RuntimeAMD FuelAMD Media Foundation DecodersAMD VISION Engine Control CenterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI AVIVO64 CodecsATI Catalyst Install ManagerAVG 2014BoardmakerCarboniteCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Profiles Mobileccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerConexant HD AudioD3DX10Energy ManagementGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHP LaserJet Professional P1100-P1560-P1600 SeriesJava 7 Update 25Java Auto UpdaterJava 6 Update 35Junk Mail filter updateLenovo EasyCameraLenovo EE Boot OptimizerLenovo Games ConsoleLenovo OneKey RecoveryLenovo YouCamLenovo_Wireless_DriverLogMeInMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2003 Primary Interop AssembliesMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft Visual Studio 2010 Tools for Office Runtime (x64)Mozilla Firefox 25.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKooVooPower2GoPowerXpressHybridQuickBooksQuickBooks Pro 2014QuickBooks Runtime RedistributableSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827329) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionSonicWALL Global VPN ClientSynaptics Pointing Device DriverUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)UpdaterUserGuideVeriFaceVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.26/11/2013 10:29:37 AM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805290.26/11/2013 10:17:42 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.110. The computer with the IP address 192.168.1.121 did not allow the name to be claimed by this computer.25/11/2013 11:47:52 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address B0-C4-E7-A9-1C-EE. Network operations on this system may be disrupted as a result.24/11/2013 2:49:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.22/11/2013 8:20:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.22/11/2013 11:21:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.22/11/2013 11:20:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update albrechto service to connect.22/11/2013 11:20:39 AM, Error: Service Control Manager [7000] - The Update albrechto service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.21/11/2013 7:47:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.19/11/2013 7:51:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758227 Share Posted November 26, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
KCCMedia Posted November 26, 2013 Author ID:758232 Share Posted November 26, 2013 Here's the RK report: RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Nadine [Admin rights]Mode : Scan -- Date : 11/26/2013 11:51:27| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Nadine\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid eaa2af7c72e047d183820d47e7bab38d-30890550372082b61cbd0af822b85473d2e3c007 --CMPID 0913b [x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1550438800-4002154537-2088542275-1001\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Nadine\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid eaa2af7c72e047d183820d47e7bab38d-30890550372082b61cbd0af822b85473d2e3c007 --CMPID 0913b [x][x][x]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 3 ¤¤¤[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD32 00BPVT-24JJ5T0 SATA Disk Device +++++--- User ---[MBR] 95e8cc85248eb4633e02fdf789fe4d2b[bSP] d31925c9af4904c81dd04d7fda638c4d : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260243 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_11262013_115127.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758238 Share Posted November 26, 2013 Not much showing, what browsers are affected?? MrC Link to post Share on other sites More sharing options...
KCCMedia Posted November 26, 2013 Author ID:758247 Share Posted November 26, 2013 Mozilla Firefox. Pop-up came up within 5 minutes of sweeping with Adwcleaner and MalwareBytes. Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758276 Share Posted November 26, 2013 OK, can you give me an idea of what kind of pop-up it was....any info would be helpful. Please do this: Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?) Please make sure you click download buttons that look like this, not "sponsored ad links": Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.MrC Link to post Share on other sites More sharing options...
