Web browser no longer connects to internet

[CodeMonk]

I ran malwarebytes.

( see original thread )

 

NOW, I can't connect to the web.

I tried Chrome, Firefox, even IE and NONE of them can connect to the web.

I can use a command prompt and ping various sites all damn night with no problem.

But since I last ran Malwarebytes, my system if screwed!!!!!

 

I was just fine until I ran your damn program.

I've tried the microsoft update program but it can't connect either!!!

 

I ran the programs suggested I did before and the resulting files are attached.

 

I NEED THIS FIXED ASAP!!

Preferably without having to wipe my system and re-install.

I'm studying for me EE degree, and this is totally screwing me.

 

 

The following files are also attached, just in case

 

DDS.txt :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.25.2
Run by Rob at 15:00:19 on 2013-12-14
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2807.1103 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [bitTorrent] "C:\Users\Rob\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [uninstRebootRequired] <no file>
StartupFolder: C:\Users\Rob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rob\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Rob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~2.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\AdpeakProxy.dll



TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8192C47F-6A1B-475D-A522-A47F112D10F0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9630804C-7DF9-474E-A673-8385497B91AE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9630804C-7DF9-474E-A673-8385497B91AE}\24563747755637475627E6 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9630804C-7DF9-474E-A673-8385497B91AE}\2456C6B696E6E243535453 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9630804C-7DF9-474E-A673-8385497B91AE}\D4F64756C60263 : DHCPNameServer = 208.67.222.222 208.67.220.220 4.2.2.2
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>

x64-mWinlogon: Userinit = C:\Windows\explorer.exe,
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [combofix] C:\ComboFix\CF3927.3XE /c C:\ComboFix\Combobatch.bat
x64-RunOnce: [combofix] C:\ComboFix\CF3927.3XE /c C:\ComboFixCombobatch.bat
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\jq8gm4ly.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search


FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rob\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-22 17:18; mcciwbch@motive.com; C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi
FF - ExtSQL: 2013-12-10 18:03; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-14 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2013-1-15 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2013-1-15 55296]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-22 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-2-24 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-22 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-11-14 121616]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-5-24 255744]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-10-22 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-10-22 460288]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2013-1-15 291352]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-22 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-7-22 243232]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-10 1771544]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-22 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-22 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-22 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-16 287232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
S2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 246304]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files\Just Great Software\EditPadLite7\EditPadLite7.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-30 18:38:43    --------    d-sh--w-    C:\$$PendingFiles
2013-11-30 09:09:28    --------    d-----w-    C:\Users\Rob\AppData\Roaming\Malwarebytes
2013-11-30 09:08:49    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-24 19:08:15    --------    d-----w-    C:\Books
2013-11-17 23:44:52    439296    ----a-w-    C:\Windows\System32\AdpeakProxy64.dll
2013-11-16 23:40:09    --------    d-----w-    C:\Program Files\Level Quality Watcher
2013-11-16 23:38:54    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-11-16 23:36:03    --------    d-----w-    C:\Program Files (x86)\ePub to PDF Converter
2013-11-16 22:50:44    --------    d-----w-    C:\Program Files (x86)\ePub Reader
2013-11-16 22:50:31    --------    d-----w-    C:\Users\Rob\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-11-13 07:10:50    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-11-06 05:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-10-25 06:25:58    194872    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-10-01 08:52:08    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 15:00:58.68 ===============
 

 

ATTACH.txt :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2012 8:48:40 PM
System Uptime: 12/14/2013 7:12:56 AM (8 hours ago)
.
Motherboard: Gateway |  | NV55C
Processor: Intel® Pentium® CPU        P6100  @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 14.917 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Advertising Center
Any Video Converter 3.5.5
ATT Management Agent
AVG 2014
AVG SafeGuard toolbar
Backup Manager Basic
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Best Buy pc app
BitTorrent
Borland Delphi 6
Broadcom Gigabit NetLink Controller
Canon MP470 series
CDex - Open Source Digital Audio CD Extractor
Cole2k Media - Codec Pack (Advanced) 8.0.2
CyberLink PowerDVD 9
DirectVobSub 2.41.5887 (64-bit)
Dropbox
DVD Shrink 3.2
DVDVideoMedia Free Audio Converter 2.1
EAGLE 6.1.0
EAGLE 6.3.0
EAGLE 6.4.0
EditPad Lite 7.1.1
ePub Reader for Windows version 4.1
ePub to PDF Converter 2.0.4
ETDWare PS/2-x64 7.0.6.5_WHQL
Fontlist
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Geekbench 2.4
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HTML-Kit 292
HxD Hex Editor version 1.7.7.0
Icon Searcher 3.90
Identity Card
ImagXpress
Inkscape 0.48.2
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
InterBase
Jasc Paint Shop Pro 9
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Junk Mail filter update
KODAK Share Button App
Launch Manager
LTspice IV
Mass Effect™ 3 Demo
McAfee SiteAdvisor
McAfee Virtual Technician
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
mIRC
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR Print Server Software
NVIDIA PhysX
OpenOffice.org 3.3
Origin
Paint Shop Pro 7
PitchPerfect Musical Instrument Tuner
Project64 1.6
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REAPER
ScorpionSaver
ScorpionSaver Services
Shared C Run-time for x64
Tahoe Techs DriveInfo 1.0
TransistorAmp
Video Web Camera
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.3
Welcome Center
Winamp
Winamp Detector Plug-in
Windows 7 Codec Pack 4.0.3
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.11 (64-bit)
WinX DVD Ripper 5.5.14
Wise Registry Cleaner 7.17
Xirrus Wi-Fi Inspector
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
12/8/2013 2:44:23 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
12/14/2013 7:13:55 AM, Error: Service Control Manager [7034]  - The ATT MAHostService service terminated unexpectedly.  It has done this 3 time(s).
12/14/2013 7:13:55 AM, Error: Service Control Manager [7023]  - The ATT MAHostService service terminated with the following error:  %%-1
12/14/2013 7:13:54 AM, Error: Service Control Manager [7031]  - The ATT MAHostService service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/14/2013 7:13:53 AM, Error: Service Control Manager [7031]  - The ATT MAHostService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/14/2013 7:13:48 AM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
12/14/2013 7:13:46 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
12/14/2013 7:13:46 AM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/14/2013 7:13:46 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/14/2013 7:13:44 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
12/14/2013 1:59:01 AM, Error: Service Control Manager [7031]  - The McAfee Firewall Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2013 1:50:36 AM, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
12/14/2013 1:14:00 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ATT MAHostService service to connect.
12/14/2013 1:14:00 AM, Error: Service Control Manager [7000]  - The ATT MAHostService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/14/2013 1:11:23 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
12/12/2013 1:50:24 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/12/2013 1:49:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
12/11/2013 4:06:28 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
12/11/2013 10:46:06 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
12/10/2013 3:00:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
12/10/2013 2:59:54 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 

attach.txt

dds.txt

protection-log-2013-12-14.txt

[CodeMonk]

Sorry, original thread is here :

https://forums.malwarebytes.org/index.php?showtopic=138269&p=764591

[AdvancedSetup]

Hi CodeMonk

 

Please try to relax, we'll get you going again but the logs show your computer has been having issues for a while now and I suspect why you used our program in the first place.

 

Please open MBAM and on the Logs tab find the latest log and copy that over to a USB stick if needed and post back the results so that hopefully I can see what infection we're dealing with and what was removed.

 

Thanks

[CodeMonk]

Hi CodeMonk

 

Please try to relax, we'll get you going again but the logs show your computer has been having issues for a while now and I suspect why you used our program in the first place.

 

Please open MBAM and on the Logs tab find the latest log and copy that over to a USB stick if needed and post back the results so that hopefully I can see what infection we're dealing with and what was removed.

 

Thanks

 

 

The latest long is attached with my previous post.

But here are thew contents :

 

2013/12/14 00:55:34 -0800    ROB-PC    Rob    MESSAGE    Starting database refresh

2013/12/14 00:56:14 -0800    ROB-PC    Rob    MESSAGE    Database refreshed successfully

2013/12/14 01:14:04 -0800    ROB-PC    (null)    MESSAGE    Starting protection

2013/12/14 01:14:05 -0800    ROB-PC    (null)    MESSAGE    Protection started successfully

2013/12/14 01:14:05 -0800    ROB-PC    (null)    MESSAGE    Starting IP protection

2013/12/14 01:14:05 -0800    ROB-PC    (null)    ERROR    IP protection failed:  FwpmEngineOpen0 failed with error code 1753

2013/12/14 01:29:58 -0800    ROB-PC    Rob    MESSAGE    Stopping protection

2013/12/14 01:29:58 -0800    ROB-PC    Rob    MESSAGE    Protection stopped successfully

2013/12/14 01:47:32 -0800    ROB-PC    Rob    MESSAGE    Protection stopped

 

[CodeMonk]

Oh and sorry if I sound like and ass, but since the job market here BLOWS, the internet is my only source of (meager) income at the moment.

I build and design guitar effects pedals and most of the information I need so I can learn more, I need internet access to get.

That and I'm working on an EE degree which requires internet access to keep that part of my life going.

[CodeMonk]

Oops sorry again.

I went to the bar tonight to drink away my anger and depression (yeah ok not the best way, but my sister owns the bar and I drink for free).

 

Here are the last few log files attached.

 

 

mbam-log-2013-12-13 (04-31-23).txt

mbam-log-2013-12-13 (05-03-42).txt

mbam-log-2013-12-14 (02-06-34).txt

mbam-log-2013-12-14 (02-24-22).txt

[CodeMonk]

And just so you know, even though my mind is not at its peak ATM,

I worked in the IT field in various capacities for 15 years (Networking design, repair, setup, etc, PC repair, Software Engineering, etc).

 

Thanks for your help.

[CodeMonk]

Being a former Software Engineer. I know there ways to hide things from the standard computer user.

One of these things is called the Atom Table.

I myself have often used this table to store information from some of my programs

I have the contents of the Atom Table from my laptop attach.

I have also attached the results of the Netstat /a output.

 

Hopefully it will help.

Atoms.txt

Netstat-a.txt

[CodeMonk]

I don't know if this will help or not, but I would like to try to give you people all the info you MAY need to help me solve this problem.

 

There are 3 .GIF files in the attached archive showing all the processes that are list in Task Manager.

I noticed that some listed there are not listed in the process list gathered from your programs.

Some of those file names are unfamiliar to me (The Paint~1.exe is Paint Shop Pro BTW).

 

Hope this helps.

CodeMonk_TaskManager_List.zip

[AdvancedSetup]

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[CodeMonk]

Will do.

I used to work in the IT field and have ran across a problem similar to what I think may have happened.

Several services got removed from the service list.

The solution in that case was to run regsrv32 on the various service files. Problem solved in that case.

I have noticed in my current situation, that there are some services that are no longer listed among the Services list.

 

But I will follow your instructions and post back the results before I take that route this time around.

But I am also wondering if you think something similar has happened in this case?

 

Thanks again

[AdvancedSetup]

Services don't just get removed.  You can disable one or many but they will still show up.  To remove them one needs to provide either the proper commands to remove them or uninstall the application that created them in some cases but in the case of core Windows services those typically have no uninstall routine and thus would need to be removed via the command line.

 

There is no way that MBAM removed them and the logs you've provided only show minimal removals and nothing that would stop Internet access by removing it.

 

Please go ahead and run Combofix and post back the log.

 

Thanks

[CodeMonk]

No, no.

I'm not saying that MBAM removed or disabled any services.

 

But a clever writer of malware certainly could, and remove them from the list. and a smart one can remove evidence of his actions.

Believe me, I was a Software Engineer and back in those days, I knew the Windows API like the back of my hand.

It can be done.

 

 

I ran ComboFix and now my browser works

 

Thanks

ComboFix.txt

[AdvancedSetup]

I see  you had the ScorpionSaver infection as well as your userinit.exe file being infected.  Let run some more scans to make sure all is okay now.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

 

[CodeMonk]

Step 3 results :

Clean on first run

 

Attached files as requested

 

mbar-log-2013-12-17 (02-23-28).txt

system-log.txt

[CodeMonk]

JRT CONTENTS:

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rob on Tue 12/17/2013 at  3:18:15.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ticno
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ticno multibar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ticno
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ticno multibar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\ticno"
Successfully deleted: [Folder] "C:\Users\Rob\AppData\Roaming\ticno"
Successfully deleted: [Folder] "C:\Users\Rob\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Rob\appdata\local\breakpad"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\ticno"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\Rob\AppData\Roaming\mozilla\firefox\profiles\jq8gm4ly.default\user.js
Successfully deleted: [Folder] C:\Users\Rob\AppData\Roaming\mozilla\firefox\profiles\jq8gm4ly.default\extensions\staged
Successfully deleted the following from C:\Users\Rob\AppData\Roaming\mozilla\firefox\profiles\jq8gm4ly.default\prefs.js



Emptied folder: C:\Users\Rob\AppData\Roaming\mozilla\firefox\profiles\jq8gm4ly.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/17/2013 at  3:29:25.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[CodeMonk]

STEP 5

AdwCleaner[s0].txt CONTENTS

 

# AdwCleaner v3.015 - Report created 17/12/2013 at 03:45:50

# Updated 10/12/2013 by Xplode

# Operating System : Windows 7 Home Premium  (64 bits)

# Username : Rob - ROB-PC

# Running from : C:\Users\Rob\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\NCH Software

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files\Level Quality Watcher

[!] Folder Deleted : C:\Users\Rob\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Rob\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ticno

Folder Deleted : C:\Users\MOVIES\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Folder Deleted : C:\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Folder Deleted : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Folder Deleted : C:\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Folder Deleted : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Folder Deleted : C:\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Folder Deleted : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Folder Deleted : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

Folder Deleted : C:\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

File Deleted : C:\Windows\System32\AdpeakProxy.ini

File Deleted : C:\Windows\System32\AdpeakProxyOff.ini

File Deleted : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\jq8gm4ly.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\jq8gm4ly.default\searchplugins\zonealarm.xml

File Deleted : C:\Windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.

Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81

Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16526

 

 

-\\ Mozilla Firefox v12.0 (en-US)

 

[ File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\jq8gm4ly.default\prefs.js ]

 

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

 

*************************

 

AdwCleaner[R0].txt - [9020 octets] - [17/12/2013 03:43:03]

AdwCleaner[s0].txt - [8806 octets] - [17/12/2013 03:45:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8866 octets] ##########

 

 

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.17.03

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Rob :: ROB-PC [administrator]

 

12/17/2013 4:15:16 AM

mbam-log-2013-12-17 (04-15-16).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239089

Time elapsed: 10 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

Off to Step 6 now.

[AdvancedSetup]

Great, yes the computer had a lot of junk on it but looks to be getting it removed without much of an issue.  Post the other logs when ready.

[CodeMonk]

I ran the online scanner, but it took about 30 minutes to get to 10% and it was already about 6 AM,

So I went to bed to let it finish.

When I got up, the system had rebooted, so I didn't get to chance to export any log or text file it may have created.

Would have maybe created a log file ethat could be of use to you?

If so where would it have put it?

 

From the web page that I got that scanner from, it appeared that it was just a one time and one time only freebie.for use.

 

Should I just move on the Step 7 and run the Farbar Recovery Scan Tool or try to run the ESET again?

Right now its  about 6:30 am so running a 3 hour scan that I need to still be awake to export anything is out of thr question until

sometime tomorrow evening.

 

Something is definitely still there slowing stuff down because if I right click trying to get a context menu to pop up in Explorer, its take quite a bit longer for the menu to pop up that it used to take (Say, as an example, right click on a .TXT file because I want to rename it or something)..

 

 

So is my next step to try to run ESSET or FABAR?

 

And I will tell you something else...

The support you have shown has been among the best I have every received from ANY software company. EVER.

You have earned a customer for life, even if this fails.

 

As soon as I can get some money (I'm on food stamps right now, so my financial situation really sucks right now, I will be buying a lifetime subscription

to Malwarebytes (Or whatever comes closest to that.).

I guess I'm going to start giving guitar/music lessons again.

 

The crap that's out there these days is WAY nastier than it was when I worked in IT, I'll tell you that.

[CodeMonk]

I could have sworn I did this already (At least step 6), but here are the results from Step 6 and Step 7

 

=======================================================================================================

 

Step 6

 

Exported list from ESET

 

C:\AdwCleaner\Quarantine\C\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.html.vir JS/Adware.Yontoo.B application

C:\AdwCleaner\Quarantine\C\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\yl.js.vir JS/Adware.Yontoo.A application

C:\Books\cbsidlm-cbsi134-ePub_to_PDF_Converter-SEO-75532612.exe a variant of Win32/CNETInstaller.B application

C:\Config.Msi\15a86060.rbf a variant of Win32/Toolbar.Widgi application

C:\Downloads\cnet2_HKSetup_exe.exe a variant of Win32/InstallCore.D application

C:\Downloads\cnet2_WnvHtmlToPdf_App-v8_0_zip.exe a variant of Win32/InstallCore.D application

C:\Downloads\cnet2_WRCFree_exe.exe a variant of Win32/InstallCore.D application

C:\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Downloads\planner_setup.exe a variant of Win32/Multibar.AA application

C:\Downloads\PDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Downloads_From_Moms_Computer\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E application

C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Acala_DVD_Ripper_Professional-SEO2-10784635.exe Win32/DownloadAdmin.D application

C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Active_ISO_Burner-SEO2-10602452.exe Win32/DownloadAdmin.D application

C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe Win32/DownloadAdmin.D application

C:\Downloads_From_Moms_Computer\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E application

C:\Guitar\DaltonJones\Effects\Caerbannog_Fuzz\Enclosures\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E application

C:\Install\1\cbsidlm-tr1_7-Acala_DVD_Ripper_Professional-SEO2-10784635.exe Win32/DownloadAdmin.D application

C:\Install\1\cbsidlm-tr1_7-Active_ISO_Burner-SEO2-10602452.exe Win32/DownloadAdmin.D application

C:\Install\1\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe Win32/DownloadAdmin.D application

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A application

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll probably a variant of Win32/Toolbar.Montiera.A application

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A application

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F application

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A application

C:\Program Files (x86)\CheckPoint\Install\zatb.exe multiple threats

C:\T0_DVD\DaltonJones\Effects\Caerbannog_Fuzz\Enclosures\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E application

C:\Users\Rob\AppData\Roaming\TicnoTemp\multibar_setup.exe a variant of Win32/Multibar.AC application

 

 

 

[AdvancedSetup]

Okay, good. None of those are malware but they do include PUP (Possibly Unwanted Programs) that can sometimes eventually lead to the computer getting infected by their use in time.

Please go ahead and run the FRST tool now and we'll see what it finds.

[CodeMonk]

Damn, I thought I attached the files from FRST.

 

Lets try that again shale we ?

Addition.txt

FRST.txt

[CodeMonk]

Oh and BTW, these files....

 

Files to move or delete:

====================

C:\Users\Rob\MyPw-backup.dat

C:\Users\Rob\MyPw.dat

C:\Users\Rob\MyPw.exe

 

That's a program I wrote and its data files,.my various passwords (Using multiple customized encryption algorithms of course).

 

 

[AdvancedSetup]

Please copy and backup these files then to another safe location.

 

C:\Users\Rob\MyPw-backup.dat
C:\Users\Rob\MyPw.dat
C:\Users\Rob\MyPw.exe
C:\Users\Rob\Prefix-Suffix.reg

 

 

Then uninstall the cpuz135 as it's installed in a temporary file location which it should not be.

 

Next, Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

fixlist.txt

[CodeMonk]

Fixlog.txt attached.

 

As for cpuz135, its nowhere to be found on this computer in ANY location.

 

I did find several references to it in the registry though. In 7 keys.

 

I have also attached a file with the contents of those keys : "cpuz135_Registry-Entries.txt".

 

 

Thanks again.

 

 

 

Fixlog.txt

cpuz135_Registry-Entries.txt