Jump to content

Recommended Posts

Help!

 

I have tried everything I can to my wit's end, and cannot remove the extension of Bee Coupons from Chrome.  I have tried several virus removal programs, including Malwarebytes, but to no avail.

 

It does NOT appear in Programs and Features in the Control Panel, so that does not work.

It will NOT allow me to disable it under the Settings feature in Chrome.

Norton Security Suite does not see it as a problem, nor does Spybot Search and Destroy.

Malwarebytes did remove some of the folders it created, but the extension still persists in Chrome.

 

This is a Windows 7 Professional PC, so any help is greatly appreciated!

 

Shawn

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

---------------------------------------------------------------------

Link to post
Share on other sites

Here is what you have requested so far....(and thanks for the help!)

 

DDS.text

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by Shawn at 19:27:41 on 2014-02-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3318.1392 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 192.168.*.*;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\dell printers\dell 1355 multifunction color printer\pdfviewer\bin\PlusIEContextMenu.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.1.0.18\ips\IPSBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.1211.1\NativeBHO.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.1.0.18\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\dell printers\dell 1355 multifunction color printer\pdfviewer\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2D5C6F0A-D763-4C1F-9134-C18883EDC0B0} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\2656C6B696E6E2031616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\2656C6B696E6E2334346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\2656C6B696E6E2334346E2537484A7 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\44271676F6E67696C646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\A7F62727F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CF3D2607-BB28-4EDD-B5FA-5407E8CB0A42}\A7F627F6 : DHCPNameServer = 192.168.0.87
TCP: Interfaces\{D29CE63B-5EC1-4ADD-8DA5-8B69ECE35CE0} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\keycry~1\keycry~4.dll, c:\progra~2\browse~1\261125~1.80\{16cdf~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 54.225.95.126 gcbkfpidjhchgnokamccdemjfamackdh
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-12 17072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\SymDS.sys [2013-11-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys [2013-11-27 935512]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-4-3 80104]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140121.001\BHDrvx86.sys [2014-1-22 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys [2013-11-27 127064]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R1 IDSVix86;IDSVix86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140207.001\IDSvix86.sys [2014-2-7 394456]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys [2013-11-27 206936]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1501000.012\symnets.sys [2013-11-27 446552]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-12 81920]
R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 DLNADB;Dell 1355cn Status Database;c:\program files\dell printers\dell 1355 multifunction color printer\status monitor\dlp1Adb.exe [2010-9-29 77120]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-12 13336]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-12-11 41024]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-12 60928]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.1.0.18\N360.exe [2013-11-27 264360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\dell printers\dell 1355 multifunction color printer\paperport\PDFProFiltSrvPP.exe [2010-6-14 144672]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-14 1248256]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-12 59904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-23 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-23 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-23 168384]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-6 3291008]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-12 42672]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-8-9 144600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-12 33320]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-12 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-12 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-12-12 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-29 108120]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-12 125696]
R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-4-3 24760]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-10 40776]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-12 6814720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2012-7-3 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2012-7-3 23040]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\drivers\lgandnetdiag2.sys [2012-7-3 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2012-7-3 27776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-12 134144]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-4 14848]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-12-12 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-12-12 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-4 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-02-11 00:22:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-10 02:56:20 -------- d-----w- c:\users\shawn\appdata\roaming\Malwarebytes
2014-02-10 02:56:04 -------- d-----w- c:\programdata\Malwarebytes
2014-02-10 02:56:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-10 02:56:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-10 02:32:53 -------- d-----w- c:\users\shawn\appdata\roaming\LavasoftStatistics
2014-02-10 01:51:30 -------- d-----w- c:\program files\common files\Microsoft
2014-02-10 01:51:30 -------- d-----w- c:\program files\AdwareRemovalToolv3.7
2014-02-08 03:21:12 -------- d-----w- c:\users\shawn\appdata\local\BrowserSafeguard
2014-02-08 03:15:31 -------- d-----w- c:\program files\Bench
2014-02-08 03:14:43 -------- d-----w- c:\programdata\VisualBee
2014-02-08 03:14:40 -------- d-----w- c:\users\shawn\appdata\local\emaze
2014-02-08 02:45:09 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-02-08 02:45:09 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll
2014-02-08 02:32:27 -------- d-----w- c:\program files\Freedom Download Manager
2014-02-08 02:32:19 -------- d-----w- c:\users\shawn\.android
2014-02-08 02:32:17 -------- d-----w- c:\users\shawn\appdata\local\cache
2014-02-08 02:32:14 -------- d-----w- c:\users\shawn\appdata\local\Mobogenie
2014-02-08 02:32:14 -------- d-----w- c:\users\shawn\appdata\local\genienext
2014-02-08 02:29:39 -------- d-----w- c:\program files\sp
2014-02-08 01:48:52 -------- d-----w- c:\programdata\BlueStacksSetup
2014-02-07 00:32:10 -------- d-----w- c:\windows\Migration
2014-02-07 00:25:04 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-07 00:25:03 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-02-07 00:18:10 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-07 00:17:56 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-02-07 00:17:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-07 00:17:54 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-02-07 00:17:54 141824 ----a-w- c:\windows\system32\wscript.exe
2014-02-07 00:17:54 126976 ----a-w- c:\windows\system32\cscript.exe
2014-02-07 00:17:54 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-02-07 00:17:53 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-02-07 00:17:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-07 00:17:46 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-02-07 00:17:46 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-07 00:17:29 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-07 00:16:57 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-02-07 00:16:57 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-02-07 00:16:57 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-02-07 00:16:57 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-02-07 00:16:57 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-02-07 00:16:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-02-07 00:16:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
.
==================== Find3M  ====================
.
2013-12-14 04:25:54 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-12-04 07:23:26 892704 ----a-w- c:\windows\system32\nvhdagenco32.dll
2013-12-04 07:23:26 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2013-12-04 07:23:26 161056 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-11-28 01:43:58 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 19:29:21.15 ===============
 
 
Attach.text
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2011 7:23:05 PM
System Uptime: 2/10/2014 7:19:08 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0N5KHN
Processor: Intel® Core i5 CPU       M 580  @ 2.67GHz | CPU 1 | 1973/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 145.125 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.859 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\8&1C059A81&0&040CCE474393_C00000000
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\8&1C059A81&0&040CCE474393_C00000000
Service: 
.
==== System Restore Points ===================
.
RP218: 1/25/2014 2:42:03 PM - Scheduled Checkpoint
RP219: 2/1/2014 7:29:22 PM - Scheduled Checkpoint
RP220: 2/6/2014 7:18:23 PM - Windows Update
RP221: 2/7/2014 9:10:15 PM - Removed BlueStacks Notification Center
RP222: 2/7/2014 9:48:36 PM - Device Driver Package Install: Google, Inc.
RP223: 2/7/2014 11:28:44 PM - Installed WeatherBug
RP224: 2/7/2014 11:39:26 PM - Removed WeatherBug
RP225: 2/9/2014 9:12:28 PM - AA11
RP226: 2/10/2014 4:31:29 PM - AA11
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5600
5600_Help
5600Trb
AccelerometerP11
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AntiLogger SDK version 1.6.6.296
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Desktop
Bing Rewards Client Installer
BioAPI Framework
Bonjour
Brother HL-2040
BufferChm
CCleaner
CDDRV_Installer
Constant Guard Protection Suite
Copy
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell 1355cn/1355cnw Color MFP
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlVault Host Components Installer
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell System Manager
Dell Touchpad
Dell Webcam Central
Destinations
DeviceDiscovery
DocProc
Document Manager Lite
Dropbox
EMBASSY Security Center
EMBASSY Security Setup
erLT
ESC Home Page Plugin
Fax
Gemalto
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
GPBaseService2
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Imaging Device Functions 13.0
HP Photo Creations
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
iCloud
Intel® Network Connections 15.2.89.0
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
iTunes
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
KhalInstallWrapper
LG United Mobile Drivers
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper MergeModules
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network
Norton Security Suite
NTRU TCG Software Stack
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA Control Panel 327.02
NVIDIA Graphics Driver 327.02
NVIDIA Install Application
NVIDIA nView 140.62
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 13.0
PaperPort Image Printer
Point 7.3
PowerDVD DX
Preboot Manager
Private Information Manager
QuickBooks
QuickBooks Premier: Nonprofit Edition 2012
QuickTime
Reader 2.1
Scan
Scansoft PDF Professional
Secure Download Manager
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition
Security Wizards
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype Web Plugin
Skype™ 6.6
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Trusted Drive Manager
UnloadSupport
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
WebReg
WIDCOMM Bluetooth Software
Windows 7 USB/DVD Download Tool
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Phone app for desktop
.
==== Event Viewer Messages From Past Week ========
.
2/8/2014 1:17:42 AM, Error: Service Control Manager [7034]  - The MgAssist Service service terminated unexpectedly.  It has done this 1 time(s).
2/7/2014 9:32:12 PM, Error: Service Control Manager [7030]  - The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/7/2014 11:41:40 PM, Error: Service Control Manager [7031]  - The Update PursuePoint service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/7/2014 10:18:45 PM, Error: Service Control Manager [7034]  - The Search Protect by Conduit Service service terminated unexpectedly.  It has done this 1 time(s).
2/10/2014 7:21:24 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
2/10/2014 5:04:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
.
==== End Of File ===========================
 
 
As for the RogueKiller file, I have downloaded it and run it several times.  It always starts itself and begins to examine 'processes', where it gets stuck and no longer moves.  It is always stuck at the same place, the dllhost.  I have let it run for a few hours, and even overnight now, but it does not go any further than that.  So I do not even have the ability to run the Scan with Rogue Killer.
 
Awaiting further instructions, and thanks again!
Link to post
Share on other sites

Lets start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

----------------------------------------------

Then................

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Okay MrC,

 

Here are the logs based on the above listed instructions....

 

AdwCleanerS0.txt

 

# AdwCleaner v3.018 - Report created 11/02/2014 at 20:24:25
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Shawn - SHAWNB-LAPTOP
# Running from : C:\Users\Shawn\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : DvmMDES
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Users\Shawn\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\5d6dbddb235ec17
Key Deleted : HKLM\SOFTWARE\5d6dbddb235ec17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\visualbee
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261125~1.80\{16cdf~1\browse~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v
 
[ File : C:\Users\jgarrison\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Jack Garrison\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7072 octets] - [11/02/2014 20:22:15]
AdwCleaner[s0].txt - [7161 octets] - [11/02/2014 20:24:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7221 octets] ##########
 
Next, the mbam-log-2014-02-11 (20-29-53).txt
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
Shawn :: SHAWNB-LAPTOP [administrator]
 
2/11/2014 8:29:53 PM
mbam-log-2014-02-11 (20-29-53).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346492
Time elapsed: 12 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
The FRST.txt  FRST.txt and Addition.txt  Addition.txt will be attached to this post.
 
Thanks so much for all this help!  By the way, as a side note, when I clicked on additional options so that I could attach those files, Bee Coupons took me to a website that advertised how to clean my PC!!  If it wasn't so ridiculous, I would laugh hysterically!

 

Link to post
Share on other sites

Good morning!

 

Ok, first thing when I turned on my laptop this AM, Windows does boot and it allows me to log in, but my main User Account goes to a completely black screen.  I can see only the cursor, and I can hit Ctrl-Alt-Del in order to back out or bring up the Task Manager, but nothing else works.  So I had to use a different User Account which is working just fine.

 

So here is the fixlog.  Thanks again for the help - I would be lost without it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by SMB at 2014-02-12 07:34:57 Run:1
Running from C:\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
CHR Extension: (Bee Coupons) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkfpidjhchgnokamccdemjfamackdh [2014-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkfpidjhchgnokamccdemjfamackdh

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\livecall => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
HKCR\PROTOCOLS\Handler\msnim => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key deleted successfully.
C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkfpidjhchgnokamccdemjfamackdh => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkfpidjhchgnokamccdemjfamackdh" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Hey Mr C,

 

I did system restore, and the screen finally came back (it took a full three or four minutes for it to come back from a black screen).  Now my Norton Anti-Virus is not functioning properly either!

 

Anyways, back to the Bee Coupons problem.  What should my next steps be?

Link to post
Share on other sites

Okay, status update...

 

I ran the FRST scan again, and the files are attached here.  However, after I did that, I rebooted the PC and I had the problem with the screen going completely black again.  So, I had to do another System Restore which brought my screen back to normal.  Thankfully, I had already saved the two files from the FRST scan.

 

So, am I correct to assume that the FRST is probably affecting my screen somehow and causing it to not show?

 

Addition2.txt

FRST2.txt

Link to post
Share on other sites

It's possible, lets use a different scanner:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Nothing in the logs for that.

Please go to the link below, download and run Fixit:
http://support.microsoft.com/kb/972034 <---reset host file fixit

See if you can run RogueKiller now, download a fresh copy.

------------------------------

EDIT: also do this......

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfindgcbkfpidjhchgnokamccdemjfamackdh
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

It's getting late for me but lets do this:

Copy and paste this into Chromes address bar and hit Enter:

Then in the Policies window click on Show Value.

See if you can find this:

gcbkfpidjhchgnokamccdemjfamackdh

and see what folder it's in.

Let me know, be back in the AM.....MrC

Link to post
Share on other sites

Perfect.  Thanks so much, Mr C.

 

I will put it in the format similar to how it looked in Chrome:

 

Applies to                         Level                                    Policy name                            Policy value                            Status
Machine                           Mandatory                            ExtensionInstallForcelist          Hide value                                OK
 
 
Honestly, I sure hope you know how to read that because I have no clue!
Thanks again for all your help, and have a good night's sleep.
Shawn
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.