deenice420 Posted March 5, 2014 ID:799440 Share Posted March 5, 2014 DDS attatch. .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 10/28/2013 3:33:05 AMSystem Uptime: 3/4/2014 6:25:20 PM (1 hours ago).Motherboard: Hewlett-Packard | | 1984Processor: AMD A8-5550M APU with Radeon HD Graphics | Socket FT1 | 2100/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 673 GiB total, 602.517 GiB free.D: is FIXED (NTFS) - 25 GiB total, 2.559 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP17: 2/14/2014 12:13:46 PM - Windows UpdateRP18: 2/19/2014 5:49:46 PM - Installed DirectXRP19: 3/2/2014 2:36:03 PM - Scheduled Checkpoint.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe Flash Player 12 PluginAdobe Shockwave Player 11.6AMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD VISION Engine Control CenterBonjourCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco ConnectCyberLink LabelPrintCyberLink Media Suite 10Cyberlink PhotoDirectorCyberLink Power2Go 8CyberLink PowerDirector 10CyberLink PowerDVDCyberLink YouCamD3DX10DC Universe OnlineEnergy StarESET Smart SecurityGoogle ChromeGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1HP 3D DriveGuardHP Connected Music (Meridian - installer)HP CoolSenseHP Customer Experience EnhancementsHP DocumentationHP MyRoomHP Postscript ConverterHP Quick StartHP Recovery ManagerHP Registration ServiceHP Support AssistantHP System Event UtilityHP Utility CenterHP Wireless Button DriverLeague of LegendsMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Application Error ReportingMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Movie MakerMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT110MSVCRT110_amd64OEM Application ProfilePando Media BoosterPhoto CommonPhoto GalleryRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderREALTEK Wireless LAN DriverswMSMSynaptics Pointing Device DriverVuzeWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language Pack.==== Event Viewer Messages From Past Week ========.3/3/2014 4:55:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.3/3/2014 4:55:31 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/3/2014 4:55:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.3/2/2014 8:55:14 PM, Error: Service Control Manager [7031] - The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.3/2/2014 8:55:14 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.3/2/2014 8:55:14 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.3/2/2014 8:55:14 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.3/2/2014 8:55:14 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16798Run by Shannon Elizabeth at 19:45:38 on 2014-03-04Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3293.2031 [GMT -5:00].AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\dwm.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\system32\Hpservice.exeC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.EXEC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\taskhostex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\System32\Taskmgr.exeC:\Windows\System32\msconfig.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <-loopback>mWinlogon: Userinit = userinit.exe,BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exemRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyuPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1TCP: Interfaces\{587FA21A-C430-4386-BE57-88019A2B33A8} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1TCP: Interfaces\{587FA21A-C430-4386-BE57-88019A2B33A8}\34963736F67423632313 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dllx64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Updatex64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Shannon Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\a8dfq5h3.default\FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]R0 edevmon;edevmon;C:\Windows\System32\Drivers\edevmon.sys [2013-9-17 239296]R0 epfwwfp;epfwwfp;C:\Windows\System32\Drivers\epfwwfp.sys [2013-9-17 62136]R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-8-9 92536]R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2013-9-17 239320]R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\Drivers\EpfwLWF.sys [2013-9-17 44120]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-8-9 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-26 240640]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-2-26 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-3-1 43320]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-2-1 1039160]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-1 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-1 701512]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-9 239176]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-1 25928]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-8-9 288328]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-9 760032]R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\Drivers\rtwlane.sys [2013-8-9 1551432]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-8-9 58536]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]S3 RTSPER;Realtek PCIe CardReader Driver;C:\Windows\System32\Drivers\RtsPer.sys [2013-8-9 448072]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-2-5 28400]S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-2-5 31984]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2014-03-04 03:14:21 -------- d-----w- C:\Users\Shannon Elizabeth\AppData\Local\Diagnostics2014-02-21 21:03:04 255664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10234.bin2014-02-19 22:51:22 -------- d-----w- C:\Users\Shannon Elizabeth\AppData\Local\SCE2014-02-19 22:41:46 -------- d--h--w- C:\Windows\msdownld.tmp2014-02-19 22:40:58 -------- d-----w- C:\Windows\SysWow64\directx2014-02-14 18:37:07 -------- d-----w- C:\Users\Shannon Elizabeth\AppData\Roaming\WebApp2014-02-13 23:43:45 3960320 ----a-w- C:\Windows\System32\jscript9.dll2014-02-13 23:43:44 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-13 23:43:37 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2014-02-13 23:41:40 3842560 ----a-w- C:\Windows\System32\d2d1.dll2014-02-13 23:41:39 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll2014-02-13 23:41:39 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll2014-02-13 23:41:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll.==================== Find3M ====================.2014-02-17 22:03:37 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-17 22:03:37 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll2014-02-01 09:19:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll2014-02-01 09:19:36 53760 ----a-w- C:\Windows\System32\UXInit.dll2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-01 07:58:24 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-01 05:08:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-12-09 00:45:52 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-12-08 23:59:47 600064 ----a-w- C:\Windows\System32\vbscript.dll2013-12-07 06:37:24 688640 ----a-w- C:\Windows\System32\WSShared.dll2013-12-07 06:37:24 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll2013-12-07 05:15:46 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-12-07 05:15:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll.============= FINISH: 19:46:30.17 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2014 ID:799477 Share Posted March 5, 2014 Welcome to the forum. What seems to be the problem??Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsWhich system am I using?Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes and use the default font)General Forum P2P/Piracy Warning:1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Failure to remove such software will result in your topic being closed and no further assistance being provided.MrCNote:Please read all of my instructions completely including these.Make sure system restore is turned on and running, please create a new restore pointMake sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
deenice420 Posted March 5, 2014 Author ID:799546 Share Posted March 5, 2014 RogueKiller V8.8.10 [Feb 28 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Shannon Elizabeth [Admin rights]Mode : Scan -- Date : 03/05/2014 00:43:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Shannon Elizabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 541075A9E680 SATA Disk Device +++++--- User ---[MBR] 2d75993e8631a18fded2bfeebdae37e9[bSP] 1dac98500ab1d7d6d7ab9694ae4a9676 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03052014_004315.txt >>RogueKiller V8.8.10 [Feb 28 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Shannon Elizabeth [Admin rights]Mode : Scan -- Date : 03/05/2014 00:43:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Shannon Elizabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 541075A9E680 SATA Disk Device +++++--- User ---[MBR] 2d75993e8631a18fded2bfeebdae37e9[bSP] 1dac98500ab1d7d6d7ab9694ae4a9676 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03052014_004315.txt >>RogueKiller V8.8.10 [Feb 28 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Shannon Elizabeth [Admin rights]Mode : Scan -- Date : 03/05/2014 00:43:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Shannon Elizabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 541075A9E680 SATA Disk Device +++++--- User ---[MBR] 2d75993e8631a18fded2bfeebdae37e9[bSP] 1dac98500ab1d7d6d7ab9694ae4a9676 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03052014_004315.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2014 ID:799653 Share Posted March 5, 2014 What are your concerns with the computer???? MrC Link to post Share on other sites More sharing options...
deenice420 Posted March 5, 2014 Author ID:799775 Share Posted March 5, 2014 pup Link to post Share on other sites More sharing options...
deenice420 Posted March 7, 2014 Author ID:800206 Share Posted March 7, 2014 sorry i misunderstood, RogueKiller V8.8.10 [Feb 28 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Shannon Elizabeth [Admin rights]Mode : Scan -- Date : 03/05/2014 00:43:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Shannon Elizabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 541075A9E680 SATA Disk Device +++++--- User ---[MBR] 2d75993e8631a18fded2bfeebdae37e9[bSP] 1dac98500ab1d7d6d7ab9694ae4a9676 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03052014_004315.txt >>im sorry im new at this kinda stuff, but im tryin to learn plz bare with me plz an ty Link to post Share on other sites More sharing options...
deenice420 Posted March 7, 2014 Author ID:800207 Share Posted March 7, 2014 don't know the damage that it can cause , thank u Link to post Share on other sites More sharing options...
MrCharlie Posted March 7, 2014 ID:800215 Share Posted March 7, 2014 Please create a new system restore point before continuing!Lets clean out any adware/spyware now: (this will require a reboot so save all your work)Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
sroberts24 Posted March 7, 2014 ID:800274 Share Posted March 7, 2014 I need help with PUP removal, I have run malwarebytes and deleted infected files numerous times but it keeps coming back. Link to post Share on other sites More sharing options...
deenice420 Posted March 8, 2014 Author ID:800885 Share Posted March 8, 2014 adw report # AdwCleaner v3.020 - Report created 08/03/2014 at 17:30:19# Updated 27/02/2014 by Xplode# Operating System : Windows 8 (64 bits)# Username : Shannon Elizabeth - SHANNON# Running from : C:\Users\Shannon Elizabeth\Downloads\AdwCleaner(1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\ProgramData\eSafeFolder Deleted : C:\ProgramData\WinterSoftFolder Deleted : C:\ProgramData\Download keeperiFolder Deleted : C:\Program Files (x86)\AmiExtFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\Download keeperiFolder Deleted : C:\Program Files (x86)\Common Files\337Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBinFolder Deleted : C:\Users\Shannon Elizabeth\AppData\Local\BrowserSafeguardFolder Deleted : C:\Users\Shannon Elizabeth\AppData\Local\ConduitFolder Deleted : C:\Users\Shannon Elizabeth\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Shannon Elizabeth\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Shannon Elizabeth\AppData\Roaming\SystweakFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup TaskFile Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser***** [ Shortcuts ] *****Shortcut Disinfected : C:\Users\Shannon Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnkShortcut Disinfected : C:\Users\Shannon Elizabeth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnkShortcut Disinfected : C:\Users\Shannon Elizabeth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk***** [ Registry ] *****Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.comKey Deleted : HKLM\SOFTWARE\Classes\speedupmypcKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCSKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvcKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvcKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311327Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316075Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316751Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}Key Deleted : HKCU\Software\Adpeak, Inc.Key Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\InstalledThirdPartyProgramsKey Deleted : HKCU\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\caphyonKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DesksvcKey Deleted : HKLM\Software\hdcodeKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\Software\UniblueKey Deleted : HKLM\Software\V9Key Deleted : [x64] HKLM\SOFTWARE\DomaIQKey Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyProgramsKey Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16798Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]-\\ Mozilla Firefox v27.0.1 (en-US)[ File : C:\Users\Shannon Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\a8dfq5h3.default\prefs.js ]-\\ Google Chrome v33.0.1750.146[ File : C:\Users\Shannon Elizabeth\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [7051 octets] - [08/03/2014 17:23:17]AdwCleaner[s0].txt - [5638 octets] - [08/03/2014 17:30:19]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5698 octets] ########## ty for your time Link to post Share on other sites More sharing options...
deenice420 Posted March 8, 2014 Author ID:800892 Share Posted March 8, 2014 i ran malware scan an nothing came up thunk its gone ty so much for all your help Link to post Share on other sites More sharing options...
MrCharlie Posted March 9, 2014 ID:800995 Share Posted March 9, 2014 OK..MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 13, 2014 Root Admin ID:802785 Share Posted March 13, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts