Jump to content

I have been having some problems.


Recommended Posts

It started after I got a virus that looked like a legit email from WhatsApp. I'm sure you all have heard about that one, since it's been going around.

 

I finally was able to clear that out with MB and I thought everything was going well. But then for a few weeks now my computer has been acting slow, freezing, and randomly restarting. And I have MB set to scan at each restart. Every time, it finds the same problem. PUP.Optional.VMNToolbar.A And the computer for some reason changed the default search in my browsers to yahoo. I got the browsers reset, so that's fine, but the other problems are still here.

I'll edit this with the text output from DDS once I figure out if spoiler text tags work here. I just don't like huge text output walls is all.

Link to post
Share on other sites

Okay then, that doesn't work. Fine then, here's the output.

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/19/2012 6:12:46 PM
System Uptime: 11/26/2013 11:31:42 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A79XTD EVO
Processor: AMD Phenom II X4 B55 Processor | AM3 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 756.47 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP123: 11/14/2013 12:20:25 AM - Windows Update
RP124: 11/20/2013 1:51:53 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP125: 11/20/2013 1:53:30 PM - Installed DirectX
.
==== Installed Programs ======================
.
 Sansa Media Converter
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Age of Empires II: HD Edition
Allmyapps
Amazon Kindle
Autodesk 123D 32 Bit
Avira Free Antivirus
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compaq EAB Software
Cool & Quiet
Creo Elements/Direct Modeling Express 4.0 ( x64 )
DAEMON Tools Pro
Debut Video Capture Software
Dropbox
Dual-Core Optimizer
Evernote v. 4.6.6
Express Burn
Fallout 3 - Game of the Year Edition
Foxit Reader
Free Alarm Clock 2.7.1
GeForce Experience NvStream Client Components
GIMP 2.8.4
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hacker Evolution - Untold
HP ENVY 4500 series Basic Device Software
HP ENVY 4500 series Help
HP Photo Creations
HP Update
HTC Driver Installer
HxD Hex Editor version 1.7.7.0
IPTInstaller
Java 7 Update 21 (64-bit)
Java 7 Update 45
Java Auto Updater
Jump Desktop
K-Lite Mega Codec Pack 9.3.0
Kindle Converter
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.5.2
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.62
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Mirror's Edge
Moonbase Alpha
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MyStart Anti-phishing Domain Advisor
MyStart Toolbar
Notepad++
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Opera 12.16
Opera Stable 18.0.1284.49
Oracle VM VirtualBox 4.1.22
Plants vs. Zombies: Game of the Year
Portal
Portal 2
Prism Video File Converter
Product Improvement Study for HP ENVY 4500 series
SAMSUNG USB Driver for Mobile Phones
Sansa Updater
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHIELD Streaming
Skype Click to Call
Skype™ 6.10
Spotify
Steam
Team Fortress 2
The Stanley Parable Demo
TightVNC
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VideoPad Video Editor
VLC media player 2.0.6
Watchtower Library 2012 - English
WinRAR 4.20 (64-bit)
WinZip 17.0
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
11/26/2013 11:35:45 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/26/2013 11:35:11 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/26/2013 11:35:11 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/26/2013 11:32:46 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ClntMgmt.sys
11/26/2013 11:32:46 AM, Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0 The details view of this entry contains further information.
11/26/2013 11:32:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa80114b0038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112613-24258-01.dmp. Report Id: 112613-24258-01.
11/26/2013 11:31:53 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\ClntMgmt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/26/2013 1:34:56 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort3.
11/26/2013 1:03:05 PM, Error: nvlddmkm [14]  -
11/25/2013 4:58:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8010b768f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112513-65489-01.dmp. Report Id: 112513-65489-01.
11/25/2013 11:37:07 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/21/2013 3:01:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa801144f038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112113-18002-01.dmp. Report Id: 112113-18002-01.
11/21/2013 10:59:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8011465038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112113-19219-01.dmp. Report Id: 112113-19219-01.
11/19/2013 8:33:48 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Dana at 14:09:06 on 2013-11-26
#Option Extended Search is enabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.20479.14981 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Dana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Users\Dana\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\nacl64.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Dana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Dana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [MusicManager] "C:\Users\Dana\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [spotify Web Helper] "C:\Users\Dana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [sansaDispatch] C:\Users\Dana\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN37J2R3XJ05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [cpqek] C:\Program Files (x86)\Compaq\Compaq EAB Software\cpqek.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MyStart Anti-phishing Domain Advisor] "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Dana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{A9B789C4-8264-43DF-8227-0214BFCA9F0D} : DHCPNameServer = 192.168.5.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LibreOffice 4.0\program\npsoplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Dana\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.129\npAutodesk123DShapes32.dll
FF - plugin: C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Autodesk\Autodesk123D32\1.0.8\npAutodesk123D32.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-15 14:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-11-21 12:31; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-11-21 12:32; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-11-21 12:32; jid1-tHrhDJXsKvsiCw@jetpack; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi
FF - ExtSQL: 2013-11-21 12:35; {ce7e73df-6a44-4028-8079-5927a588c948}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF - ExtSQL: 2013-11-21 12:35; {b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF - ExtSQL: 2013-11-21 12:35; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
FF - ExtSQL: 2013-11-21 12:35; {2a43f346-13de-4aad-adeb-00b61e5bcde3}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\{2a43f346-13de-4aad-adeb-00b61e5bcde3}.xpi
FF - ExtSQL: 2013-11-21 12:35; support@lastpass.com; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\support@lastpass.com
FF - ExtSQL: 2013-11-21 12:35; firefox1@myibay.com; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\firefox1@myibay.com.xpi
FF - ExtSQL: 2013-11-21 12:35; amznUWL2@amazon.com; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\extensions\amznUWL2@amazon.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-10 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-19 283200]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-10 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-10 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-10 106904]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2013-4-30 7680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-20 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-20 15125280]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-7-19 2179056]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-20 44928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-20 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-20 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-2-14 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-2-14 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-2-14 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-2-14 146920]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-20 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2013-11-25 16:51:56    --------    d-----w-    C:\ProgramData\Visan
2013-11-25 16:51:56    --------    d-----w-    C:\ProgramData\HP Photo Creations
2013-11-25 16:51:56    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2013-11-25 16:51:45    --------    d-----w-    C:\Users\Dana\AppData\Roaming\HpUpdate
2013-11-25 16:51:35    762400    ------w-    C:\Windows\System32\HPDiscoPMC511.dll
2013-11-25 16:51:12    --------    d-----w-    C:\Program Files (x86)\HP
2013-11-25 16:51:11    --------    d-----w-    C:\Program Files\HP
2013-11-25 16:47:37    --------    d-----w-    C:\Users\Dana\AppData\Local\HP
2013-11-24 01:05:11    --------    d-----w-    C:\Users\Dana\AppData\Local\NVIDIA
2013-11-20 19:54:06    3767504    ----a-w-    C:\Windows\System32\d3dx9_26.dll
2013-11-20 19:54:06    2297552    ----a-w-    C:\Windows\SysWow64\d3dx9_26.dll
2013-11-20 19:53:14    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-11-20 19:53:14    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-11-20 19:53:14    10368    ----a-w-    C:\Windows\SysWow64\iviaspi.sys
2013-11-20 19:53:09    --------    d-----w-    C:\Program Files (x86)\SanDisk
2013-11-20 19:51:42    212992    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-11-20 18:47:33    --------    d-----w-    C:\Users\Dana\AppData\Roaming\SanDisk
2013-11-20 16:56:42    955168    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-11-20 16:56:42    1064224    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-11-20 16:54:21    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-11-20 16:54:21    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-11-20 16:54:21    28960    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-11-19 18:01:34    --------    d-----w-    C:\Users\Dana\AppData\Roaming\rockbox.org
2013-11-14 06:24:56    44544    ----a-w-    C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-14 06:20:12    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2013-11-14 06:20:12    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2013-11-13 19:41:58    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-11-13 19:41:57    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 19:41:56    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-11-13 19:41:55    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-13 19:41:54    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-11-11 14:59:28    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-11-10 07:04:48    --------    d-----w-    C:\Users\Dana\AppData\Local\ElevatedDiagnostics
2013-11-10 06:06:22    --------    d-----w-    C:\Users\Dana\AppData\Roaming\Mael
2013-11-10 06:06:10    --------    d-----w-    C:\Program Files (x86)\HxD
2013-11-05 14:10:08    --------    d-----w-    C:\Users\Dana\AppData\Local\mystart_ad
2013-11-05 14:10:07    --------    d-----w-    C:\ProgramData\MyStart Anti-phishing Domain Advisor
2013-11-05 14:10:06    --------    d-----w-    C:\ProgramData\EmailNotifier
2013-11-05 14:09:48    --------    d-----w-    C:\Program Files (x86)\mystarttb
2013-11-03 03:44:57    --------    d-----w-    C:\Users\Dana\AppData\Roaming\Unity
2013-10-31 08:11:03    --------    d-----w-    C:\Users\Dana\AppData\Roaming\calibre
2013-10-31 08:00:03    --------    d-----w-    C:\Program Files (x86)\eBookConverter
2013-10-31 06:11:44    216064    ----a-w-    C:\Windows\SysWow64\gcapi_dll.dll
2013-10-31 06:11:29    --------    d-----w-    C:\Users\Dana\AppData\Roaming\Foxit Software
2013-10-31 06:11:29    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2013-10-27 15:12:42    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-10-27 15:12:42    196384    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-10-27 15:12:42    1884448    ----a-w-    C:\Windows\System32\nvdispco6433165.dll
2013-10-27 15:12:42    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433165.dll
2013-10-27 15:12:42    1510176    ----a-w-    C:\Windows\System32\nvhdagenco64.dll
2013-10-22 15:19:41    --------    d-----w-    C:\Program Files (x86)\PSeMu3
2013-10-16 22:28:18    --------    d-----w-    C:\ProgramData\Oracle
2013-10-16 22:27:56    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-09 05:26:47    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 05:26:47    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 05:26:44    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-09 05:26:41    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-10-09 05:25:40    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 05:25:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-10-09 05:25:40    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-10-09 05:25:40    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-10-09 05:25:40    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-10-09 05:25:40    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 05:25:40    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
.
==================== Find6M  ====================
.
2013-11-26 17:43:58    83160    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-11-26 17:43:58    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-11-26 17:43:58    106904    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-11-14 06:27:47    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-11 20:26:53    5    ----a-w-    C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58    3467927    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-10-23 08:20:05    2559776    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-10-09 10:12:12    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 10:12:12    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20    56832    ----a-w-    C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13    13824    ----a-w-    C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53    12800    ----a-w-    C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59    56832    ----a-w-    C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08    18944    ----a-w-    C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05    62976    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-10-02 00:15:45    1057280    ----a-w-    C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58    50176    ----a-w-    C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20    17920    ----a-w-    C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30    83968    ----a-w-    C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16    420864    ----a-w-    C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48    53248    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09    1147392    ----a-w-    C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10    855552    ----a-w-    C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12    1068544    ----a-w-    C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46    6578176    ----a-w-    C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10    5698048    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-12 10:41:35    185344    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys
2013-07-12 10:41:12    100864    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-04 12:57:22    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
.
============= FINISH: 14:09:45.31 ===============
 

Link to post
Share on other sites

Welcome to the forum, please uninstall these from your add/remove programs if possible:

MyStart Anti-phishing Domain Advisor
MyStart Toolbar
Java 7 Update 21 (64-bit)


-------------------------------------------------

Then..........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller output log :

 

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dana [Admin rights]
Mode : Scan -- Date : 11/26/2013 15:32:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] avrestart.exe -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\RunOnce : mystart_ad_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\MyStart Anti-phishing Domain Advisor" /s /q [x][-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\RunOnce : mystart_ad_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Dana\AppData\Local\mystart_ad" /s /q [x][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1433210088-295290319-1384765652-1000\[...]\RunOnce : mystart_ad_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\MyStart Anti-phishing Domain Advisor" /s /q [x][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1433210088-295290319-1384765652-1000\[...]\RunOnce : mystart_ad_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Dana\AppData\Local\mystart_ad" /s /q [x][-]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] AllmyappsUpdateTask.job : C:\Users\Dana\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND
[V2][sUSP PATH] AllmyappsUpdateTask : C:\Users\Dana\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 71f28b33cc1b4208674efc4fab34cb49
[bSP] a02d83ba8b8226588b5b706f8531c14f : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 2048 | Size: 976 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 2002942 | Size: 237496 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000524AS ATA Device +++++
--- User ---
[MBR] 5e4db838c3340548d92ff410b2b77245
[bSP] 5a24a64517a16ca9a3fbcabad3c7a8f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] 59276a6c668c3f0f7b8da3247f332a4f
[bSP] a68438fbfea35ef2fbf4d11f778e1dbb : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 256 | Size: 31911 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_11262013_153211.txt >>



 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[RUN][sUSP PATH] HKCU\[...]\RunOnce : mystart_ad_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\MyStart Anti-phishing Domain Advisor" /s /q [x][-]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\RunOnce : mystart_ad_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Dana\AppData\Local\mystart_ad" /s /q [x][-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1433210088-295290319-1384765652-1000\[...]\RunOnce : mystart_ad_DATA_FOLDER (cmd.exe /c rmdir "C:\ProgramData\MyStart Anti-phishing Domain Advisor" /s /q [x][-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1433210088-295290319-1384765652-1000\[...]\RunOnce : mystart_ad_INSTALL_FOLDER (cmd.exe /c rmdir "C:\Users\Dana\AppData\Local\mystart_ad" /s /q [x][-]) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[V1][sUSP PATH] AllmyappsUpdateTask.job : C:\Users\Dana\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND

[V2][sUSP PATH] AllmyappsUpdateTask : C:\Users\Dana\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

adw cleaner output after restart -

 

# AdwCleaner v3.013 - Report created 26/11/2013 at 17:44:53
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Dana - PANTERANEGRA1
# Running from : C:\Users\Dana\Desktop\ADw\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Dana\AppData\Roaming\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\2bqc4mfs.default-1385046317022\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2814 octets] - [26/11/2013 17:09:46]
AdwCleaner[s0].txt - [2617 octets] - [26/11/2013 17:44:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2677 octets] ##########
 

Link to post
Share on other sites

Good........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Looks Good......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.