chanceinit Posted February 14, 2014 ID:791070 Share Posted February 14, 2014 Please help. I am getting pop ups almost everytime I click on a website. I run malwarebytes and avg and it doesn't find anything. thank you. Link to post Share on other sites More sharing options...
chanceinit Posted February 14, 2014 Author ID:791099 Share Posted February 14, 2014 I'll have the dds up in a minute Link to post Share on other sites More sharing options...
chanceinit Posted February 14, 2014 Author ID:791101 Share Posted February 14, 2014 DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7600.16671Run by Doc at 9:14:04 on 2014-02-14Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1678 [GMT -6:00].AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2014\avgrsx.exeC:\Program Files\AVG\AVG2014\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\atashost.exeC:\Program Files\AVG\AVG2014\avgfws.exeC:\Program Files\AVG\AVG2014\avgidsagent.exeC:\Program Files\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exeC:\Program Files\LogMeIn\x86\LMIGuardianSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\AVG\AVG2014\avgnsx.exeC:\Program Files\AVG\AVG2014\avgemcx.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exeC:\Windows\system32\conhost.exeC:\Program Files\AVG\AVG2014\avgcsrvx.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG2014\avgui.exeC:\Program Files\AVG SafeGuard toolbar\vprot.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exeC:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -uRun: [DymoQuickPrint] "c:\program files\dymo\dymo label software\DymoQuickPrint.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [AVG-Secure-Search-Update_1213b] c:\users\doc\appdata\roaming\avg 1213b campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213buRun: [Google Update] "c:\users\doc\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLYmRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exemRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hideStartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\doc\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exeuPolicies-Explorer: NoDevMgrUpdate = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}Trusted Zone: care360.comTrusted Zone: questdiagnostics.comTrusted Zone: care360.comTrusted Zone: questdiagnostics.comTCP: NameServer = 24.220.0.10 24.220.0.11TCP: Interfaces\{AF86EF33-8B25-499D-8315-C56CF94D21F0} : DHCPNameServer = 24.220.0.10 24.220.0.11Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\doc\appdata\roaming\mozilla\firefox\profiles\vno77ekb.default\FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dllFF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\users\doc\appdata\local\citrix\plugins\92\npappdetector.dllFF - plugin: c:\users\doc\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\vno77ekb.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dllFF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npo1d.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - ExtSQL: !HIDDEN! 1970-05-29 09:28; {13CF5C10-9020-1030-0448-9F14B1D26FB9}; -.---- FIREFOX POLICIES ----FF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-1-8 37664]R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-8-20 136784]R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2011-1-28 32336]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 375120]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-15 47640]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2014-02-14 14:50:02 -------- d-----w- C:\d6386b39e4b86b60094055a40108bf2014-02-14 13:31:25 -------- d-----w- C:\540c14da34a495322eaf16233a2014-02-14 13:25:09 -------- d-----w- c:\program files\AVG SafeGuard toolbar2014-02-14 10:33:20 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd1df98f-6d17-45f4-ae72-72a0285ca33e}\mpengine.dll2014-02-12 17:34:06 -------- d-----w- C:\4ed468f2a3287dfcb2963a6e34dbfa2014-02-12 16:10:03 -------- d-----w- c:\users\doc\appdata\local\LogMeIn Rescue Applet2014-02-12 13:39:12 -------- d-----w- C:\f528aecda5132a0e81aca1a605a32014-02-10 19:51:54 -------- d-----w- C:\e1d5cab6891d645097902014-02-10 18:38:32 -------- d-----w- c:\users\doc\appdata\local\Logitech® Webcam Software2014-02-10 18:35:13 53248 ----a-r- c:\users\doc\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe2014-02-10 14:25:28 -------- d-----w- C:\a224cdd97296db76e0d3db2014-01-25 02:07:24 -------- d-----w- C:\daa1bf4a4a4eb9ea9c9e722014-01-22 13:19:41 -------- d-----w- c:\users\doc\appdata\local\Spoon2014-01-20 03:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys.==================== Find3M ====================.2014-02-05 15:42:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-02-05 15:42:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-01-25 02:06:42 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2014-01-25 02:06:41 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll2014-01-25 02:06:41 31560 ----a-w- c:\windows\system32\LMIport.dll2014-01-25 02:06:40 85832 ----a-w- c:\windows\system32\LMIinit.dll2014-01-08 14:05:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2014-01-06 16:39:17 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-18 12:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe2013-12-17 02:06:22 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-11-26 03:56:22 210712 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-11-26 03:56:22 149272 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-11-26 03:49:18 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys.============= FINISH: 9:14:26.26 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 7/27/2010 4:10:38 PMSystem Uptime: 2/14/2014 8:49:11 AM (1 hours ago).Motherboard: Dell Inc. | | 0T656FProcessor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | CPU | 2926/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 175.298 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1629: 2/6/2014 3:00:16 AM - Windows UpdateRP1630: 2/7/2014 2:09:32 AM - Windows UpdateRP1631: 2/7/2014 3:00:15 AM - Windows UpdateRP1632: 2/8/2014 3:00:17 AM - Windows UpdateRP1633: 2/9/2014 3:00:15 AM - Windows UpdateRP1634: 2/10/2014 3:00:16 AM - Windows UpdateRP1635: 2/11/2014 3:00:16 AM - Windows UpdateRP1636: 2/11/2014 5:25:49 AM - Windows UpdateRP1637: 2/12/2014 3:00:16 AM - Windows UpdateRP1638: 2/13/2014 3:00:16 AM - Windows UpdateRP1639: 2/14/2014 3:00:17 AM - Windows UpdateRP1640: 2/14/2014 4:32:46 AM - Windows UpdateRP1641: 2/14/2014 7:21:07 AM - Installed AVG 2014.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe Acrobat 9 Standard - English, Français, DeutschAdobe Acrobat 9.5.5 - CPSID_83708Adobe AIRAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe SVG Viewer 3.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAVG 2014AVG SafeGuard toolbarBonjourBuckscoreCameraHelperMsiCisco WebEx MeetingsCleanUp!Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDropboxDYMO Label v.8ECLIPSE Version 11 Standard DemoerLTFreemake Video Converter version 4.0.4Google ChromeGoogle Earth Plug-inGoogle Talk (remove only)Google Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToMeeting 5.7.0.1172iTunesJava Auto UpdaterJunk Mail filter updateLogitech Webcam SoftwareLogMeInLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Market SamuraiMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Basic 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2007Microsoft PowerPoint 2010Microsoft Publisher 2010Microsoft SilverlightMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Display Control PanelNVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPVSonyDllQuickTimeRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DE 10.3Roxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSectra CD Viewer System ComponentsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSmartCloudSpelling Dictionaries Support For Adobe Reader 9Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVirtual Office Suite 2.0Visual Studio 2012 x86 RedistributablesWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live UX Platform Language Pack.==== Event Viewer Messages From Past Week ========.2/9/2014 3:01:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB977165).2/7/2014 3:00:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB2813170).2/14/2014 8:51:58 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).2/14/2014 8:51:58 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.2/14/2014 8:49:49 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.2/14/2014 3:01:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).2/14/2014 3:01:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).2/10/2014 2:47:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DRHAUGEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF86EF33-8B25-499D-8315-C56CF9. The master browser is stopping or an election is being forced..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted February 14, 2014 ID:791107 Share Posted February 14, 2014 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General Forum P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running, please create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
chanceinit Posted February 14, 2014 Author ID:791132 Share Posted February 14, 2014 RogueKiller V8.8.7 [Feb 11 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : Doc [Admin rights]Mode : Scan -- Date : 02/14/2014 10:15:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b [x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-517927956-3188704247-810187072-1000\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213b [x][x]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-75M0A0 ATA Device +++++--- User ---[MBR] 5bf036f086295573c5c85c7e4d9e18a4[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_02142014_101515.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted February 14, 2014 ID:791141 Share Posted February 14, 2014 Please start with this: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 14, 2014 Author ID:791151 Share Posted February 14, 2014 I'll post the malware report when it is done, but the computer already seems better.# AdwCleaner v3.018 - Report created 14/02/2014 at 10:46:15# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Professional (32 bits)# Username : Doc - DOC-PC# Running from : C:\Users\Doc\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\Program Files\Common Files\AVG Secure SearchFolder Deleted : C:\Users\Doc\AppData\Local\Temp\AirInstallerFolder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\anttoolbar@ant.comFolder Deleted : C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFile Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\user.js***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask ToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security Toolbar***** [ Browsers ] *****-\\ Internet Explorer v8.0.7600.16671-\\ Mozilla Firefox v27.0.1 (en-US)[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\prefs.js ]Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");Line Deleted : user_pref("extensions.crossrider.bic", "144022bb1d7ed3f3a99659d1fd9ea9af");-\\ Google Chrome v32.0.1700.107[ File : C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : icon_url*************************AdwCleaner[R0].txt - [9774 octets] - [06/01/2014 09:46:14]AdwCleaner[R1].txt - [5437 octets] - [14/02/2014 10:43:51]AdwCleaner[s0].txt - [10047 octets] - [06/01/2014 09:52:41]AdwCleaner[s1].txt - [5175 octets] - [14/02/2014 10:46:15]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5235 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted February 14, 2014 ID:791153 Share Posted February 14, 2014 OK, i'll be out for a while, do this next: Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
MrCharlie Posted February 16, 2014 ID:791995 Share Posted February 16, 2014 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792458 Share Posted February 17, 2014 Here's the log. I'm still having pop ups though. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.02.14.06Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385Doc :: DOC-PC [administrator]2/14/2014 10:52:20 AMmbam-log-2014-02-14 (10-52-20).txtScan type: Full scan (C:\|D:\|V:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 419489Time elapsed: 2 hour(s), 17 minute(s), 4 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKCU\Software\AppDataLow\Software\Plus-HD-1.2 (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792459 Share Posted February 17, 2014 really bad again. Link to post Share on other sites More sharing options...
MrCharlie Posted February 17, 2014 ID:792479 Share Posted February 17, 2014 Where's the logs??????? MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792484 Share Posted February 17, 2014 I posted the malware log you told me to run friday. thats where we stopped. Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792487 Share Posted February 17, 2014 Do you want me to do that farbar download? Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792577 Share Posted February 17, 2014 still around? Link to post Share on other sites More sharing options...
MrCharlie Posted February 17, 2014 ID:792583 Share Posted February 17, 2014 https://forums.malwarebytes.org/index.php?showtopic=142280&p=791153 Run FRST and post the 2 logs. MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792594 Share Posted February 17, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014Ran by Doc (administrator) on DOC-PC on 17-02-2014 13:15:36Running from C:\Users\Doc\DownloadsMicrosoft Windows 7 Professional (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Cisco WebEx LLC) C:\Windows\system32\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Google) C:\Program Files\Google\Google Talk\googletalk.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Dropbox, Inc.) C:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Future Health) C:\Program Files\Future Health Inc\Virtual Office Suite\vos.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe(Farbar) C:\Users\Doc\Downloads\FRST(1).exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [] - [X]HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM\...\Run: [DLSService] - "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exeHKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [DymoQuickPrint] - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-16] (Google Inc.)HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Doc\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9a1d465ba8ec47d2997bd16ae86806e9-e8f00ee2b21726f0922d7a0da0d22bf36224d0f2 /CMPID=1213bHKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Run: [Google Update] - C:\Users\Doc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-03] (Google Inc.)HKU\S-1-5-21-517927956-3188704247-810187072-1000\...\Policies\Explorer: [NoDevMgrUpdate] 1Startup: C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Doc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFACDE7607905CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {BA2166B5-8539-41BF-9871-2279D31DCFC3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=6D341E55-BA81-4D2F-A794-CA8297BBADA6&apn_sauid=82798C2C-1BB4-4765-9AEC-398339557021SearchScopes: HKCU - {DD5B42CD-641C-4B7B-9439-DEC269C5BD22} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {15772FF0-B907-4D98-B770-0000B63DB314} https://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CABDPF: {16B2BACC-F445-49B2-ABB0-671C5CBE8CE0} https://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridgeControl.CABDPF: {69D1E588-02F8-4C00-B311-5C581402C247} https://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} https://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.CABDPF: {79C259BD-8024-4992-B445-2C52D3449214} https://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CABDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabWinsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11FireFox:========FF ProfilePath: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @dymo.com/DymoLabelFramework - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Doc\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Doc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: Plus-HD-1.2 - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com [2014-02-05]FF Extension: CLSID_ContactReadingPane - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{13CF5C10-9020-1030-0448-9F14B1D26FB9} [2013-12-30]FF Extension: WebSlingPlayer - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-04-01]Chrome:=======CHR HomePage: homepage_is_newtabpageCHR Extension: (Google Docs) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-15]CHR Extension: (Google Drive) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-15]CHR Extension: (YouTube) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-15]CHR Extension: (Google Search) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-15]CHR Extension: (Hangouts) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-15]CHR Extension: (No Name) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-01-15]CHR Extension: (Google Wallet) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]CHR Extension: (Gmail) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-15]========================== Services (Whitelisted) =================R2 atashost; C:\Windows\system32\atashost.exe [136784 2012-08-20] (Cisco WebEx LLC)S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]==================== Drivers (Whitelisted) ====================R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-08] (AVG Technologies)U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-02-14] ()U4 Avgfwfd; system32\DRIVERS\avgfwd6x.sys [X]R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]S4 LMIRfsClientNP; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-17 13:14 - 2014-02-17 13:15 - 01141248 _____ (Farbar) C:\Users\Doc\Downloads\FRST(1).exe2014-02-14 10:43 - 2014-02-14 10:43 - 01166132 _____ () C:\Users\Doc\Downloads\AdwCleaner.exe2014-02-14 10:15 - 2014-02-14 10:15 - 00002302 _____ () C:\Users\Doc\Desktop\RKreport[0]_S_02142014_101515.txt2014-02-14 09:54 - 2014-02-14 09:54 - 00026624 _____ () C:\Windows\system32\TrueSight.sys2014-02-14 09:52 - 2014-02-14 10:15 - 00000000 ____D () C:\Users\Doc\Desktop\RK_Quarantine2014-02-14 09:52 - 2014-02-14 09:52 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller(1).exe2014-02-14 09:41 - 2014-02-14 09:41 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller.exe2014-02-14 09:23 - 2014-02-14 09:24 - 00000000 ____D () C:\dd39293b297283fc37b9797636542014-02-14 09:20 - 2014-02-14 09:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Doc\Downloads\Support-LogMeInRescue(1).exe2014-02-14 09:14 - 2014-02-14 09:14 - 00016809 _____ () C:\Users\Doc\Desktop\dds.txt2014-02-14 09:14 - 2014-02-14 09:14 - 00012364 _____ () C:\Users\Doc\Desktop\attach.txt2014-02-14 09:09 - 2014-02-14 09:09 - 00688992 ____R (Swearware) C:\Users\Doc\Downloads\dds(1).scr2014-02-14 08:50 - 2014-02-14 08:50 - 00000000 ____D () C:\d6386b39e4b86b60094055a40108bf2014-02-14 07:31 - 2014-02-14 07:31 - 00000000 ____D () C:\540c14da34a495322eaf16233a2014-02-14 07:25 - 2014-02-14 07:25 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar2014-02-12 11:34 - 2014-02-12 11:34 - 00000000 ____D () C:\4ed468f2a3287dfcb2963a6e34dbfa2014-02-12 10:10 - 2014-02-14 10:48 - 00000000 ____D () C:\Users\Doc\AppData\Local\LogMeIn Rescue Applet2014-02-12 07:39 - 2014-02-12 07:39 - 00000000 ____D () C:\f528aecda5132a0e81aca1a605a32014-02-10 13:51 - 2014-02-10 13:52 - 00000000 ____D () C:\e1d5cab6891d645097902014-02-10 12:38 - 2014-02-10 12:38 - 00000000 ____D () C:\Users\Doc\AppData\Local\Logitech® Webcam Software2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Leadertech2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\ProgramData\LogiShrd2014-02-10 12:34 - 2014-02-10 12:35 - 00004154 _____ () C:\Windows\LDPINST.LOG2014-02-10 12:33 - 2014-02-10 12:35 - 00000000 ____D () C:\Program Files\Logitech2014-02-10 12:33 - 2014-02-10 12:33 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk2014-02-10 12:29 - 2014-02-10 12:30 - 74637872 _____ (Logitech, Inc.) C:\Users\Doc\Downloads\lws251.exe2014-02-10 12:14 - 2014-02-17 12:25 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000UA.job2014-02-10 12:14 - 2014-02-16 22:25 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000Core.job2014-02-10 08:25 - 2014-02-10 08:26 - 00000000 ____D () C:\a224cdd97296db76e0d3db2014-01-24 20:07 - 2014-01-24 20:07 - 00000000 ____D () C:\daa1bf4a4a4eb9ea9c9e722014-01-23 10:40 - 2014-01-23 10:40 - 02467847 _____ () C:\Users\Doc\Downloads\Awareness Test! Moonwalking Bear Advert!.mp42014-01-23 10:18 - 2014-02-10 12:35 - 00008412 _____ () C:\Windows\system32\lvcoinst.log2014-01-23 10:18 - 2014-02-10 12:35 - 00000000 ____D () C:\Program Files\Common Files\logishrd2014-01-23 09:40 - 2014-01-23 09:40 - 02873422 _____ () C:\Users\Doc\Downloads\My son being born. C-section video..mp42014-01-23 09:37 - 2014-01-23 09:37 - 12800464 _____ () C:\Users\Doc\Downloads\Food Matters Official Trailer.mp42014-01-23 09:30 - 2014-01-23 09:30 - 08633846 _____ () C:\Users\Doc\Downloads\51 Best Kid Fails- Barely Compilation #2.mp42014-01-23 09:15 - 2014-01-23 09:16 - 04427066 _____ () C:\Users\Doc\Downloads\DoTheTest- TfL's moonwalking bear ad.mp42014-01-22 13:50 - 2014-01-23 12:38 - 96356725 _____ () C:\Users\Public\Documents\perfectedPerfectStorm.pptx2014-01-22 07:19 - 2014-01-22 07:19 - 00000000 ____D () C:\Users\Doc\AppData\Local\Spoon==================== One Month Modified Files and Folders =======2014-02-17 13:15 - 2014-02-17 13:14 - 01141248 _____ (Farbar) C:\Users\Doc\Downloads\FRST(1).exe2014-02-17 13:15 - 2014-01-06 15:24 - 00017105 _____ () C:\Users\Doc\Downloads\FRST.txt2014-02-17 13:15 - 2014-01-06 15:23 - 00000000 ____D () C:\FRST2014-02-17 12:58 - 2010-12-14 08:25 - 00000000 ____D () C:\ProgramData\MFAData2014-02-17 12:48 - 2010-08-16 12:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-17 12:42 - 2012-06-14 07:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-02-17 12:25 - 2014-02-10 12:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000UA.job2014-02-17 08:15 - 2010-07-27 15:06 - 01711817 _____ () C:\Windows\WindowsUpdate.log2014-02-17 07:39 - 2010-12-15 13:50 - 00000000 ____D () C:\ProgramData\LogMeIn2014-02-17 03:48 - 2010-08-16 12:26 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-17 03:00 - 2011-04-17 02:00 - 00441956 _____ () C:\Windows\msxml4-KB973688-enu.LOG2014-02-17 03:00 - 2011-04-17 02:00 - 00441348 _____ () C:\Windows\msxml4-KB954430-enu.LOG2014-02-16 22:25 - 2014-02-10 12:14 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517927956-3188704247-810187072-1000Core.job2014-02-14 10:55 - 2010-07-27 15:13 - 00006394 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-14 10:55 - 2009-07-13 22:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-14 10:55 - 2009-07-13 22:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-14 10:49 - 2013-01-23 13:25 - 00000000 ___RD () C:\Users\Doc\Dropbox2014-02-14 10:49 - 2013-01-23 13:24 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Dropbox2014-02-14 10:48 - 2014-02-12 10:10 - 00000000 ____D () C:\Users\Doc\AppData\Local\LogMeIn Rescue Applet2014-02-14 10:47 - 2010-07-27 16:37 - 00000000 ____D () C:\ProgramData\NVIDIA2014-02-14 10:47 - 2010-07-27 15:27 - 00139290 _____ () C:\Windows\PFRO.log2014-02-14 10:47 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-14 10:47 - 2009-07-13 22:39 - 00046426 _____ () C:\Windows\setupact.log2014-02-14 10:46 - 2014-01-06 09:46 - 00000000 ____D () C:\AdwCleaner2014-02-14 10:43 - 2014-02-14 10:43 - 01166132 _____ () C:\Users\Doc\Downloads\AdwCleaner.exe2014-02-14 10:15 - 2014-02-14 10:15 - 00002302 _____ () C:\Users\Doc\Desktop\RKreport[0]_S_02142014_101515.txt2014-02-14 10:15 - 2014-02-14 09:52 - 00000000 ____D () C:\Users\Doc\Desktop\RK_Quarantine2014-02-14 09:54 - 2014-02-14 09:54 - 00026624 _____ () C:\Windows\system32\TrueSight.sys2014-02-14 09:52 - 2014-02-14 09:52 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller(1).exe2014-02-14 09:41 - 2014-02-14 09:41 - 03813376 _____ () C:\Users\Doc\Downloads\RogueKiller.exe2014-02-14 09:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF2014-02-14 09:24 - 2014-02-14 09:23 - 00000000 ____D () C:\dd39293b297283fc37b9797636542014-02-14 09:20 - 2014-02-14 09:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Doc\Downloads\Support-LogMeInRescue(1).exe2014-02-14 09:14 - 2014-02-14 09:14 - 00016809 _____ () C:\Users\Doc\Desktop\dds.txt2014-02-14 09:14 - 2014-02-14 09:14 - 00012364 _____ () C:\Users\Doc\Desktop\attach.txt2014-02-14 09:09 - 2014-02-14 09:09 - 00688992 ____R (Swearware) C:\Users\Doc\Downloads\dds(1).scr2014-02-14 08:50 - 2014-02-14 08:50 - 00000000 ____D () C:\d6386b39e4b86b60094055a40108bf2014-02-14 07:31 - 2014-02-14 07:31 - 00000000 ____D () C:\540c14da34a495322eaf16233a2014-02-14 07:31 - 2012-04-26 08:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-02-14 07:26 - 2014-01-06 08:59 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-02-14 07:25 - 2014-02-14 07:25 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar2014-02-14 07:20 - 2013-12-19 22:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-02-12 11:34 - 2014-02-12 11:34 - 00000000 ____D () C:\4ed468f2a3287dfcb2963a6e34dbfa2014-02-12 07:39 - 2014-02-12 07:39 - 00000000 ____D () C:\f528aecda5132a0e81aca1a605a32014-02-10 22:25 - 2010-08-17 09:05 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Mozilla2014-02-10 13:52 - 2014-02-10 13:51 - 00000000 ____D () C:\e1d5cab6891d645097902014-02-10 13:50 - 2009-07-13 20:37 - 00000000 __RSD () C:\Windows\Media2014-02-10 12:38 - 2014-02-10 12:38 - 00000000 ____D () C:\Users\Doc\AppData\Local\Logitech® Webcam Software2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Leadertech2014-02-10 12:35 - 2014-02-10 12:35 - 00000000 ____D () C:\ProgramData\LogiShrd2014-02-10 12:35 - 2014-02-10 12:34 - 00004154 _____ () C:\Windows\LDPINST.LOG2014-02-10 12:35 - 2014-02-10 12:33 - 00000000 ____D () C:\Program Files\Logitech2014-02-10 12:35 - 2014-01-23 10:18 - 00008412 _____ () C:\Windows\system32\lvcoinst.log2014-02-10 12:35 - 2014-01-23 10:18 - 00000000 ____D () C:\Program Files\Common Files\logishrd2014-02-10 12:34 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\twain_322014-02-10 12:33 - 2014-02-10 12:33 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk2014-02-10 12:30 - 2014-02-10 12:29 - 74637872 _____ (Logitech, Inc.) C:\Users\Doc\Downloads\lws251.exe2014-02-10 12:14 - 2010-08-16 10:15 - 00000000 ____D () C:\Users\Doc\AppData\Local\Google2014-02-10 08:27 - 2013-01-23 13:25 - 00001009 _____ () C:\Users\Doc\Desktop\Dropbox.lnk2014-02-10 08:27 - 2013-01-23 13:24 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-02-10 08:26 - 2014-02-10 08:25 - 00000000 ____D () C:\a224cdd97296db76e0d3db2014-02-10 08:24 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\TAPI2014-02-10 08:21 - 2014-01-06 09:49 - 00000000 ____D () C:\Users\Doc\AppData\Local\genienext2014-02-05 09:42 - 2012-06-14 07:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-02-05 09:42 - 2011-12-21 11:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-02-03 17:47 - 2014-01-15 13:47 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-01-31 09:58 - 2014-01-06 08:57 - 00000000 ____D () C:\ProgramData\AVG20142014-01-24 20:07 - 2014-01-24 20:07 - 00000000 ____D () C:\daa1bf4a4a4eb9ea9c9e722014-01-24 20:07 - 2010-12-15 13:50 - 00000000 ____D () C:\Program Files\LogMeIn2014-01-24 20:06 - 2010-12-15 13:50 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll2014-01-24 20:06 - 2010-12-15 13:50 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll2014-01-24 20:06 - 2010-12-15 13:50 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll2014-01-23 12:38 - 2014-01-22 13:50 - 96356725 _____ () C:\Users\Public\Documents\perfectedPerfectStorm.pptx2014-01-23 10:40 - 2014-01-23 10:40 - 02467847 _____ () C:\Users\Doc\Downloads\Awareness Test! Moonwalking Bear Advert!.mp42014-01-23 09:40 - 2014-01-23 09:40 - 02873422 _____ () C:\Users\Doc\Downloads\My son being born. C-section video..mp42014-01-23 09:37 - 2014-01-23 09:37 - 12800464 _____ () C:\Users\Doc\Downloads\Food Matters Official Trailer.mp42014-01-23 09:30 - 2014-01-23 09:30 - 08633846 _____ () C:\Users\Doc\Downloads\51 Best Kid Fails- Barely Compilation #2.mp42014-01-23 09:16 - 2014-01-23 09:15 - 04427066 _____ () C:\Users\Doc\Downloads\DoTheTest- TfL's moonwalking bear ad.mp42014-01-22 07:19 - 2014-01-22 07:19 - 00000000 ____D () C:\Users\Doc\AppData\Local\Spoon2014-01-22 07:19 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft sharedSome content of TEMP:====================C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dllC:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exeC:\Users\Doc\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-02-08 00:23==================== End Of Log ============================.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 7/27/2010 4:10:38 PMSystem Uptime: 2/14/2014 8:49:11 AM (1 hours ago).Motherboard: Dell Inc. | | 0T656FProcessor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | CPU | 2926/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 175.298 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1629: 2/6/2014 3:00:16 AM - Windows UpdateRP1630: 2/7/2014 2:09:32 AM - Windows UpdateRP1631: 2/7/2014 3:00:15 AM - Windows UpdateRP1632: 2/8/2014 3:00:17 AM - Windows UpdateRP1633: 2/9/2014 3:00:15 AM - Windows UpdateRP1634: 2/10/2014 3:00:16 AM - Windows UpdateRP1635: 2/11/2014 3:00:16 AM - Windows UpdateRP1636: 2/11/2014 5:25:49 AM - Windows UpdateRP1637: 2/12/2014 3:00:16 AM - Windows UpdateRP1638: 2/13/2014 3:00:16 AM - Windows UpdateRP1639: 2/14/2014 3:00:17 AM - Windows UpdateRP1640: 2/14/2014 4:32:46 AM - Windows UpdateRP1641: 2/14/2014 7:21:07 AM - Installed AVG 2014.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe Acrobat 9 Standard - English, Français, DeutschAdobe Acrobat 9.5.5 - CPSID_83708Adobe AIRAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe SVG Viewer 3.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAVG 2014AVG SafeGuard toolbarBonjourBuckscoreCameraHelperMsiCisco WebEx MeetingsCleanUp!Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDropboxDYMO Label v.8ECLIPSE Version 11 Standard DemoerLTFreemake Video Converter version 4.0.4Google ChromeGoogle Earth Plug-inGoogle Talk (remove only)Google Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToMeeting 5.7.0.1172iTunesJava Auto UpdaterJunk Mail filter updateLogitech Webcam SoftwareLogMeInLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Market SamuraiMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Basic 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2007Microsoft PowerPoint 2010Microsoft Publisher 2010Microsoft SilverlightMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Display Control PanelNVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPVSonyDllQuickTimeRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DE 10.3Roxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSectra CD Viewer System ComponentsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSmartCloudSpelling Dictionaries Support For Adobe Reader 9Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVirtual Office Suite 2.0Visual Studio 2012 x86 RedistributablesWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live UX Platform Language Pack.==== Event Viewer Messages From Past Week ========.2/9/2014 3:01:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB977165).2/7/2014 3:00:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 (KB2813170).2/14/2014 8:51:58 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).2/14/2014 8:51:58 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.2/14/2014 8:49:49 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.2/14/2014 3:01:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).2/14/2014 3:01:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).2/10/2014 2:47:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DRHAUGEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF86EF33-8B25-499D-8315-C56CF9. The master browser is stopping or an election is being forced..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted February 17, 2014 ID:792616 Share Posted February 17, 2014 Do you know what this extension is in FireFox: FF Extension: CLSID_ContactReadingPane - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\{13CF5C10-9020-1030-0448-9F14B1D26FB9} [2013-12-30]If not please disable/delete it.----------------------------------Next.....Clean out temp files: (may require a reboot)Download TFC from here and save it to your desktop.http://oldtimer.geekstogo.com/TFC.exeClose any open programs and Internet browsers.Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.------------------------------------ Next......Download the attached fixlist.txt to the same folder as FRST.Run FRST.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.Then......Delete your copy of AdwCleaner, download and run a fresh copy.Next....... Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Last........Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792633 Share Posted February 17, 2014 I don't see the attached fixlist.txt Link to post Share on other sites More sharing options...
MrCharlie Posted February 17, 2014 ID:792637 Share Posted February 17, 2014 Here you go: MrC Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792675 Share Posted February 17, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014Ran by Doc at 2014-02-17 15:44:37 Run:2Running from C:\FRST\FRST-OlderVersionBoot Mode: Normal==============================================Content of fixlist:*****************SearchScopes: HKLM - DefaultScope value is missing.HKLM\...\Run: [] - [X]FF Extension: Plus-HD-1.2 - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com [2014-02-05]C:\Program Files\MobogenieCHR Extension: (No Name) - C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-01-15]C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dllC:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exeC:\Users\Doc\AppData\Local\Temp\Quarantine.exe*****************HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\vno77ekb.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com => not found."C:\Program Files\Mobogenie" => File/Directory not found.C:\Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully."C:\Users\Doc\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found."C:\Users\Doc\AppData\Local\Temp\oi_{20E03CE3-1F1C-4536-966D-B06E1783553D}.exe" => File/Directory not found."C:\Users\Doc\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792680 Share Posted February 17, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Professional x86Ran by Doc on Mon 02/17/2014 at 15:52:51.59~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA2166B5-8539-41BF-9871-2279D31DCFC3}Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/17/2014 at 15:56:02.37Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
chanceinit Posted February 17, 2014 Author ID:792681 Share Posted February 17, 2014 I can't run malwarebytes anymore...error messages pop up. Link to post Share on other sites More sharing options...
MrCharlie Posted February 18, 2014 ID:792775 Share Posted February 18, 2014 What are they?? Link to post Share on other sites More sharing options...
chanceinit Posted February 19, 2014 Author ID:793583 Share Posted February 19, 2014 run time error 0 and run time error 440 automation error Link to post Share on other sites More sharing options...
Recommended Posts