KCCMedia Posted November 26, 2013 Author ID:758292 Share Posted November 26, 2013 It came up as a full window pop-up, advertising Candy Crush. It popped up from a site I know does not have any pop-up advertising (own the site). Sorry for the delay. Was having trouble uploading for some reason. Addition.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01Ran by Nadine (administrator) on NADINE-PC on 26-11-2013 14:19:18Running from C:\Users\Nadine\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal==================== Processes (Whitelisted) =================(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(HP) C:\Windows\System32\HPSIsvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe(Intuit Canada ULC.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Canada ULC.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-02] (Synaptics Incorporated)HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-10-17] (Lenovo)HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-10-17] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2011-10-17] (Lenovo(beijing) Limited)HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-17] (Google Inc.)HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Nadine\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid eaa2af7c72e047d183820d47e7bab38d-30890550372082b61cbd0af822b85473d2e3c007 --CMPID 0913bMountPoints2: {83e1edb0-8961-11e1-a974-dc0ea15e5a7e} - E:\SISetup.exeHKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-09] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-10-17] (Lenovo)HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnkShortcutTarget: SonicWALL Global VPN Client.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe (SonicWALL, Inc.)==================== Internet (Whitelisted) ====================HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {33D2504E-8F31-4A95-81D9-269A86097972} URL = http://search.us.com/serp?guid={1754337F-8B39-4AE2-88A0-AF7BF41629BF}&action=default_search&serpv=5&k={searchTerms}SearchScopes: HKCU - {452A87AD-03E0-460C-9919-2460CCE6549C} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=BCDE2296-D709-450D-8D40-E39FB411DE9C&apn_sauid=17F1A909-55EA-48BC-83A1-024DCE6FAA75SearchScopes: HKCU - {45C2AEC7-2E24-4382-AC8D-80398C5BAA28} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10469SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.caft.paymentsanytime.com/viewer/activeXViewer/activexviewer.cabDPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.153.176.1 75.153.176.9FireFox:========FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.defaultFF NewTab: user_pref("browser.newtab.url", "");FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Tube Dimmer - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.default\Extensions\support@tubedimmerapp.com==================== Services (Whitelisted) =================R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-09] (Advanced Micro Devices, Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-10-26] (LogMeIn, Inc.)R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-10-26] (LogMeIn, Inc.)R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.)==================== Drivers (Whitelisted) ====================R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)S4 LMIRfsClientNP; No ImagePathR3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)U3 BcmSqlStartupSvc;U2 CLKMSVC10_3A60B698;U2 CLKMSVC10_C3B3B687;U2 DriverService;U2 IAStorDataMgrSvc;U2 iATAgentService;U2 idealife Update Service;U3 IGRS;U2 IviRegMgr;U2 nvUpdatusService;U2 Oasis2Service;U2 PCCarerService;U2 ReadyComm.DirectRouter;U2 RichVideo;U2 RtLedService;U2 SeaPort;U2 SoftwareService;U3 SQLWriter;U2 Stereo Service;==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-26 14:19 - 2013-11-26 14:19 - 00016052 _____ C:\Users\Nadine\Downloads\FRST.txt2013-11-26 14:19 - 2013-11-26 14:19 - 00000000 ____D C:\FRST2013-11-26 14:18 - 2013-11-26 14:18 - 01958474 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe2013-11-26 11:51 - 2013-11-26 11:51 - 00002709 _____ C:\Users\Nadine\Desktop\RKreport[0]_S_11262013_115127.txt2013-11-26 11:44 - 2013-11-26 11:54 - 00000000 ____D C:\Users\Nadine\Desktop\RK_Quarantine2013-11-26 11:43 - 2013-11-26 11:43 - 04172288 _____ C:\Users\Nadine\Downloads\RogueKillerX64.exe2013-11-26 11:19 - 2013-11-26 11:19 - 00013901 _____ C:\Users\Nadine\Desktop\attach.txt2013-11-26 11:19 - 2013-11-26 11:18 - 00023273 _____ C:\Users\Nadine\Desktop\dds.txt2013-11-26 11:14 - 2013-11-26 11:14 - 00688992 ____R (Swearware) C:\Users\Nadine\Downloads\dds.com2013-11-26 10:33 - 2013-11-26 10:33 - 