Jump to content

AdwCleaner found .vir files - Need help with next steps


bfs24
 Share

Recommended Posts

Thanks for response. Below is Quarantine.txt. Assume this is the log. Thanks again.

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\ewebstorewrapper.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\ewebstorewrapper.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\makecert.exe->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\makecert.exe.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\TrustedRoot.cer->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\TrustedRoot.cer.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\certutil.exe->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\certutil.exe.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libplc4.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libplc4.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libplds4.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\libplds4.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\nss3.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\nss3.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\smime3.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\smime3.dll.vir

 

C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\softokn3.dll->\AdwCleaner\Quarantine\C\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\Resources\softokn3.dll.vir

Link to post
Share on other sites

It looks like they have already been quarantined by AdwCleaner.

Please do this:

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Using Verizon DSL but believe slow issue is in computer, not in intrnet connection.

Below is MBAM log, DDS, Attach, and RogueKiller. Did not "kill" anything, only created report. Could not download MBAM update, last update 02-21-14

 

MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Brad_2 :: BRADJOANNE [limited]

2/22/2014 6:26:23 PM
mbam-log-2014-02-22 (18-26-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215102
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Brad at 18:52:34 on 2014-02-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5609.3028 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: SparkTrust SparkTrust AntiVirus *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Brad_2.BRADJOANNE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Comcast\pcBrowser.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Brad\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Users\Brad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Brad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SparkTrust.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26S142HC05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [smileboxTray] "C:\Users\Brad\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Amazon Cloud Player] "C:\Users\Brad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Anywhere] rundll32.exe "C:\Windows\System32\ANWShare25.dll",InitAppshare
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VideoDownloadConverter EPM Support] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brad\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IEXPLO~1.LNK - C:\Program Files (x86)\Internet Explorer\iexplore.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606}\14454593236373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606}\26271646A6F616E6E656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606}\74575637475393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606}\74743586162707 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D46EB693-6E4F-43F0-AC44-1CA051A6B606}\84F4D454D223130323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Comcast_McciTrayApp] "C:\Program Files\Comcast\pcTrayApp.exe"
x64-Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-7 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-7 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2014-2-21 258848]
R2 ActivControl;ActivControl;C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [2012-11-28 21400]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-7 2413056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-31 134944]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-13 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-13 460288]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBAMSvc;SparkTrust AntiVirus;C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-6 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-7 425064]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2013-1-6 878184]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2014-2-21 120064]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-7 53376]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/07 13:57:55;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-6 46136]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-2-21 41032]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2014-2-21 120064]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2014-2-21 61216]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-22 23:35:06 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{776E476E-49C3-4F7D-9750-564DBF00F0B5}\mpengine.dll
2014-02-21 22:55:08 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-21 22:34:28 41032 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2014-02-21 22:11:04 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust
2014-02-21 22:10:50 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2014-02-21 22:10:31 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2014-02-21 22:10:31 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2014-02-21 21:40:06 -------- d-----w- C:\Users\Brad\AppData\Roaming\SparkTrust
2014-02-21 21:40:06 -------- d-----w- C:\Users\Brad\AppData\Roaming\DriverCure
2014-02-21 21:39:50 -------- d-----w- C:\ProgramData\SparkTrust
2014-02-21 21:39:50 -------- d-----w- C:\Program Files (x86)\SparkTrust
2014-02-21 17:29:44 -------- d-----w- C:\AdwCleaner
2014-02-21 11:57:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-21 11:57:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 23:48:32 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABDC0EF4-CDB2-4F12-A8C4-36455F6F30A3}\gapaengine.dll
2014-02-18 07:13:34 -------- d-----w- C:\FRST
2014-02-14 10:12:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-14 10:12:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-14 02:25:19 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-14 02:25:17 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-14 02:25:17 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-14 02:25:17 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-14 02:25:00 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-14 02:25:00 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2014-02-14 02:25:00 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2014-02-12 02:08:57 -------- d-----w- C:\Users\Brad\AppData\Local\{51ACBF21-2E1C-4503-9BFD-A73738A93BEE}
2014-01-28 23:03:26 -------- d-----w- C:\Program Files\iPod
2014-01-28 23:03:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-28 23:03:25 -------- d-----w- C:\Program Files\iTunes
2014-01-28 23:03:25 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-28 02:18:55 -------- d-----w- C:\Users\Brad\AppData\Local\{16D9636A-D0ED-41B7-A191-0955A7FCB26D}
.
==================== Find3M  ====================
.
2014-02-21 04:37:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 04:37:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
============= FINISH: 18:54:13.04 ===============
 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2013 7:31:01 PM
System Uptime: 2/22/2014 1:14:45 PM (5 hours ago)
.
Motherboard: Hewlett-Packard |  | 3568
Processor: AMD A4-3300M APU with Radeon HD Graphics | Socket FS1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 366.945 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.697 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.1 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP162: 1/30/2014 6:37:04 PM - Windows Update
RP163: 2/3/2014 5:32:00 PM - Windows Update
RP164: 2/7/2014 7:56:59 AM - Windows Update
RP165: 2/10/2014 4:26:59 PM - Windows Update
RP166: 2/13/2014 9:24:45 PM - Windows Update
RP167: 2/14/2014 5:09:47 AM - Windows Update
RP168: 2/17/2014 9:07:45 AM - Windows Update
RP169: 2/17/2014 2:37:09 PM - Windows Update
RP170: 2/20/2014 7:25:06 PM - Windows Update
.
==== Installed Programs ======================
.
ActivDriver x64 v5.8
ActivInspire Core Resources (ENU) v1
ActivInspire Help (USA) v1
ActivInspire HWR Resources (ENU) v1
ActivInspire v1
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Agatha Christie - Peril at End House
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cradle of Rome 2
CyberLink PowerDVD
CyberLink YouCam
D3DX10
DJ3525FWUpdateAlert
Dropbox
EasySolve
eReg
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Help
HP Deskjet 3520 series Product Improvement Study
HP Deskjet 3520 series Setup Guide
HP Documentation
HP FWUpdateEDO2
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Update
HPDiagnosticAlert
IDT Audio
iTunes
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Logitech Unifying Software 2.10
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
MyTomTom 3.2.0.802
Namco All-Stars: PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
RealUpgrade 1.1
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Slingo Supreme
Smilebox
SparkTrust AntiVirus
Synaptics Pointing Device Driver
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VideoDownloadConverter Internet Explorer Toolbar
Vipre
Virtual Villagers 5 - New Believers
Visual Studio C++ 10.0 Runtime
WeatherBug
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/22/2014 9:54:00 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
2/22/2014 9:54:00 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/22/2014 7:56:27 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
2/22/2014 7:56:27 AM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 7:55:34 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
2/22/2014 6:22:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
2/22/2014 5:53:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
2/22/2014 5:52:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
2/22/2014 5:51:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
2/22/2014 11:45:24 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TapiSrv service.
2/22/2014 11:45:24 AM, Error: Service Control Manager [7000]  - The Telephony service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/21/2014 9:43:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
2/21/2014 2:36:32 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
2/20/2014 7:11:47 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/20/2014 7:01:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
2/20/2014 4:33:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
2/20/2014 4:33:06 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
2/20/2014 4:32:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
2/20/2014 4:32:06 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
2/20/2014 11:17:03 PM, Error: Service Control Manager [7022]  - The Google Update Service (gupdate) service hung on starting.
2/20/2014 11:09:39 PM, Error: Service Control Manager [7034]  - The Adobe Flash Player Update Service service terminated unexpectedly.  It has done this 1 time(s).
2/19/2014 6:35:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/19/2014 4:18:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/18/2014 8:27:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/18/2014 8:04:58 PM, Error: Schannel [36887]  - The following fatal alert was received: 80.
2/18/2014 5:22:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
2/15/2014 8:57:54 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
2/15/2014 8:57:52 AM, Error: Service Control Manager [7038]  - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/15/2014 8:57:52 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.
2/15/2014 8:57:52 AM, Error: Service Control Manager [7000]  - The Portable Device Enumerator Service service failed to start due to the following error:  A system shutdown is in progress.
2/15/2014 8:57:52 AM, Error: Service Control Manager [7000]  - The Human Interface Device Access service failed to start due to the following error:  A system shutdown is in progress.
2/15/2014 8:57:52 AM, Error: Service Control Manager [7000]  - The HP Software Framework Service service failed to start due to the following error:  The pipe has been ended.
2/15/2014 8:57:52 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042d   Error description: The service did not start due to a logon failure.    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
2/15/2014 8:57:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/15/2014 8:57:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/15/2014 8:57:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
2/15/2014 8:57:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/15/2014 8:57:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/15/2014 8:57:51 AM, Error: Service Control Manager [7038]  - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/15/2014 8:57:51 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/15/2014 8:57:51 AM, Error: Service Control Manager [7038]  - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/15/2014 8:57:51 AM, Error: Service Control Manager [7038]  - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The Network List Service service failed to start due to the following error:  The service did not start due to a logon failure.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The Network Connections service failed to start due to the following error:  A system shutdown is in progress.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not start due to a logon failure.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The pipe has been ended.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
2/15/2014 8:57:51 AM, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  A system shutdown is in progress.
2/15/2014 8:57:30 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
2/15/2014 6:33:20 PM, Error: Service Control Manager [7000]  - The Network Location Awareness service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

RK:

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brad [Admin rights]
Mode : Scan -- Date : 02/22/2014 19:18:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] SmileboxTray.exe -- C:\Users\Brad\AppData\Roaming\Smilebox\SmileboxTray.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\Brad\AppData\Roaming\Smilebox\SmileboxTray.exe" [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1001\[...]\Run : SmileboxTray ("C:\Users\Brad\AppData\Roaming\Smilebox\SmileboxTray.exe" [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard Update Task ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHUEE.tmp.exe [x][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHU7735.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

File too big!

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] d36925e1acf9f6d24a3981b725f60f48
[bSP] d031f17e33fcb9c3ced879140b107506 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 456958 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 936259584 | Size: 15718 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] cd17146a667a680aefed0c2b8a96558f
[bSP] d031f17e33fcb9c3ced879140b107506 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77823 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159791104 | Size: 400 Mo

Finished : << RKreport[0]_S_02222014_191855.txt >>

 

 

Link to post
Share on other sites

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

AV: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: SparkTrust SparkTrust AntiVirus *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

 

It appears you have MSE and SparkTrust installed and running as your anti-virus programs.

Having two or more anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

I suggest you pick one and uninstall the other, keep Defender disabled.

How to Disable Defender

Dangers of running 2 anti-virus programs

------------------------------------------

Please uninstall this program from your add/remove programs if possible:

VideoDownloadConverter Internet Explorer Toolbar

-------------------------------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard Update Task ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true [x]) -> FOUND

(These are Tasks but should also be listed here)

[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHUEE.tmp.exe [x][x] -> FOUND

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHU7735.tmp.exe [x][x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Next:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Performed steps in last reply.

Internet issues remain, impossibly slow opening certain webpages like Yahoo mail. This and previous replies have been sent from the office computer. Although apparently virus-free, home computer still has same problem that prompted first help request.

Here are adw and mbam logs. Still unable to connect to Malwarebytes to get today's update.

 

# AdwCleaner v3.019 - Report created 22/02/2014 at 21:09:15

 

# Updated 17/02/2014 by Xplode

 

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

# Username : Brad - BRADJOANNE

 

# Running from : C:\Users\Brad_2.BRADJOANNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI45QF5O\AdwCleaner.exe

 

# Option : Clean

 

 

***** [ Services ] *****

 

 

 

***** [ Files / Folders ] *****

 

 

Folder Deleted : C:\Users\Brad\AppData\Roaming\DriverCure

 

Folder Deleted : C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v11.0.9600.16518

 

 

 

-\\ Google Chrome v33.0.1750.117

 

 

[ File : C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

[ File : C:\Users\Brad_2.BRADJOANNE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [981 octets] - [21/02/2014 12:29:54]

 

AdwCleaner[R1].txt - [1191 octets] - [22/02/2014 21:06:20]

 

AdwCleaner[s0].txt - [1051 octets] - [21/02/2014 12:32:30]

 

AdwCleaner[s1].txt - [1121 octets] - [22/02/2014 21:09:15]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1181 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300

 

www.malwarebytes.org

 

 

Database version: v2013.04.04.07

 

 

Windows 7 Service Pack 1 x64 NTFS

 

Internet Explorer 11.0.9600.16518

 

Brad_2 :: BRADJOANNE [limited]

 

 

2/22/2014 9:36:20 PM

 

mbam-log-2014-02-22 (21-36-20).txt

 

 

Scan type: Quick scan

 

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

 

Scan options disabled: P2P

 

Objects scanned: 214934

 

Time elapsed: 5 minute(s), 35 second(s)

 

 

Memory Processes Detected: 0

 

(No malicious items detected)

 

 

Memory Modules Detected: 0

 

(No malicious items detected)

 

 

Registry Keys Detected: 0

 

(No malicious items detected)

 

 

Registry Values Detected: 0

 

(No malicious items detected)

 

 

Registry Data Items Detected: 0

 

(No malicious items detected)

 

 

Folders Detected: 0

 

(No malicious items detected)

 

 

Files Detected: 0

 

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Below are additional AdwCleaner logs. Not sure if these help. Basically I deleted the 4 items under "Quote" in two separate steps. Any other advice with my internet function issue? thanks

 

Quote

[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2262416338-889797951-1788978887-1006\[...]\Run : BrowserSafeguard Update Task ("C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true [x]) -> FOUND

(These are Tasks but should also be listed here)
[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHUEE.tmp.exe [x][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Brad_2\AppData\Local\Temp\IHU7735.tmp.exe [x][x] -> FOUND

logs -

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 12:32:30

 

# Updated 17/02/2014 by Xplode

 

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

# Username : Brad - BRADJOANNE

 

# Running from : C:\Users\Brad_2.BRADJOANNE\Downloads\adwcleaner.exe

 

# Option : Clean

 

 

***** [ Services ] *****

 

 

 

***** [ Files / Folders ] *****

 

 

[!] Folder Deleted : C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

Key Deleted : HKLM\Software\caphyon

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v11.0.9600.16518

 

 

 

-\\ Google Chrome v33.0.1750.117

 

 

[ File : C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

[ File : C:\Users\Brad_2.BRADJOANNE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [981 octets] - [21/02/2014 12:29:54]

 

AdwCleaner[s0].txt - [915 octets] - [21/02/2014 12:32:30]

 

 

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [974 octets] ##########

 

# AdwCleaner v3.019 - Report created 22/02/2014 at 21:06:20

 

# Updated 17/02/2014 by Xplode

 

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

# Username : Brad - BRADJOANNE

 

# Running from : C:\Users\Brad_2.BRADJOANNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI45QF5O\AdwCleaner.exe

 

# Option : Scan

 

 

***** [ Services ] *****

 

 

 

***** [ Files / Folders ] *****

 

 

Folder Found C:\Users\Brad\AppData\Roaming\DriverCure

 

Folder Found C:\Users\Brad_2.BRADJOANNE\AppData\Local\BrowserSafeguard

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v11.0.9600.16518

 

 

 

-\\ Google Chrome v33.0.1750.117

 

 

[ File : C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

[ File : C:\Users\Brad_2.BRADJOANNE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [981 octets] - [21/02/2014 12:29:54]

 

AdwCleaner[R1].txt - [992 octets] - [22/02/2014 21:06:20]

 

AdwCleaner[s0].txt - [1051 octets] - [21/02/2014 12:32:30]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1111 octets] ##########

Link to post
Share on other sites

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ran TDSSKiller. No threats found. Report was generated.

Now running ComboFix. Scanning took an hour or so, finally it reached Stage 50 or more. Then it started doing something else and then automatically rebooted. When I logged on, computer started flashing small black-screen command type windows up and down the display screen. This has been going on now for about an hour. Computer does not respond to the keyboard. Am replying from office computer. Is this normal?

Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.79

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 12.0.0.70 Flash Player out of Date!

Adobe Reader XI

Google Chrome 32.0.1700.107

Google Chrome 33.0.1750.117

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Ignore that warning about Flash Player, you have the correct version installed.

----------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.