PUP.Optional.DomaIQ problem causing PC extreme slowdown

yosoy4ever · February 16, 2014

Hello - My PC started to act up and run really, really slow. At first I thought it might be a problem with my ISP, but a speed test program said NO the speed is within range of what I am paying for, namely 18 megs. I ran the QUICK SCAN on my malewarebytes download and found TWO instances of malcious software named: PUP.Optional.DomaIQ. I clicked on these two items and then removed them and will restart my PC right after I post this new topic requesting expert advice and help. Here is a copy of the log that I got:

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

2/16/2014 12:33:16 PM
MBAM-log-2014-02-16 (14-48-49).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\NewDesktop_3_2010\Downloads\malwarebytes (1).exe (PUP.Optional.DomalQ) -> No action taken.
C:\Users\NewDesktop_3_2010\Downloads\malwarebytes.exe (PUP.Optional.DomalQ) -> No action taken.

(end)

Can someone please tell me what I should do next to make sure that my PC has been totally irradicated of maleware ? thanks, Susan Sunday February 16, 2014 at 2:55 pm est

MrCharlie · February 16, 2014

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

yosoy4ever · February 17, 2014

Hello, here are the reports you asked me to run & post to you. Please let me know what YOU want ME to do next. thanks, Susan Monday February 17, 2014 at 3:44 pm est

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.45.2
Run by NewDesktop_3_2010 at 15:24:41 on 2014-02-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2390 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\lxcycoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {4219427b-0228-4356-a78b-eb7668d37d07} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [shopAtHomeWatcher] C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: ebay.com
Trusted Zone: restaurant.com
Trusted Zone: turbotax.com

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CC9D20E2-0AA7-493D-93FC-2A91893487D6} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [lxcymon.exe] "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 43985914;43985914;C:\Windows\System32\drivers\43985914.sys [2013-8-23 460888]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-20 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-12-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-12-10 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-12-10 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSviA64.sys [2014-2-15 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-12-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-12-10 590936]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 lxcy_device;lxcy_device;C:\Windows\System32\lxcycoms.exe -service --> C:\Windows\System32\lxcycoms.exe -service [?]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-12-10 275696]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2013-10-22 2144056]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2010-3-10 411136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-5 137648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-8-10 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-26 1255736]
.
=============== Created Last 30 ================
.
2014-02-16 22:59:10 632 ----a-w- C:\Windows\System32\cc_20140216_175907.reg
2014-02-16 17:31:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-16 17:31:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 14:57:33 -------- d-----w- C:\Users\NewDesktop_3_2010\AppData\Local\FileTypeAssistant
2014-02-16 13:53:30 10146 ----a-w- C:\Windows\System32\cc_20140216_085256_2_15_2014.reg
2014-02-13 20:41:37 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-03 16:22:49 632 ----a-w- C:\Windows\System32\cc_20140203_112137.reg
2014-01-26 18:59:44 -------- d-----w- C:\Users\NewDesktop_3_2010\AppData\Roaming\osphone
2014-01-26 18:59:05 -------- d-----w- C:\Program Files (x86)\OneSuite
2014-01-26 16:58:09 632 ----a-w- C:\Windows\System32\cc_20140126_115803.reg
2014-01-24 14:35:56 632 ----a-w- C:\Windows\System32\cc_20140124_093553.reg
2014-01-23 23:06:00 737217 ----a-w- C:\ProgramData\SPLC457.tmp
2014-01-23 15:09:34 632 ----a-w- C:\Windows\System32\cc_20140123_100930.reg
2014-01-23 04:02:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-23 02:38:55 1622 ----a-w- C:\Windows\System32\cc_20140122_213848.reg
2014-01-22 23:30:52 -------- d-----w- C:\ProgramData\Ezprint
2014-01-22 23:30:43 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar
2014-01-22 23:27:20 -------- d-----w- C:\Program Files\TWAIN Working Group
2014-01-22 21:44:28 144896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxcypp6c.dll
2014-01-22 21:44:06 -------- d-----w- C:\Program Files\Lexmark 3400 Series
2014-01-22 21:43:43 -------- d-----w- C:\Program Files (x86)\Lexmark 3400 Series
2014-01-22 21:43:42 385024 ----a-w- C:\Windows\SysWow64\lxcycomx.dll
2014-01-22 21:43:40 983107 ----a-w- C:\Windows\SysWow64\lxcygf.dll
2014-01-22 21:43:38 181168 ----a-w- C:\Windows\SysWow64\lxcyppls.exe
2014-01-22 21:43:27 305152 ----a-w- C:\Windows\System32\lxcyhcp.dll
2014-01-22 21:43:27 194048 ----a-w- C:\Windows\System32\lxcyinst.dll
2014-01-22 21:43:26 983107 ----a-w- C:\Windows\System32\lxcygf.dll
2014-01-22 21:43:26 64512 ----a-w- C:\Windows\System32\lxcycfg.dll
2014-01-22 19:03:48 -------- d-----w- C:\Program Files\lx_cats
2014-01-22 18:59:12 -------- d-----w- C:\lexmark
.
==================== Find3M ====================
.
2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-04 22:48:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 22:48:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-06 16:39:00 1040 ----a-w- C:\Windows\System32\cc_20140106_113818.reg
2014-01-02 21:49:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-15 16:02:51 632 ----a-w- C:\Windows\System32\cc_20131215_110247.reg
2013-12-15 16:02:12 738 ----a-w- C:\Windows\System32\cc_20131215_110149.reg
2013-12-12 20:46:25 18084 ----a-w- C:\Windows\System32\cc_20131212_154618.reg
2013-12-12 19:41:13 96246 ----a-w- C:\Windows\System32\cc_20131212_144050.reg
2013-12-11 03:30:20 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-30 19:07:56 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 15:25:34.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2010 10:05:21 PM
System Uptime: 2/17/2014 1:53:03 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Intel® Celeron® CPU 450 @ 2.20GHz | CPU 1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 588 GiB total, 540.465 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 892.653 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
American Airlines Timetable
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Avanquest update
CameraHelperMsi
CardRd81
Catalina Savings Printer
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
CR2
D3DX10
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
DHTML Editing Component
Digital Line Detect
EPSON Printer Software
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
File Type Assistant
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Graboid Video 3.58
Graboid Video 3.58 Setup
IBM ViaVoice Integration With 1-2-3
IBM ViaVoice Outloud Runtime - US English
IBM ViaVoice Technology, Dictation Runtime 5.3
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
ItsDeductible Express
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Kodak EasyShare software
Lexmark 3400 Series
Logitech Vid HD
Logitech Webcam Software
Lotus 1-2-3
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.96.112.08260
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XML Parser
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Norton Identity Safe
Norton Internet Security
Norton Utilities
novaPDF Professional Desktop 7.5 printer
OfotoXMI
OneSuite Phone version 1.0.8.21
ParetoLogic Data Recovery
PDFZilla V1.2.9
Power E*TRADE Pro
PowerDVD DX
Quicken 2010
Roxio Burn
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 6.3
staticcr
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Twacker 64
VLC media player 1.0.1
VPRINTOL
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/17/2014 1:57:05 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2014 1:54:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/17/2014 1:53:27 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2014 1:53:26 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2014 1:50:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user NewDesktop_3_10\NewDesktop_3_2010 SID (S-1-5-21-4200233565-3368421019-1326646657-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/17/2014 1:39:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
2/17/2014 1:39:00 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/16/2014 11:51:04 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the NCO service.
2/16/2014 1:18:38 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NewDesktop_3_2010 [Admin rights]
Mode : Scan -- Date : 02/17/2014 15:36:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] ShopAtHomeWatcher.exe -- C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7] -> KILLED [TermProc]
[sUSP PATH] ShopAtHomeHelper.exe -- C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : ShopAtHomeWatcher (C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\NEWDES~1\AppData\Local\Temp\IHU3480.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] ef06590f8dbef73356b8fe325407a46f
[bSP] 03f896d43fd327991aba875e0b041025 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 8818 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18171904 | Size: 601606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate GoFlex Desk USB Device +++++
--- User ---
[MBR] 642d0efb3553515863de4a0bdbac8893
[bSP] 412dcdea3a9e518683f557cee88d0739 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02172014_153620.txt >>

MrCharlie · February 18, 2014

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Last.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

yosoy4ever · February 18, 2014

Hi..I did as you said and HERE are all the logs below. I had two MBAM logs, so I am sending you both of them. I rebooted my PC and have STILL NOTICED it is STILL VERY SLOW. I also noted that when I am typing this reply to YOU, it seems like the typing of the words IS VERY SLOW (I type around 80 wpm and I seem to be WAITING for the cursor to move VERY SLOWLY to allowing me to type in the next letter and I am sure I am not typing faster than 20 wpm !!) In addition, SOME OF THE LETTERS DO NOT APPEAR that I have TYPED IN unless I really slow down my typing speed ! also am GETTING some disturbing POP UPS that I never DID BEORE......1) Some kind of notice as to whether or not I want to disable some add ons to increase my SPEED...and when I click on REVIEW I see a disturbing notice (which I have NEVER seen before, and please understand I have been using Norton Utilities and Norton Internet Security for 20 years!) that my NORTON TOOL BAR is ADDING 727.52 seconds to my startup ! I said REMOVE, and the PC still seems VERY lethargic after reboot, and I have just ENABLED it from View,toolbars......AND AGAIN unbeievably SLOW performace of my PC. 2) some kind of pop up NOTIFICATON is appearing ALL OF A SUDDEN in the bottom right of my screen, many times, and each one constantly telling ME THAT SOME OF MY PROGRAMS have an UPDATE avaiable....and when I go in to check if this is SO, there is no UPDATE available...its like a very REOCCURING pop up with no sense to why it materialized !! 3) My home page is www.yahoo.com and when I launch another wndow into my home page....a POP UP appears.....saying I am at: www.shopathome.com (while at this same time my address bar SAYS I am at www.yahoo.com AND THE POP UP ASKS ME if I want to change from www.shopathome.com to the other website, for example, www.google.com that I really want to go to from my home page !! This is HAPPENING every time now....as though in the background....it keeps saying I am at www.shopathome.com even though, when check TOOS, INTENET OPTIONS it CONFIRMS that my home page is www.yahoo.com and it appears www.shopathome.com has TAKEN OVER as a TRAFFIC CONTROLLER of all my PC ??? 4) All of a sudden I am starting to get COMPATABILITY VIEW pop ups to websites that I have always used and are not obscure, remote websites ! I don't KNOW what that IS ALL ABOUT...I am using Windows 7 64 BIT with IE 9. Can I go back to IE 8....as it probably AUTOMATICALLLY took me to IE 9 on my automatic Windows updates....WITHOUT me knowing, as I LAST REMEMBER HAVING IE 8 - are there BUGS in IE 9 that could counter interact with Windows 7 64-Bit ? So Mr C......I am HAVING ALOT OF NEW PROBLEM wth this LETHARGY of my PC's operation. Thanks for your help and LET ME KNOW WHAT YOUR EXPERT OPINION is to do NEXT. I always have had the NORTON TOOLBAR so I can make use of the IDENTITY SAFE feature..so I am lost for an explanation of being able to type only 20 wpm and ME having to WAIT for the blinking cursor to move to the next letter !! Regards, and thanks for your assitance. Susan Tuesday February 18, 2014 at 11:55 am est

AdwCleaner v3.019 - Report created 18/02/2014 at 10:00:54
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NewDesktop_3_2010 - NEWDESKTOP_3_10
# Running from : C:\Users\NewDesktop_3_2010\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Local\filetypeassistant
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\uniblue
[x] Not Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InboxDollars

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4219427B-0228-4356-A78B-EB7668D37D07}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Mozilla Firefox v

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1286 octets] - [18/02/2014 08:56:46]
AdwCleaner[s0].txt - [1222 octets] - [18/02/2014 10:00:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1282 octets] ##########

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NewDesktop_3_2010 [Admin rights]
Mode : Scan -- Date : 02/17/2014 15:36:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] ShopAtHomeWatcher.exe -- C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7] -> KILLED [TermProc]
[sUSP PATH] ShopAtHomeHelper.exe -- C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : ShopAtHomeWatcher (C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[sERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 43985914 (C:\Windows\system32\DRIVERS\43985914.sys [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\NEWDES~1\AppData\Local\Temp\IHU3480.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] ef06590f8dbef73356b8fe325407a46f
[bSP] 03f896d43fd327991aba875e0b041025 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 8818 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18171904 | Size: 601606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate GoFlex Desk USB Device +++++
--- User ---
[MBR] 642d0efb3553515863de4a0bdbac8893
[bSP] 412dcdea3a9e518683f557cee88d0739 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02172014_153620.txt >>

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

2/16/2014 12:33:16 PM
MBAM-log-2014-02-16 (14-48-49).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\NewDesktop_3_2010\Downloads\malwarebytes (1).exe (PUP.Optional.DomalQ) -> No action taken.
C:\Users\NewDesktop_3_2010\Downloads\malwarebytes.exe (PUP.Optional.DomalQ) -> No action taken.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

2/18/2014 10:38:22 AM
mbam-log-2014-02-18 (10-38-22).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MrCharlie · February 18, 2014

Clean out temp files: (may require a reboot)

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Next.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

yosoy4ever · February 18, 2014

Hi...I did as you said, and here is the log. I will wait to hear the NEXT STEP from you. Thanks and regards, Susan Tuesday February 18, 2014 at 1:33 pm est

ComboFix 14-02-16.01 - NewDesktop_3_2010 02/18/2014 12:55:16.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2628 [GMT -5:00]
Running from: c:\users\NewDesktop_3_2010\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\drivers.ini
c:\programdata\SPLC457.tmp
J:\Autorun.inf
J:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-18 to 2014-02-18 )))))))))))))))))))))))))))))))
.
.
2014-02-18 18:06 . 2014-02-18 18:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-18 18:06 . 2014-02-18 18:06 -------- d-----w- c:\users\DELL\AppData\Local\temp
2014-02-18 18:06 . 2014-02-18 18:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-02-18 18:06 . 2014-02-18 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 17:10 . 2014-02-18 17:10 -------- d-----w- c:\users\NewDesktop_3_2010\AppData\Local\FileTypeAssistant
2014-02-18 13:54 . 2014-02-18 15:01 -------- d-----w- C:\AdwCleaner
2014-02-16 22:59 . 2014-02-16 22:59 632 ----a-w- c:\windows\system32\cc_20140216_175907.reg
2014-02-16 17:31 . 2014-02-16 17:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-16 17:31 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-16 13:53 . 2014-02-16 14:01 10146 ----a-w- c:\windows\system32\cc_20140216_085256_2_15_2014.reg
2014-02-13 20:41 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-03 16:22 . 2014-02-03 16:22 632 ----a-w- c:\windows\system32\cc_20140203_112137.reg
2014-01-26 18:59 . 2014-01-26 18:59 -------- d-----w- c:\users\NewDesktop_3_2010\AppData\Roaming\osphone
2014-01-26 18:59 . 2014-01-26 18:59 -------- d-----w- c:\program files (x86)\OneSuite
2014-01-26 16:58 . 2014-01-26 16:58 632 ----a-w- c:\windows\system32\cc_20140126_115803.reg
2014-01-24 14:35 . 2014-01-24 14:35 632 ----a-w- c:\windows\system32\cc_20140124_093553.reg
2014-01-23 15:09 . 2014-01-23 15:09 632 ----a-w- c:\windows\system32\cc_20140123_100930.reg
2014-01-23 02:38 . 2014-01-23 02:38 1622 ----a-w- c:\windows\system32\cc_20140122_213848.reg
2014-01-22 23:30 . 2014-01-22 23:30 -------- d-----w- c:\programdata\Ezprint
2014-01-22 23:30 . 2014-01-22 23:30 -------- d-----w- c:\program files (x86)\Lexmark Toolbar
2014-01-22 23:27 . 2014-01-22 23:27 -------- d-----w- c:\program files\TWAIN Working Group
2014-01-22 21:44 . 2006-11-27 08:55 144896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxcypp6c.dll
2014-01-22 21:44 . 2014-01-22 21:44 -------- d-----w- c:\program files\Lexmark 3400 Series
2014-01-22 21:43 . 2014-01-22 23:34 -------- d-----w- c:\program files (x86)\Lexmark 3400 Series
2014-01-22 21:43 . 2007-04-23 03:11 385024 ----a-w- c:\windows\SysWow64\lxcycomx.dll
2014-01-22 21:43 . 2006-05-09 22:15 983107 ----a-w- c:\windows\SysWow64\lxcygf.dll
2014-01-22 21:43 . 2006-11-29 17:57 181168 ----a-w- c:\windows\SysWow64\lxcyppls.exe
2014-01-22 21:43 . 2007-04-04 17:11 194048 ----a-w- c:\windows\system32\lxcyinst.dll
2014-01-22 21:43 . 2006-11-06 23:05 305152 ----a-w- c:\windows\system32\lxcyhcp.dll
2014-01-22 21:43 . 2006-09-06 11:18 64512 ----a-w- c:\windows\system32\lxcycfg.dll
2014-01-22 21:43 . 2006-05-09 22:15 983107 ----a-w- c:\windows\system32\lxcygf.dll
2014-01-22 21:11 . 2014-01-22 21:12 -------- d-----w- c:\users\Administrator
2014-01-22 19:03 . 2014-01-23 23:29 -------- d-----w- c:\program files\lx_cats
2014-01-22 18:59 . 2014-01-22 18:59 -------- d-----w- C:\lexmark
2014-01-22 16:56 . 2014-01-23 02:33 -------- d-----w- c:\users\Lexmark\AppData\Local\LogMeIn Rescue Applet
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-14 12:35 . 2010-04-15 11:11 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-04 22:48 . 2013-05-02 18:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 22:48 . 2013-05-02 18:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-06 16:39 . 2014-01-06 16:38 1040 ----a-w- c:\windows\system32\cc_20140106_113818.reg
2014-01-02 21:49 . 2014-01-02 21:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-12-15 16:02 . 2013-12-15 16:02 632 ----a-w- c:\windows\system32\cc_20131215_110247.reg
2013-12-15 16:02 . 2013-12-15 16:01 738 ----a-w- c:\windows\system32\cc_20131215_110149.reg
2013-12-12 20:46 . 2013-12-12 20:46 18084 ----a-w- c:\windows\system32\cc_20131212_154618.reg
2013-12-12 19:41 . 2013-12-12 19:41 96246 ----a-w- c:\windows\system32\cc_20131212_144050.reg
2013-12-11 03:30 . 2012-11-20 14:39 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-30 19:07 . 2013-11-30 19:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-27 01:41 . 2014-01-15 14:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 14:47 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 14:47 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 14:47 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 14:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 14:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 14:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 14:47 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 14:47 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 06:17 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 06:17 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"ShopAtHomeWatcher"="c:\users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-01-29 119672]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2011-2-23 323584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ShopAtHomeWatcher"=c:\users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 43985914;43985914;c:\windows\system32\DRIVERS\43985914.sys;c:\windows\SYSNATIVE\DRIVERS\43985914.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140217.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140217.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 20:14 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 22:48]
.
2014-01-26 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 15:35]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 15:35]
.
2014-02-17 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"lxcymon.exe"="c:\program files (x86)\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: aa.com\jetnet
Trusted Zone: adobe.com\www
Trusted Zone: ebay.com
Trusted Zone: ebay.com\my
Trusted Zone: ebay.com\signin
Trusted Zone: etrade.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: java.com\www
Trusted Zone: microsoft.com\answers
Trusted Zone: mypoints.com\www
Trusted Zone: optionshouse.com\www
Trusted Zone: restaurant.com
Trusted Zone: restaurant.com\www
Trusted Zone: restaurant.com\www2
Trusted Zone: sbdanbury.com\www
Trusted Zone: sbdanburyonline.com\www
Trusted Zone: starbucks.com\www
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254

.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
   14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,36,e8,fa,02,8e,78,4a,8a,bf,d3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,36,e8,fa,02,8e,78,4a,8a,bf,d3,\
.
[HKEY_USERS\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\10.0\Word\Text Converters\Import\¬ ¶* s**]
"Name"="C\1e\19\1d"
"Path"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\TextConv\\MSWRD632.CNV"
"Extensions"="C\1e\19\1d"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-02-18 13:15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-18 18:15
.
Pre-Run: 580,255,457,280 bytes free
Post-Run: 580,168,585,216 bytes free
.
- - End Of File - - 1F73901F72153CF0900FBAA4F5500093
A36C5E4F47E84449FF07ED3517B43A31

MrCharlie · February 18, 2014

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

yosoy4ever · February 18, 2014

Hi..I ran what you asked and here are the two logs that I had to attach to this post as text files as they were too long to just post. I will await your further instructions. thanks and regards, Susan Tuesday February 18, 2014 at 3:17 pm est

Addition.txt

FRST.txt

MrCharlie · February 18, 2014

1: Please uninstall this from your add/remove programs if possible:
File Type Assistant (x32 Version: 2014.1.24.0 - ) <==== ATTENTION

2: Do you recognize this and did you install it?

Catalina Savings Printer (x32 Version: 1.0.0 - Catalina Marketing Corp)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\NEWDES~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

3: and these:

CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-02-10]

4: Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know how it is. MrC

yosoy4ever · February 18, 2014

Hi...I was able to remove: File Type Assistant and Catalina Savings Printer (I don't know if I downloaded this catalina savings printer, but might have). The TWO line items you showed in 3. above I DO NOT RECOGNIZE and do NOT know how to delete them....so YOU will have to tell me HOW if you want me to delete them. I DID what you asked in 4. above and here is the log. I await your next direction. thanks and regards, Susan Tuesday February 18, 2014 at 4:13 pm est

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by NewDesktop_3_2010 at 2014-02-18 16:07:22 Run:1
Running from C:\Users\NewDesktop_3_2010\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [shopAtHomeWatcher] - C:\Users\NewDesktop_3_2010\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [119672 2013-01-29] ()
SearchScopes: HKCU - {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL =
SearchScopes: HKCU - {5B6DF038-D9DD-484B-B484-F20DAD050321} URL =
Task: {25E2C6BF-81B6-4705-A3A6-0CB6FD2358D4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe
Task: {50E145E0-6929-400A-81F9-5CB0578646B9} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe
Toolbar: HKLM-x32 - No Name - {47980628-3844-42AA-A0DD-E2D86BBA9600} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FA2740A-3248-40EF-91AD-C4115EBE0A3C} => Key deleted successfully.
HKCR\CLSID\{4FA2740A-3248-40EF-91AD-C4115EBE0A3C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B6DF038-D9DD-484B-B484-F20DAD050321} => Key deleted successfully.
HKCR\CLSID\{5B6DF038-D9DD-484B-B484-F20DAD050321} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E2C6BF-81B6-4705-A3A6-0CB6FD2358D4} => Key not found.
C:\Windows\System32\Tasks\ProgramRefresh-ATFST not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50E145E0-6929-400A-81F9-5CB0578646B9} => Key not found.
C:\Windows\System32\Tasks\ProgramUpdateCheck not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47980628-3844-42AA-A0DD-E2D86BBA9600} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{47980628-3844-42AA-A0DD-E2D86BBA9600} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Value deleted successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\gopher => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => Key not found.

==== End of Fixlog ====

MrCharlie · February 18, 2014

Use the attached fixlist.txt to delete them as before.

Let me know how the computer is. MrC

yosoy4ever · February 18, 2014

I ran what you told me and here is the log. I will watch for your reply and the next instructions. thanks and regards, Susan Tuesday February 18, 2014 at 5:02 pm est

yosoy4ever · February 18, 2014

Sorry...I forgot to include the log......here it is.......Susan

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by NewDesktop_3_2010 at 2014-02-18 16:59:56 Run:2
Running from C:\Users\NewDesktop_3_2010\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\NEWDES~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-02-10]
*****************

HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => Key not found.
C:\Users\NEWDES~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec => Key deleted successfully.
C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx => Moved successfully.
C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec => Moved successfully.

==== End of Fixlog ====

MrCharlie · February 18, 2014

How is it??

MrC

yosoy4ever · February 18, 2014

Hi...it seems to be working much faster now and I can type as fast as I want !! The only thing I noted regarding SLOWNESS was that it took an inordinate amount of time to START UP my pc and get to my yahoo home page when I rebooted my PC a few minutes ago...it seems like it took an eternity as compared to what I was use to ? Seemed like almost 3 minutes...is that normal ? Let me know what you think. I think I would like to JUST KEEP the TFC (I really liked how that cleaned out my temporary files) and the Malewarebytes programs for future use....but I DEFER TO YOUR EXPERT OPINION as to what to do next and what to retain and remove. Here is the LATEST MBAM log after I ran it for you. Thanks and regards, Susan Tuesday February 18, 2014 at 5:46 pm est

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

2/18/2014 5:33:39 PM
mbam-log-2014-02-18 (17-33-39).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MrCharlie · February 18, 2014

3 minutes is a little long but you do have a lot of processes starting up. Sometimes after running the tools we used, the computer will take a little longer to boot...but will go back to it's normal time.
You can try StartUpLITE: (it will suggest what items aren't needed at start up)
https://www.malwarebytes.org/startuplite/

-----------------------------------------

You can keep TFC if you want, there's another temp file cleaner I like to use and that's CCleaner:
Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

---------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

yosoy4ever · February 19, 2014

Hi - I did the StartUpLite and it told me that I did not have ANY unecessary start up items...so that seemed good. I already HAVE CCleaner installed and have been using that once in awhile, but the "tutorial" you provided was a very good tool for me to read and somewhat UNDERSTAND what all those checked boxes are all about. I am going to have to re-read that tutorial and MAKE SURE only the boxes that I really need to be checked are checked as I think some of what is written applies to situations I think I am experiencing in GETTING TO CERTAIN WEBSITES that I use often, more slowly than needed...so thank you for that info. I did the SECURITY CHECK and below is the log. Please let me know if I am "over securitized" or have redundant or superfluous "security" on my PC and how to remove them if necessary. I have often wondered about all the SECURITY that is sometimes installed on a PC with all the "words" Windows Defender, Windows Firewalls, Norton Firewalls, Norton Internet Security dancing in my head ! I sometimes wonder if TOO MUCH security is mucking things up - so I appreciate you straightening THIS out for me ! Thank you for your continued help Mr. C !! Regards, Susan Wednesday February 19, 2014 at 8:41 am est

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java 7 Update 45
Java version out of Date!
Adobe Reader XI
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

MrCharlie · February 19, 2014

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 45 <----please update, should be Update 51

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · February 20, 2014

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

PUP.Optional.DomaIQ problem causing PC extreme slowdown

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information