00007286 _____ C:\Users\Nadine\AdwCleaner[s0].txt2013-11-26 09:50 - 2013-11-26 10:27 - 00000000 ____D C:\AdwCleaner2013-11-26 09:50 - 2013-11-26 09:50 - 01091882 _____ C:\Users\Nadine\Downloads\AdwCleaner.exe2013-11-26 09:37 - 2013-11-26 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-26 09:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2013-11-25 11:00 - 2013-11-26 09:28 - 05979505 _____ C:\Users\Nadine\Desktop\Individual Contract.xlsx2013-11-24 16:11 - 2013-11-24 16:11 - 00002111 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\Users\Public\Documents\Intuit2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\ProgramData\Nuance2013-11-22 12:20 - 2013-11-22 12:20 - 00054128 _____ C:\Users\Nadine\Desktop\Copy of Copy of Danielle 2013 timesheet - revised.xlsx2013-11-22 12:08 - 2013-11-22 12:11 - 00085244 _____ C:\Users\Nadine\Desktop\Copy of RACHEL TOPPIN.xlsx2013-11-22 07:52 - 2013-11-22 07:52 - 00003170 _____ C:\windows\System32\Tasks\{95167652-6CF2-4BB6-B032-CEABC0C14EF3}2013-11-22 07:51 - 2013-11-22 07:51 - 00003170 _____ C:\windows\System32\Tasks\{5718913F-402A-4F7F-837B-2E36C3925F62}2013-11-21 16:12 - 2013-11-21 16:12 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\dvdcss2013-11-21 16:01 - 2013-11-26 10:16 - 00000000 ____D C:\ProgramData\Updater2013-11-21 16:01 - 2013-11-26 10:16 - 00000000 ____D C:\ProgramData\RHelpers2013-11-21 16:01 - 2013-11-24 15:01 - 00000000 ____D C:\ProgramData\TubeDimmer2013-11-21 16:01 - 2013-11-22 15:56 - 00000000 ____D C:\Program Files (x86)\VideoLAN2013-11-21 15:57 - 2013-11-26 10:16 - 00000000 ____D C:\Program Files (x86)\albrechto2013-11-21 15:57 - 2013-11-21 15:57 - 79448256 _____ C:\Users\Nadine\Downloads\vlcmediaplayer-setup.exe2013-11-21 15:56 - 2013-11-21 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\TNT22013-11-20 13:26 - 2013-11-21 08:57 - 00000384 _____ C:\windows\system32\ricdb.ini2013-11-20 12:21 - 2007-06-05 17:32 - 00026112 _____ (RICOH CO.,Ltd.) C:\windows\system32\rc4mon64.DLL2013-11-20 11:05 - 2012-02-02 03:23 - 00027648 _____ (RICOH CO.,Ltd.) C:\windows\system32\RIC56Mlm.DLL2013-11-15 14:49 - 2013-11-15 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-14 08:15 - 2013-10-12 01:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-11-14 08:15 - 2013-10-12 01:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-11-14 08:15 - 2013-10-12 01:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-11-14 08:15 - 2013-10-12 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-11-14 08:15 - 2013-10-12 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-11-14 08:15 - 2013-10-12 00:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-11-14 08:15 - 2013-10-12 00:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-11-14 08:15 - 2013-10-12 00:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-11-14 08:15 - 2013-10-12 00:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-11-14 08:15 - 2013-10-11 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-11-14 08:15 - 2013-10-11 23:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-11-14 08:15 - 2013-10-11 22:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe2013-11-14 08:15 - 2013-10-11 22:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe2013-11-14 08:14 - 2013-10-12 01:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-11-14 08:14 - 2013-10-12 01:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-11-14 08:14 - 2013-10-12 01:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-11-14 08:14 - 2013-10-12 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-11-14 08:14 - 2013-10-12 00:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-11-14 08:14 - 2013-10-12 00:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-11-14 08:14 - 2013-10-12 00:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-11-14 08:14 - 2013-10-12 00:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-11-13 07:45 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll2013-11-13 07:45 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll2013-11-13 07:45 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll2013-11-13 07:45 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll2013-11-13 07:45 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2013-11-13 07:45 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll2013-11-13 07:45 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2013-11-13 07:45 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll2013-11-13 07:45 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2013-11-13 07:44 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll2013-11-13 07:44 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL2013-11-13 07:44 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL2013-11-13 07:44 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll2013-11-13 07:44 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL2013-11-13 07:44 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll2013-11-13 07:44 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll2013-11-13 07:44 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2013-11-13 07:44 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2013-11-13 07:44 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2013-11-13 07:44 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2013-11-13 07:44 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2013-11-13 07:44 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2013-11-13 07:44 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2013-11-13 07:44 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2013-11-13 07:44 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2013-11-13 07:44 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2013-11-13 07:44 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2013-11-13 07:44 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2013-11-13 07:44 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2013-11-13 07:44 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2013-11-12 15:45 - 2013-11-12 15:50 - 00011733 _____ C:\Users\Nadine\Desktop\Budget signing checklist.xlsx==================== One Month Modified Files and Folders =======2013-11-26 14:19 - 2013-11-26 14:19 - 00016052 _____ C:\Users\Nadine\Downloads\FRST.txt2013-11-26 14:19 - 2013-11-26 14:19 - 00000000 ____D C:\FRST2013-11-26 14:18 - 2013-11-26 14:18 - 01958474 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe2013-11-26 14:17 - 2011-10-17 17:37 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2013-11-26 13:42 - 2012-12-08 13:56 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2013-11-26 11:57 - 2011-10-17 16:52 - 01949692 _____ C:\windows\WindowsUpdate.log2013-11-26 11:54 - 2013-11-26 11:44 - 00000000 ____D C:\Users\Nadine\Desktop\RK_Quarantine2013-11-26 11:51 - 2013-11-26 11:51 - 00002709 _____ C:\Users\Nadine\Desktop\RKreport[0]_S_11262013_115127.txt2013-11-26 11:44 - 2012-01-11 22:23 - 02670622 _____ C:\FaceProv.log2013-11-26 11:43 - 2013-11-26 11:43 - 04172288 _____ C:\Users\Nadine\Downloads\RogueKillerX64.exe2013-11-26 11:19 - 2013-11-26 11:19 - 00013901 _____ C:\Users\Nadine\Desktop\attach.txt2013-11-26 11:18 - 2013-11-26 11:19 - 00023273 _____ C:\Users\Nadine\Desktop\dds.txt2013-11-26 11:14 - 2013-11-26 11:14 - 00688992 ____R (Swearware) C:\Users\Nadine\Downloads\dds.com2013-11-26 10:37 - 2012-01-11 22:25 - 00000000 ____D C:\Users\Nadine2013-11-26 10:37 - 2009-07-13 22:13 - 00782922 _____ C:\windows\system32\PerfStringBackup.INI2013-11-26 10:37 - 2009-07-13 21:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-26 10:37 - 2009-07-13 21:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-26 10:33 - 2013-11-26 10:33 - 00007286 _____ C:\Users\Nadine\AdwCleaner[s0].txt2013-11-26 10:33 - 2011-10-17 18:09 - 00218057 _____ C:\windows\system32\fastboot.set2013-11-26 10:33 - 2011-10-17 17:55 - 00000000 ____D C:\ProgramData\VeriFace2013-11-26 10:32 - 2011-10-17 17:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2013-11-26 10:29 - 2012-12-08 13:44 - 00007952 _____ C:\windows\setupact.log2013-11-26 10:29 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-11-26 10:27 - 2013-11-26 09:50 - 00000000 ____D C:\AdwCleaner2013-11-26 10:17 - 2009-07-13 21:45 - 00445376 _____ C:\windows\system32\FNTCACHE.DAT2013-11-26 10:16 - 2013-11-21 16:01 - 00000000 ____D C:\ProgramData\Updater2013-11-26 10:16 - 2013-11-21 16:01 - 00000000 ____D C:\ProgramData\RHelpers2013-11-26 10:16 - 2013-11-21 15:57 - 00000000 ____D C:\Program Files (x86)\albrechto2013-11-26 10:16 - 2012-12-08 13:44 - 00024454 _____ C:\windows\PFRO.log2013-11-26 09:50 - 2013-11-26 09:50 - 01091882 _____ C:\Users\Nadine\Downloads\AdwCleaner.exe2013-11-26 09:37 - 2013-11-26 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-26 09:30 - 2013-10-22 11:07 - 00044942 _____ C:\Users\Nadine\Desktop\Client Contract Hours Available OCT.xlsx2013-11-26 09:28 - 2013-11-25 11:00 - 05979505 _____ C:\Users\Nadine\Desktop\Individual Contract.xlsx2013-11-26 08:58 - 2012-01-11 22:47 - 00000000 ____D C:\ProgramData\MFAData2013-11-26 07:48 - 2013-06-03 18:15 - 00000000 ____D C:\ProgramData\LogMeIn2013-11-24 21:45 - 2012-02-03 09:19 - 00000090 _____ C:\windows\QBChanUtil_Trigger.ini2013-11-24 16:14 - 2012-01-11 22:26 - 00116472 _____ C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-24 16:13 - 2012-02-03 09:33 - 00000000 ____D C:\Users\Nadine\AppData\Local\Intuit2013-11-24 16:13 - 2012-02-03 09:08 - 00000000 ____D C:\windows\Intuit2013-11-24 16:11 - 2013-11-24 16:11 - 00002111 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\Users\Public\Documents\Intuit2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\ProgramData\Nuance2013-11-24 16:01 - 2012-02-03 09:20 - 00000000 ____D C:\ProgramData\Intuit2013-11-24 16:01 - 2012-02-03 09:20 - 00000000 ____D C:\Program Files (x86)\Intuit2013-11-24 15:01 - 2013-11-21 16:01 - 00000000 ____D C:\ProgramData\TubeDimmer2013-11-22 15:56 - 2013-11-21 16:01 - 00000000 ____D C:\Program Files (x86)\VideoLAN2013-11-22 12:20 - 2013-11-22 12:20 - 00054128 _____ C:\Users\Nadine\Desktop\Copy of Copy of Dan.xlsx2013-11-22 12:11 - 2013-11-22 12:08 - 00085244 _____ C:\Users\Nadine\Desktop\Copy of Ryan.xlsx2013-11-22 07:52 - 2013-11-22 07:52 - 00003170 _____ C:\windows\System32\Tasks\{95167652-6CF2-4BB6-B032-CEABC0C14EF3}2013-11-22 07:51 - 2013-11-22 07:51 - 00003170 _____ C:\windows\System32\Tasks\{5718913F-402A-4F7F-837B-2E36C3925F62}2013-11-21 16:12 - 2013-11-21 16:12 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\dvdcss2013-11-21 15:57 - 2013-11-21 15:57 - 79448256 _____ C:\Users\Nadine\Downloads\vlcmediaplayer-setup.exe2013-11-21 15:56 - 2013-11-21 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\TNT22013-11-21 15:54 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Resources2013-11-21 10:51 - 2013-09-19 07:08 - 00090715 _____ C:\Users\Nadine\Desktop\New timesheet 2013.xlsx2013-11-21 08:57 - 2013-11-20 13:26 - 00000384 _____ C:\windows\system32\ricdb.ini2013-11-19 08:57 - 2012-01-11 15:23 - 00000000 ____D C:\Users\Nadine\Desktop\#1 ADMIN2013-11-18 16:03 - 2013-10-10 13:15 - 00013838 _____ C:\Users\Nadine\Desktop\invoicing schools.xlsx2013-11-18 10:30 - 2012-12-08 13:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-11-18 08:10 - 2012-06-07 09:34 - 00000000 ____D C:\Users\Nadine\Desktop\icons2013-11-15 14:49 - 2013-11-15 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-15 12:36 - 2013-03-28 17:49 - 00004148 _____ C:\windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}2013-11-15 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache2013-11-14 08:14 - 2012-01-10 23:12 - 00000000 ____D C:\ProgramData\Microsoft Help2013-11-14 08:07 - 2013-07-30 02:14 - 00000000 ____D C:\windows\system32\MRT2013-11-14 07:58 - 2012-08-13 16:05 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2013-11-12 15:50 - 2013-11-12 15:45 - 00011733 _____ C:\Users\Nadine\Desktop\Budget signing checklist.xlsxSome content of TEMP:====================C:\Users\Nadine\AppData\Local\Temp\Abspdf.exeC:\Users\Nadine\AppData\Local\Temp\acfpdfu.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfui.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Nadine\AppData\Local\Temp\cdintf.dllC:\Users\Nadine\AppData\Local\Temp\contentDATs.exeC:\Users\Nadine\AppData\Local\Temp\GenericWndApi.dllC:\Users\Nadine\AppData\Local\Temp\gv022sus.dllC:\Users\Nadine\AppData\Local\Temp\InstallAX.exeC:\Users\Nadine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Nadine\AppData\Local\Temp\MFPL7014.DLLC:\Users\Nadine\AppData\Local\Temp\mPlayer.cw.dllC:\Users\Nadine\AppData\Local\Temp\MSIZAP.EXEC:\Users\Nadine\AppData\Local\Temp\mssinstaller.exeC:\Users\Nadine\AppData\Local\Temp\ntdll_dump.dllC:\Users\Nadine\AppData\Local\Temp\PDFPRT400.exeC:\Users\Nadine\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Nadine\AppData\Local\Temp\xmllite.dll==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-11-21 12:31==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758295 Share Posted November 26, 2013 Download the attached fixlist.txt to the same folder as FRST. Run FRST.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Then...... Lets clean out any adware/spyware now: (this will require a reboot so save all your work) (Get a fresh copy of AdwCleaner) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look like this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
KCCMedia Posted November 26, 2013 Author ID:758325 Share Posted November 26, 2013 Don't seem to be having any problems now. I'll let you know if there are further complications. The logs came back clear for Adwcleaner and MBAM. Here's all the logs: FARBAR FIXLOG Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01Ran by Nadine at 2013-11-26 15:11:12 Run:1Running from C:\Users\Nadine\DownloadsBoot Mode: Normal==============================================Content of fixlist:*****************HKLM-x32\...\Run: [] - [x]Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No FileFilter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No FileFF Extension: Tube Dimmer - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.default\Extensions\support@tubedimmerapp.comC:\Users\Nadine\AppData\Local\Temp\Abspdf.exeC:\Users\Nadine\AppData\Local\Temp\acfpdfu.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfui.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Nadine\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Nadine\AppData\Local\Temp\cdintf.dllC:\Users\Nadine\AppData\Local\Temp\contentDATs.exeC:\Users\Nadine\AppData\Local\Temp\GenericWndApi.dllC:\Users\Nadine\AppData\Local\Temp\gv022sus.dllC:\Users\Nadine\AppData\Local\Temp\InstallAX.exeC:\Users\Nadine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Nadine\AppData\Local\Temp\MFPL7014.DLLC:\Users\Nadine\AppData\Local\Temp\mPlayer.cw.dllC:\Users\Nadine\AppData\Local\Temp\MSIZAP.EXEC:\Users\Nadine\AppData\Local\Temp\mssinstaller.exeC:\Users\Nadine\AppData\Local\Temp\ntdll_dump.dllC:\Users\Nadine\AppData\Local\Temp\PDFPRT400.exeC:\Users\Nadine\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Nadine\AppData\Local\Temp\xmllite.dll*****************HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.HKCR\PROTOCOLS\Handler\intu-help-qb7 => Key deleted successfully.HKCR\CLSID\{5A03BD9D-766D-47A6-8E87-CD90F60BE245} => Key not found.HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.default\Extensions\support@tubedimmerapp.com => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\Abspdf.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfu.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfuamd64.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfui.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfuia64.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfuiamd64.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\acfpdfuiia64.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\cdintf.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\contentDATs.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\GenericWndApi.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\gv022sus.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\InstallAX.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\MFPL7014.DLL => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\mPlayer.cw.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\MSIZAP.EXE => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\mssinstaller.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\PDFPRT400.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.C:\Users\Nadine\AppData\Local\Temp\xmllite.dll => Moved successfully.==== End of Fixlog ==== ADWCLEANER LOG # AdwCleaner v3.013 - Report created 26/11/2013 at 15:16:28# Updated 24/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Nadine - NADINE-PC# Running from : C:\Users\Nadine\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16736-\\ Mozilla Firefox v25.0.1 (en-US)[ File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\jcfz6wrk.default\prefs.js ]Line Deleted : user_pref("extensions.dynconff.cache.forums.malwarebytes.org.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1164_1524_1146_1169_1348_1482_1493_1521_1675\"><content id=\"us810_commo[...]*************************AdwCleaner[R0].txt - [7347 octets] - [26/11/2013 10:24:46]AdwCleaner[R1].txt - [1120 octets] - [26/11/2013 15:14:52]AdwCleaner[s0].txt - [7286 octets] - [26/11/2013 10:27:17]AdwCleaner[s1].txt - [1044 octets] - [26/11/2013 15:16:28]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1104 octets] ########## MBAM LOG Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.26.06Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16736Nadine :: NADINE-PC [administrator]26/11/2013 3:40:57 PMmbam-log-2013-11-26 (15-40-57).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 237724Time elapsed: 14 minute(s), 2 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758330 Share Posted November 26, 2013 OK...Let me know.....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted November 29, 2013 ID:759161 Share Posted November 29, 2013 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
KCCMedia Posted November 29, 2013 Author ID:759200 Share Posted November 29, 2013 Sorry. I have not had any further problems, so I think it's ok to close. Thanks so much. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted December 1, 2013 Staff ID:759577 Share Posted December 1, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts