Jump to content

Pop Ups


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16671
Run by Doc at 9:14:04 on 2014-02-14
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3070.1678 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
uRun: [DymoQuickPrint] "c:\program files\dymo\dymo label software\DymoQuickPrint.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AVG-Secure-Search-Update_1213b] c:\users\doc\appdata\roaming\avg 1213b campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b
uRun: [Google Update] "c:\users\doc\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
StartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\doc\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
uPolicies-Explorer: NoDevMgrUpdate = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com







TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{AF86EF33-8B25-499D-8315-C56CF94D21F0} : DHCPNameServer = 24.220.0.10 24.220.0.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\doc\appdata\roaming\mozilla\firefox\profiles\vno77ekb.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\doc\appdata\local\citrix\plugins\92\npappdetector.dll
FF - plugin: c:\users\doc\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\vno77ekb.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 1970-05-29 09:28; {13CF5C10-9020-1030-0448-9F14B1D26FB9}; -
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-1-8 37664]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-8-20 136784]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2011-1-28 32336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-15 47640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]
R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-02-14 14:50:02    --------    d-----w-    C:\d6386b39e4b86b60094055a40108bf
2014-02-14 13:31:25    --------    d-----w-    C:\540c14da34a495322eaf16233a
2014-02-14 13:25:09    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2014-02-14 10:33:20    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{cd1df98f-6d17-45f4-ae72-72a0285ca33e}\mpengine.dll
2014-02-12 17:34:06    --------    d-----w-    C:\4ed468f2a3287dfcb2963a6e34dbfa
2014-02-12 16:10:03    --------    d-----w-    c:\users\doc\appdata\local\LogMeIn Rescue Applet
2014-02-12 13:39:12    --------    d-----w-    C:\f528aecda5132a0e81aca1a605a3
2014-02-10 19:51:54    --------    d-----w-    C:\e1d5cab6891d64509790
2014-02-10 18:38:32    --------    d-----w-    c:\users\doc\appdata\local\Logitech® Webcam Software
2014-02-10 18:35:13    53248    ----a-r-    c:\users\doc\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2014-02-10 14:25:28    --------    d-----w-    C:\a224cdd97296db76e0d3db
2014-01-25 02:07:24    --------    d-----w-    C:\daa1bf4a4a4eb9ea9c9e72
2014-01-22 13:19:41    --------    d-----w-    c:\users\doc\appdata\local\Spoon
2014-01-20 03:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
.
==================== Find3M  ====================
.
2014-02-05 15:42:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 15:42:07    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-25 02:06:42    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-01-25 02:06:41    53064    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-01-25 02:06:41    31560    ----a-w-    c:\windows\system32\LMIport.dll
2014-01-25 02:06:40    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2014-01-08 14:05:49    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2014-01-06 16:39:17    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 12:13:56    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-17 02:06:22    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-11-26 03:56:22    210712    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-26 03:56:22    149272    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-11-26 03:49:18    120600    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
.
============= FINISH:  9:14:26.26 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/27/2010 4:10:38 PM
System Uptime: 2/14/2014 8:49:11 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0T656F
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | CPU | 2926/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 175.298 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1629: 2/6/2014 3:00:16 AM - Windows Update
RP1630: 2/7/2014 2:09:32 AM - Windows Update
RP1631: 2/7/2014 3:00:15 AM - Windows Update
RP1632: 2/8/2014 3:00:17 AM - Windows Update
RP1633: 2/9/2014 3:00:15 AM - Windows Update
RP1634: 2/10/2014 3:00:16 AM - Windows Update
RP1635: 2/11/2014 3:00:16 AM - Windows Update
RP1636: 2/11/2014 5:25:49 AM - Windows Update
RP1637: 2/12/2014 3:00:16 AM - Windows Update
RP1638: 2/13/2014 3:00:16 AM - Windows Update
RP1639: 2/14/2014 3:00:17 AM - Windows Update
RP1640: 2/14/2014 4:32:46 AM - Windows Update
RP1641: 2/14/2014 7:21:07 AM - Installed AVG 2014
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG SafeGuard toolbar
Bonjour
Buckscore
CameraHelperMsi
Cisco WebEx Meetings
CleanUp!
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
DYMO Label v.8
ECLIPSE Version 11 Standard Demo
erLT
Freemake Video Converter version 4.0.4
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
iTunes
Java Auto Updater
Junk Mail filter update
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Market Samurai
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Silverlight
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PVSonyDll
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sectra CD Viewer System Components
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SmartCloud
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Virtual Office Suite 2.0
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
2/9/2014 3:01:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB977165).
2/7/2014 3:00:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB2813170).
2/14/2014 8:51:58 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 8:51:58 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
2/14/2014 8:49:49 AM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
2/14/2014 3:01:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).
2/14/2014 3:01:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).
2/10/2014 2:47:00 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DRHAUGEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF86EF33-8B25-499D-8315-C56CF9. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Doc [Admin rights]
Mode : Scan -- Date : 02/14/2014 10:15:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-517927956-3188704247-810187072-1000\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b [x][x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 5bf036f086295573c5c85c7e4d9e18a4
[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02142014_101515.txt >>



 

Link to post
Share on other sites

Please start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I'll post the malware report when it is done, but the computer already seems better.

# AdwCleaner v3.018 - Report created 14/02/2014 at 10:46:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional  (32 bits)
# Username : Doc - DOC-PC
# Running from : C:\Users\Doc\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Doc\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16671


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\prefs.js ]

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("extensions.crossrider.bic", "144022bb1d7ed3f3a99659d1fd9ea9af");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [9774 octets] - [06/01/2014 09:46:14]
AdwCleaner[R1].txt - [5437 octets] - [14/02/2014 10:43:51]
AdwCleaner[s0].txt - [10047 octets] - [06/01/2014 09:52:41]
AdwCleaner[s1].txt - [5175 octets] - [14/02/2014 10:46:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5235 octets] ##########

 

 

Link to post
Share on other sites

OK, i'll be out for a while, do this next:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here's the log.  I'm still having pop ups though.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.14.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Doc :: DOC-PC [administrator]

2/14/2014 10:52:20 AM
mbam-log-2014-02-14 (10-52-20).txt

Scan type: Full scan (C:\|D:\|V:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419489
Time elapsed: 2 hour(s), 17 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\Plus-HD-1.2 (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Doc (administrator) on DOC-PC on 17-02-2014 13:15:36
Running from C:\Users\Doc\Downloads
Microsoft Windows 7 Professional  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco WebEx LLC) C:\Windows\system32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Dropbox, Inc.) C:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Future Health) C:\Program Files\Future Health Inc\Virtual Office Suite\vos.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Farbar) C:\Users\Doc\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [DLSService] - "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [DymoQuickPrint] - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-16] (Google Inc.)
HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b
HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [Google Update] - C:\Users\Doc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-03] (Google Inc.)
HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Policies\Explorer: [NoDevMgrUpdate] 1
Startup: C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFACDE7607905CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {BA2166B5-8539-41BF-9871-2279D31DCFC3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=6D341E55-BA81-4D2F-A794-CA8297BBADA6&apn_sauid=82798C2C-1BB4-4765-9AEC-398339557021
SearchScopes: HKCU - {DD5B42CD-641C-4B7B-9439-DEC269C5BD22} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {15772FF0-B907-4D98-B770-0000B63DB314} https://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB
DPF: {16B2BACC-F445-49B2-ABB0-671C5CBE8CE0} https://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridgeControl.CAB
DPF: {69D1E588-02F8-4C00-B311-5C581402C247} https://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} https://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.CAB
DPF: {79C259BD-8024-4992-B445-2C52D3449214} https://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11

FireFox:
========
FF ProfilePath: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @dymo.com/DymoLabelFramework - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Doc\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Plus-HD-1.2 - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com [2014-02-05]
FF Extension: CLSID_ContactReadingPane - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{13CF5C10-9020-1030-0448-9F14B1D26FB9} [2013-12-30]
FF Extension: WebSlingPlayer - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-04-01]

Chrome:
=======
CHR HomePage: homepage_is_newtabpage
CHR Extension: (Google Docs) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-15]
CHR Extension: (Google Drive) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-15]
CHR Extension: (YouTube) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-15]
CHR Extension: (Google Search) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-15]
CHR Extension: (Hangouts) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-15]
CHR Extension: (No Name) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Gmail) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-15]

========================== Services (Whitelisted) =================

R2 atashost; C:\Windows\system32\atashost.exe [136784 2012-08-20] (Cisco WebEx LLC)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-08] (AVG Technologies)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-02-14] ()
U4 Avgfwfd; system32\DRIVERS\avgfwd6x.sys [X]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 13:14 - 2014-02-17 13:15 - 01141248 _____ (Farbar) C:\Users\Doc\Downloads\FRST(1).exe
2014-02-14 10:43 - 2014-02-14 10:43 - 01166132 _____ () C:\Users\Doc\Downloads\AdwCleaner.exe
2014-02-14 10:15 - 2014-02-14 10:15 - 00002302 _____ () C:\Users\Doc\Desktop\RKreport[0]_S_02142014_101515.txt
2014-02-14 09:54 - 2014-02-14 09:54 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-02-14 09:52 - 2014-02-14 10:15 - 00000000 ____D () C:\Users\Doc\Desktop\RK_Quarantine
2014-02-14 09:52 - 2014-02-14 09:52 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller(1).exe
2014-02-14 09:41 - 2014-02-14 09:41 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller.exe
2014-02-14 09:23 - 2014-02-14 09:24 - 00000000 ____D () C:\dd39293b297283fc37b979763654
2014-02-14 09:20 - 2014-02-14 09:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Doc\Downloads\Support-LogMeInRescue(1).exe
2014-02-14 09:14 - 2014-02-14 09:14 - 00016809 _____ () C:\Users\Doc\Desktop\dds.txt
2014-02-14 09:14 - 2014-02-14 09:14 - 00012364 _____ () C:\Users\Doc\Desktop\attach.txt
2014-02-14 09:09 - 2014-02-14 09:09 - 00688992 ____R (Swearware) C:\Users\Doc\Downloads\dds(1).scr
2014-02-14 08:50 - 2014-02-14 08:50 - 00000000 ____D () C:\d6386b39e4b86b60094055a40108bf
2014-02-14 07:31 - 2014-02-14 07:31 - 00000000 ____D () C:\540c14da34a495322eaf16233a
2014-02-14 07:25 - 2014-02-14 07:25 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-02-12 11:34 - 2014-02-12 11:34 - 00000000 ____D () C:\4ed468f2a3287dfcb2963a6e34dbfa
2014-02-12 10:10 - 2014-02-14 10:48 - 00000000 ____D () C:\Users\Doc\AppData\Local\LogMeIn Rescue Applet
2014-02-12 07:39 - 2014-02-12 07:39 - 00000000 ____D () C:\f528aecda5132a0e81aca1a605a3
2014-02-10 13:51 - 2014-02-10 13:52 - 00000000 ____D () C:\e1d5cab6891d64509790
2014-02-10 12:38 - 2014-02-10 12:38 - 00000000 ____D () C:\Users\Doc\AppData\Local\Logitech® Webcam Software
2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Leadertech
2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-02-10 12:34 - 2014-02-10 12:35 - 00004154 _____ () C:\Windows\LDPINST.LOG
2014-02-10 12:33 - 2014-02-10 12:35 - 00000000 ____D () C:\Program Files\Logitech
2014-02-10 12:33 - 2014-02-10 12:33 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2014-02-10 12:29 - 2014-02-10 12:30 - 74637872 _____ (Logitech, Inc.) C:\Users\Doc\Downloads\lws251.exe
2014-02-10 12:14 - 2014-02-17 12:25 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000UA.job
2014-02-10 12:14 - 2014-02-16 22:25 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000Core.job
2014-02-10 08:25 - 2014-02-10 08:26 - 00000000 ____D () C:\a224cdd97296db76e0d3db
2014-01-24 20:07 - 2014-01-24 20:07 - 00000000 ____D () C:\daa1bf4a4a4eb9ea9c9e72
2014-01-23 10:40 - 2014-01-23 10:40 - 02467847 _____ () C:\Users\Doc\Downloads\Awareness Test! Moonwalking Bear Advert!.mp4
2014-01-23 10:18 - 2014-02-10 12:35 - 00008412 _____ () C:\Windows\system32\lvcoinst.log
2014-01-23 10:18 - 2014-02-10 12:35 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-01-23 09:40 - 2014-01-23 09:40 - 02873422 _____ () C:\Users\Doc\Downloads\My son being born. C-section video..mp4
2014-01-23 09:37 - 2014-01-23 09:37 - 12800464 _____ () C:\Users\Doc\Downloads\Food Matters Official Trailer.mp4
2014-01-23 09:30 - 2014-01-23 09:30 - 08633846 _____ () C:\Users\Doc\Downloads\51 Best Kid Fails- Barely Compilation #2.mp4
2014-01-23 09:15 - 2014-01-23 09:16 - 04427066 _____ () C:\Users\Doc\Downloads\DoTheTest- TfL's moonwalking bear ad.mp4
2014-01-22 13:50 - 2014-01-23 12:38 - 96356725 _____ () C:\Users\Public\Documents\perfectedPerfectStorm.pptx
2014-01-22 07:19 - 2014-01-22 07:19 - 00000000 ____D () C:\Users\Doc\AppData\Local\Spoon

==================== One Month Modified Files and Folders =======

2014-02-17 13:15 - 2014-02-17 13:14 - 01141248 _____ (Farbar) C:\Users\Doc\Downloads\FRST(1).exe
2014-02-17 13:15 - 2014-01-06 15:24 - 00017105 _____ () C:\Users\Doc\Downloads\FRST.txt
2014-02-17 13:15 - 2014-01-06 15:23 - 00000000 ____D () C:\FRST
2014-02-17 12:58 - 2010-12-14 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-17 12:48 - 2010-08-16 12:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 12:42 - 2012-06-14 07:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 12:25 - 2014-02-10 12:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000UA.job
2014-02-17 08:15 - 2010-07-27 15:06 - 01711817 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 07:39 - 2010-12-15 13:50 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-02-17 03:48 - 2010-08-16 12:26 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 03:00 - 2011-04-17 02:00 - 00441956 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-17 03:00 - 2011-04-17 02:00 - 00441348 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-16 22:25 - 2014-02-10 12:14 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000Core.job
2014-02-14 10:55 - 2010-07-27 15:13 - 00006394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 10:55 - 2009-07-13 22:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 10:55 - 2009-07-13 22:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 10:49 - 2013-01-23 13:25 - 00000000 ___RD () C:\Users\Doc\Dropbox
2014-02-14 10:49 - 2013-01-23 13:24 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Dropbox
2014-02-14 10:48 - 2014-02-12 10:10 - 00000000 ____D () C:\Users\Doc\AppData\Local\LogMeIn Rescue Applet
2014-02-14 10:47 - 2010-07-27 16:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-14 10:47 - 2010-07-27 15:27 - 00139290 _____ () C:\Windows\PFRO.log
2014-02-14 10:47 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 10:47 - 2009-07-13 22:39 - 00046426 _____ () C:\Windows\setupact.log
2014-02-14 10:46 - 2014-01-06 09:46 - 00000000 ____D () C:\AdwCleaner
2014-02-14 10:43 - 2014-02-14 10:43 - 01166132 _____ () C:\Users\Doc\Downloads\AdwCleaner.exe
2014-02-14 10:15 - 2014-02-14 10:15 - 00002302 _____ () C:\Users\Doc\Desktop\RKreport[0]_S_02142014_101515.txt
2014-02-14 10:15 - 2014-02-14 09:52 - 00000000 ____D () C:\Users\Doc\Desktop\RK_Quarantine
2014-02-14 09:54 - 2014-02-14 09:54 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-02-14 09:52 - 2014-02-14 09:52 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller(1).exe
2014-02-14 09:41 - 2014-02-14 09:41 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller.exe
2014-02-14 09:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 09:24 - 2014-02-14 09:23 - 00000000 ____D () C:\dd39293b297283fc37b979763654
2014-02-14 09:20 - 2014-02-14 09:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Doc\Downloads\Support-LogMeInRescue(1).exe
2014-02-14 09:14 - 2014-02-14 09:14 - 00016809 _____ () C:\Users\Doc\Desktop\dds.txt
2014-02-14 09:14 - 2014-02-14 09:14 - 00012364 _____ () C:\Users\Doc\Desktop\attach.txt
2014-02-14 09:09 - 2014-02-14 09:09 - 00688992 ____R (Swearware) C:\Users\Doc\Downloads\dds(1).scr
2014-02-14 08:50 - 2014-02-14 08:50 - 00000000 ____D () C:\d6386b39e4b86b60094055a40108bf
2014-02-14 07:31 - 2014-02-14 07:31 - 00000000 ____D () C:\540c14da34a495322eaf16233a
2014-02-14 07:31 - 2012-04-26 08:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 07:26 - 2014-01-06 08:59 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-14 07:25 - 2014-02-14 07:25 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-02-14 07:20 - 2013-12-19 22:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 11:34 - 2014-02-12 11:34 - 00000000 ____D () C:\4ed468f2a3287dfcb2963a6e34dbfa
2014-02-12 07:39 - 2014-02-12 07:39 - 00000000 ____D () C:\f528aecda5132a0e81aca1a605a3
2014-02-10 22:25 - 2010-08-17 09:05 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Mozilla
2014-02-10 13:52 - 2014-02-10 13:51 - 00000000 ____D () C:\e1d5cab6891d64509790
2014-02-10 13:50 - 2009-07-13 20:37 - 00000000 __RSD () C:\Windows\Media
2014-02-10 12:38 - 2014-02-10 12:38 - 00000000 ____D () C:\Users\Doc\AppData\Local\Logitech® Webcam Software
2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Leadertech
2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-02-10 12:35 - 2014-02-10 12:34 - 00004154 _____ () C:\Windows\LDPINST.LOG
2014-02-10 12:35 - 2014-02-10 12:33 - 00000000 ____D () C:\Program Files\Logitech
2014-02-10 12:35 - 2014-01-23 10:18 - 00008412 _____ () C:\Windows\system32\lvcoinst.log
2014-02-10 12:35 - 2014-01-23 10:18 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-10 12:34 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\twain_32
2014-02-10 12:33 - 2014-02-10 12:33 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2014-02-10 12:30 - 2014-02-10 12:29 - 74637872 _____ (Logitech, Inc.) C:\Users\Doc\Downloads\lws251.exe
2014-02-10 12:14 - 2010-08-16 10:15 - 00000000 ____D () C:\Users\Doc\AppData\Local\Google
2014-02-10 08:27 - 2013-01-23 13:25 - 00001009 _____ () C:\Users\Doc\Desktop\Dropbox.lnk
2014-02-10 08:27 - 2013-01-23 13:24 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-10 08:26 - 2014-02-10 08:25 - 00000000 ____D () C:\a224cdd97296db76e0d3db
2014-02-10 08:24 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\TAPI
2014-02-10 08:21 - 2014-01-06 09:49 - 00000000 ____D () C:\Users\Doc\AppData\Local\genienext
2014-02-05 09:42 - 2012-06-14 07:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 09:42 - 2011-12-21 11:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 17:47 - 2014-01-15 13:47 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 09:58 - 2014-01-06 08:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-24 20:07 - 2014-01-24 20:07 - 00000000 ____D () C:\daa1bf4a4a4eb9ea9c9e72
2014-01-24 20:07 - 2010-12-15 13:50 - 00000000 ____D () C:\Program Files\LogMeIn
2014-01-24 20:06 - 2010-12-15 13:50 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-01-24 20:06 - 2010-12-15 13:50 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-01-24 20:06 - 2010-12-15 13:50 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-01-23 12:38 - 2014-01-22 13:50 - 96356725 _____ () C:\Users\Public\Documents\perfectedPerfectStorm.pptx
2014-01-23 10:40 - 2014-01-23 10:40 - 02467847 _____ () C:\Users\Doc\Downloads\Awareness Test! Moonwalking Bear Advert!.mp4
2014-01-23 09:40 - 2014-01-23 09:40 - 02873422 _____ () C:\Users\Doc\Downloads\My son being born. C-section video..mp4
2014-01-23 09:37 - 2014-01-23 09:37 - 12800464 _____ () C:\Users\Doc\Downloads\Food Matters Official Trailer.mp4
2014-01-23 09:30 - 2014-01-23 09:30 - 08633846 _____ () C:\Users\Doc\Downloads\51 Best Kid Fails- Barely Compilation #2.mp4
2014-01-23 09:16 - 2014-01-23 09:15 - 04427066 _____ () C:\Users\Doc\Downloads\DoTheTest- TfL's moonwalking bear ad.mp4
2014-01-22 07:19 - 2014-01-22 07:19 - 00000000 ____D () C:\Users\Doc\AppData\Local\Spoon
2014-01-22 07:19 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

Some content of TEMP:
====================
C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exe
C:\Users\Doc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:23

==================== End Of Log ============================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/27/2010 4:10:38 PM
System Uptime: 2/14/2014 8:49:11 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0T656F
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | CPU | 2926/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 175.298 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1629: 2/6/2014 3:00:16 AM - Windows Update
RP1630: 2/7/2014 2:09:32 AM - Windows Update
RP1631: 2/7/2014 3:00:15 AM - Windows Update
RP1632: 2/8/2014 3:00:17 AM - Windows Update
RP1633: 2/9/2014 3:00:15 AM - Windows Update
RP1634: 2/10/2014 3:00:16 AM - Windows Update
RP1635: 2/11/2014 3:00:16 AM - Windows Update
RP1636: 2/11/2014 5:25:49 AM - Windows Update
RP1637: 2/12/2014 3:00:16 AM - Windows Update
RP1638: 2/13/2014 3:00:16 AM - Windows Update
RP1639: 2/14/2014 3:00:17 AM - Windows Update
RP1640: 2/14/2014 4:32:46 AM - Windows Update
RP1641: 2/14/2014 7:21:07 AM - Installed AVG 2014
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG SafeGuard toolbar
Bonjour
Buckscore
CameraHelperMsi
Cisco WebEx Meetings
CleanUp!
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
DYMO Label v.8
ECLIPSE Version 11 Standard Demo
erLT
Freemake Video Converter version 4.0.4
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
iTunes
Java Auto Updater
Junk Mail filter update
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Market Samurai
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Silverlight
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PVSonyDll
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sectra CD Viewer System Components
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SmartCloud
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Virtual Office Suite 2.0
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
2/9/2014 3:01:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB977165).
2/7/2014 3:00:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB2813170).
2/14/2014 8:51:58 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 8:51:58 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
2/14/2014 8:49:49 AM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
2/14/2014 3:01:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).
2/14/2014 3:01:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).
2/10/2014 2:47:00 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DRHAUGEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF86EF33-8B25-499D-8315-C56CF9. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Do you know what this extension is in FireFox:
 

FF Extension: CLSID_ContactReadingPane - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{13CF5C10-9020-1030-0448-9F14B1D26FB9} [2013-12-30]



If not please disable/delete it.

----------------------------------
Next.....

Clean out temp files: (may require a reboot)
Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

------------------------------------

 

Next......

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Delete your copy of AdwCleaner, download and run a fresh copy.

Next.......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last........


Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by Doc at 2014-02-17 15:44:37 Run:2
Running from C:\FRST\FRST-OlderVersion
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
HKLM\...\Run: [] - [X]
FF Extension: Plus-HD-1.2 - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com [2014-02-05]
C:\Program Files\Mobogenie
CHR Extension: (No Name) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-01-15]
C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exe
C:\Users\Doc\AppData\Local\Temp\Quarantine.exe


*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com => not found.
"C:\Program Files\Mobogenie" => File/Directory not found.
C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
"C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.
"C:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exe" => File/Directory not found.
"C:\Users\Doc\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by Doc on Mon 02/17/2014 at 15:52:51.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA2166B5-8539-41BF-9871-2279D31DCFC3}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at 15:56:02.37
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.