Jump to content

Cannot open Malwarebytes, Cannot update & IE wont load


Recommended Posts

Hi,

   The title pretty much says it all, but here's the rundown of what I have going on. My desktop is a Windows 7 Pro 64 bit machine. The first sign of anything wrong was Internet Explorer stopped working. When I open it up, it immediately gets a popup stating "This program is not responding". The only way to stop it is from the task manager. I reset all IE settings via the control panel, but no dice. I run a full system scan with Microsoft Security Essentials in Safe Mode, which found the following 4 items:

 

TrojanDropper:Win32/Rotbrow.A

TrojanDropper:Win32/Rotbrow.C

TrojanDropper:Win32/Rotbrow.D

TrojanDropper:Win32/Rotbrow.E

 

After removing, I re-ran the full scan which came up clean. I then tried to run Malwarebytes. It looks like it's starting but never appears on the screen. Interestingly enough, it does show as a running process (mbam.exe *32). I then ran Chameleon but it also freezes on the update step. Next, I uninstalled MB using "mbam-clean-1.60.2.0003", and tried running the update straight from the end of installation, but the updater freezes too. I also tried running MB in safe mode, but got the same results. I checked a few more forums here, created a 2nd Admin account on my computer, and tried all the steps again. Nothing. IE still won't load and MB cannot be opened or updated. I am fresh out of ideas. HELP!!!!

 

PS - I just saw the part about uninstalling uTorrent. I just uninstalled it as instructed.

 

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 1/8/2013 9:34:28 PM

System Uptime: 3/6/2014 11:27:17 PM (0 hours ago)

.

Motherboard: LENOVO |  |                       

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 13.009 GiB free.

Q: is FIXED (NTFS) - 10 GiB total, 1.332 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

AlignmentUtility

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Awesome Duplicate Photo Finder v. 1.1

Bonjour

CCC

CCleaner

Create Recovery Media

CutePDF Writer 3.0

D3DX10

DAZzle

Dropbox

Evernote v. 5.0.3

FormsComponent

FOSS

Glary Utilities 4.5

Google Chrome

Google Drive

Google Update Helper

Google+ Auto Backup

ICCHelp

iCloud

InstaRate

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Network Connections 15.7.176.0

Intel® Processor Graphics

Intel® Rapid Storage Technology

IrfanView (remove only)

iTunes

Java 7 Update 51

Java 7 Update 51 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 51 (64-bit)

LastPass (uninstall only)

LeapFrog Connect

LeapFrog Leapster Explorer Plugin

Lenovo Solution Center

Lenovo System Update

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Movie Maker

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

MSIChecker

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NA1Messenger

NRF

Photo Common

Photo Gallery

Picasa 3

PolicyManager

Power Manager

QuickBooks

QuickBooks Premier: Retail Edition 2012

QuickTime

RapidBoot HDD Accelerator

Realtek High Definition Audio Driver

Reconciler

ReportServer

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 

SellerCloud ImageBridge

SellerEngine Plus (Amazon.com version)

Skype™ 6.11

SupportUtility

System

TeamViewer 9

UnifiedPrinting

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

UPS WorldShip

UPSDB

UPSICC

UPSlinkHTTP

UPSVC2008MM

UPSVCMM

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

VLC media player 2.1.2

WebHelp

Windows Driver Package - Intel (e1cexpress) Net  (10/28/2010 11.8.81.0)

Windows Driver Package - Intel Corporation (igfx) Display  (01/07/2011 8.15.10.2279)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)

Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015)

Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013)

Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA  (10/15/2010 6.14.00.3074)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/19/2010 6.0.1.6225)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WorldShip

WSShared

.

==== Event Viewer Messages From Past Week ========

.

3/6/2014 11:32:52 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

3/6/2014 11:27:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom

3/6/2014 11:27:39 PM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.

3/6/2014 11:22:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/6/2014 11:22:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/6/2014 11:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/6/2014 11:22:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/6/2014 11:22:12 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache MpFilter spldr Wanarpv6

3/6/2014 11:22:11 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

3/6/2014 10:41:27 PM, Error: Service Control Manager [7000]  - The pcicsa.sys service failed to start due to the following error:  The system cannot find the file specified.

3/6/2014 1:51:45 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

3/5/2014 9:11:28 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1083.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 

3/5/2014 8:10:30 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1083.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 

3/5/2014 8:10:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/5/2014 11:31:35 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/5/2014 11:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/5/2014 11:30:35 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD cdrom CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

3/5/2014 11:30:35 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

3/5/2014 10:51:08 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/5/2014 10:51:08 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

3/5/2014 10:44:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1274.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

3/5/2014 10:44:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1274.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

3/5/2014 10:44:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1274.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

3/4/2014 8:10:28 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1083.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 

3/4/2014 8:10:28 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.167.1083.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 

3/3/2014 5:03:11 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Windows7_OS.

3/3/2014 5:03:11 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

.

==== End Of File ===========================

 

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2

Run by Barry at 23:34:49 on 2014-03-06

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8016.5780 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\UPS\WSTD\UPSNA1Msgr.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

C:\Users\Barry\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe

C:\Program Files (x86)\Java\jre7\bin\javaws.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe

StartupFolder: C:\Users\Barry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Barry\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Barry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{F65EEC0B-4208-4CB8-AA42-B8A167C2CDC8} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"

x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll

FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

.

============= SERVICES / DRIVERS ===============

.

R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-2-3 17088]

R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-11-9 70416]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-11-9 169776]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-9 13336]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-1-8 72216]

R2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -sUPSWSDBSERVER [?]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-9 317440]

R3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2014-1-22 16376]

R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe [2014-3-6 63816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-12-26 57840]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]

S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]

S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-2-19 1662424]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe [2014-3-6 186696]

S3 radpms;Driver for RADPMS Device;C:\Windows\System32\drivers\radpms.sys [2012-11-29 14944]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-8 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-8 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== Created Last 30 ================

.

2014-03-07 03:21:55 -------- d-----w- C:\AdwCleaner

2014-03-07 03:12:54 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2014-03-07 02:56:11 -------- d-----w- C:\ProgramData\HitmanPro

2014-03-07 02:37:56 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE83695C-A840-4B0B-B3E0-45FDAB7547AB}\mpengine.dll

2014-03-06 19:03:48 -------- d-----w- C:\ProgramData\Malwarebytes

2014-03-06 19:03:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-03-06 19:03:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-06 17:09:36 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-06 13:52:40 -------- d-----w- C:\drivers

2014-03-06 05:06:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-06 05:06:15 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-03-06 03:44:42 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDDA6CA4-460C-49D8-8216-7618D8ED5D0D}\gapaengine.dll

2014-03-06 03:41:37 6574592 ----a-w- C:\Windows\System32\mstscax.dll

2014-03-06 03:41:37 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

2014-03-04 00:50:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-03-04 00:50:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-03-03 15:01:51 -------- d-----w- C:\found.000

2014-02-21 07:24:08 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2014-02-17 17:02:45 -------- d-----w- C:\Program Files\iPod

2014-02-17 17:02:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-17 17:02:44 -------- d-----w- C:\Program Files\iTunes

2014-02-17 17:02:44 -------- d-----w- C:\Program Files (x86)\iTunes

2014-02-12 08:01:07 548864 ----a-w- C:\Windows\System32\vbscript.dll

2014-02-12 08:01:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-02-12 07:14:25 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-02-09 05:11:53 -------- d-----w- C:\Program Files (x86)\DYMO Endicia

2014-02-09 04:13:10 -------- d-----w- C:\ProgramData\firebird

2014-02-09 04:13:09 -------- d-----w- C:\Users\Barry\AppData\Roaming\Endicia

2014-02-09 04:13:01 -------- d-----w- C:\Program Files (x86)\Endicia

.

==================== Find3M  ====================

.

2014-02-21 07:24:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-21 07:24:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-01-23 18:49:26 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2014-01-22 01:16:42 117024 ----a-w- C:\Windows\System32\BootDefrag.exe

2014-01-22 01:09:34 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-12-30 23:37:39 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-16 20:03:41 92488 ----a-w- C:\Windows\System32\LMIinit.dll

2013-12-16 20:03:41 35656 ----a-w- C:\Windows\System32\LMIport.dll

2013-12-16 20:03:41 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

.

============= FINISH: 23:38:39.42 ===============

 

Link to post
Share on other sites

  • Staff

Hello pittzgreen

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Hi there Gringo!

   Thank you for your reply! First, full disclosure:

After not getting a reply for a day or so, I went about googling and solved part of the problem. What eventually worked was rolling back IE to version 10, and now MB updates and runs. A full sys scan found 28 threats (removed), then 1 threat (also removed), then came up clean. HOWEVER, my computer is still reacting sluggishly, and hesitates now and again. My suspicion is that there is still something lurking in the shadows. 

There is also an IE Add on called "research" (disabled), that does not seem familiar to me.

  If you can still assist me in checking my system for any further possible threats, here is the info you requested:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-03-2014 01

Ran by Barry (administrator) on HOME-OFFICE on 10-03-2014 21:50:16
Running from C:\Users\Barry\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700289010-4118794536-1648266111-1000\...\MountPoints2: {205a78f7-6306-11e3-9f72-cc52af42dbd8} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2700289010-4118794536-1648266111-1000\...\MountPoints2: {205a7aac-6306-11e3-9f72-cc52af42dbd8} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2700289010-4118794536-1648266111-1000\...\MountPoints2: {834164c7-2a99-11e2-b94a-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2700289010-4118794536-1648266111-1000\...\MountPoints2: {bc702afc-696f-11e3-8721-cc52af42dbd8} - D:\MotorolaDeviceManagerSetup.exe -a
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6A9B7D74037CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default
FF DefaultSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: LastPass - C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default\Extensions\support@lastpass.com [2014-03-03]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-27]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-01-09]
CHR Extension: (Google Drive) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (YouTube) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-18]
CHR Extension: (Google Search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google News) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-09]
CHR Extension: (Google Calendar) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-01-09]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2013-12-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-16]
CHR Extension: (Poppit) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-01-09]
CHR Extension: (Sticky Notes) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg [2013-01-09]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-20]
CHR Extension: (LogMeIn) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj [2013-05-19]
CHR Extension: (Google Wallet) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-01-09]
CHR Extension: (Gmail) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ellie\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S4 LMIRescue_af6b08b6-6485-4356-9e18-cb6278c43e9e; C:\Users\Barry\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [2570592 2014-03-09] (LogMeIn, Inc.)
S4 LSCWinService; c:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-04-24] (Lenovo)
S4 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-04-24] (Lenovo Group Limited)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-09] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-09] (AVG Technologies)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S4 LMIRfsClientNP; No ImagePath
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2012-11-29] (LogMeIn, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-09] (support.com, Inc)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-10 21:50 - 2014-03-10 21:50 - 00016812 _____ () C:\Users\Barry\Downloads\FRST.txt
2014-03-10 21:47 - 2014-03-10 21:50 - 00000000 ____D () C:\FRST
2014-03-10 21:47 - 2014-03-10 21:47 - 02157056 _____ (Farbar) C:\Users\Barry\Downloads\FRST64.exe
2014-03-10 21:44 - 2014-03-10 21:44 - 00019150 _____ () C:\Users\Barry\Desktop\attach.txt
2014-03-10 21:44 - 2014-03-10 21:43 - 00015742 _____ () C:\Users\Barry\Desktop\dds.txt
2014-03-10 21:37 - 2014-03-10 21:38 - 00033790 _____ () C:\Users\Barry\Desktop\CheckResults.txt
2014-03-10 21:37 - 2014-03-10 21:37 - 00688992 ____R (Swearware) C:\Users\Barry\Downloads\dds.com
2014-03-10 21:36 - 2014-03-10 21:37 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Barry\Downloads\mbam-check-2.0.0.1000.exe
2014-03-10 21:14 - 2014-03-10 21:14 - 00347816 _____ (Microsoft Corporation) C:\Users\Barry\Downloads\MicrosoftFixit.IEPerformance.RNP.5031792981922576.8.1.Run.exe
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Malwarebytes
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 00:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-10 00:15 - 2014-03-10 00:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-10 00:12 - 2014-03-10 00:12 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Barry\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-09 21:42 - 2014-03-09 21:42 - 00000000 ___HD () C:\$AVG
2014-03-09 21:32 - 2014-03-10 20:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-09 21:32 - 2014-03-09 21:32 - 00000000 ____D () C:\Users\Barry\AppData\Local\MFAData
2014-03-09 21:28 - 2014-03-09 21:28 - 04462384 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_stb_en_2014_4335_free.exe
2014-03-09 21:14 - 2014-03-09 21:14 - 01565744 _____ () C:\Users\Barry\Downloads\AVG_Remover_en.exe
2014-03-09 20:46 - 2014-03-09 20:46 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (7).exe
2014-03-09 20:41 - 2014-03-09 20:41 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (6).exe
2014-03-09 20:36 - 2014-03-09 20:36 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (5).exe
2014-03-09 20:16 - 2014-03-09 20:16 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (4).exe
2014-03-09 20:03 - 2014-03-09 20:03 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (3).exe
2014-03-09 19:58 - 2014-03-09 19:58 - 00003288 ____N () C:\bootsqm.dat
2014-03-09 19:48 - 2014-03-09 19:48 - 00000000 ____D () C:\Windows\pss
2014-03-09 19:44 - 2014-03-09 19:44 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\AVG2014
2014-03-09 19:41 - 2014-03-09 22:18 - 00000000 ____D () C:\Users\Barry\AppData\Local\Avg2014
2014-03-09 19:37 - 2014-03-09 19:38 - 155264904 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_x64_all_2014_4335a7045.exe
2014-03-09 19:30 - 2014-03-09 19:31 - 00365676 _____ () C:\Users\Barry\Downloads\avgremover.log
2014-03-09 19:30 - 2014-03-09 19:30 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Barry\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-03-09 19:30 - 2014-03-09 19:30 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Barry\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-09 19:00 - 2014-03-09 19:00 - 10820032 _____ (SurfRight B.V.) C:\Users\Barry\Downloads\HitmanPro_x64 (1).exe
2014-03-09 18:59 - 2014-03-09 19:00 - 10820032 _____ (SurfRight B.V.) C:\Users\Barry\Downloads\HitmanPro_x64.exe
2014-03-09 18:50 - 2014-03-09 18:50 - 00000000 ____D () C:\Users\Barry\AppData\Local\AVG SafeGuard toolbar
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-09 18:48 - 2014-03-09 18:47 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-09 18:32 - 2014-03-09 18:33 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (2).exe
2014-03-09 18:28 - 2014-03-09 18:28 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (1).exe
2014-03-09 18:20 - 2014-03-10 00:14 - 00000000 ____D () C:\Users\Barry\AppData\Local\LogMeIn Rescue Applet
2014-03-09 18:20 - 2014-03-09 18:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue.exe
2014-03-09 17:56 - 2014-03-09 18:04 - 00000033 _____ () C:\Users\Barry\Desktop\Avg support.txt
2014-03-09 17:41 - 2014-03-09 19:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-09 17:40 - 2014-03-09 21:42 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-08 21:53 - 2014-03-08 21:53 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\supportdotcom
2014-03-08 21:52 - 2014-03-08 21:52 - 00816400 _____ () C:\Users\Barry\Downloads\Nexus.com
2014-03-08 21:50 - 2014-03-10 20:43 - 00000000 ____D () C:\Users\Barry\AppData\Local\CrashDumps
2014-03-08 20:53 - 2014-03-08 20:53 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-03-08 20:53 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-03-08 20:52 - 2014-03-08 20:52 - 28656912 _____ (Panda Security ) C:\Users\Barry\Downloads\PandaCloudCleaner.exe
2014-03-08 20:27 - 2014-03-08 20:27 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\TuneUp Software
2014-03-08 20:25 - 2014-03-08 20:26 - 90578216 _____ (AVAST Software) C:\Users\Barry\Downloads\avast_free_antivirus_setup.exe
2014-03-08 20:23 - 2014-03-08 20:24 - 04462384 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-07 15:47 - 2014-03-07 15:47 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Lenovo
2014-03-07 09:03 - 2014-03-07 09:03 - 00000000 ____D () C:\Program Files\Intel
2014-03-07 09:02 - 2014-03-07 09:02 - 00000146 _____ () C:\Windows\system32\WmiConf.txt
2014-03-07 09:02 - 2014-03-07 09:02 - 00000000 _____ () C:\Rule.txt
2014-03-07 09:01 - 2012-08-10 16:44 - 00482128 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2014-03-07 09:01 - 2012-08-09 14:56 - 00101224 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2014-03-07 09:01 - 2012-08-09 10:54 - 00073032 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2014-03-07 09:01 - 2012-01-06 15:02 - 00003114 _____ () C:\Windows\system32\e1c62x64.din
2014-03-07 09:01 - 2010-12-10 19:12 - 02676328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-03-07 09:01 - 2010-12-09 16:45 - 02825832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-03-07 09:01 - 2010-12-09 14:14 - 02249832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-03-07 09:01 - 2010-11-23 19:45 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-03-07 09:01 - 2010-11-22 12:39 - 00626792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-03-07 09:01 - 2010-11-11 14:27 - 00083048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-03-07 09:01 - 2010-11-08 08:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-03-07 09:01 - 2010-11-03 19:31 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-03-07 09:01 - 2010-11-03 19:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-03-07 09:01 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-03-07 09:01 - 2010-10-29 11:29 - 01937312 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-03-07 00:33 - 2014-03-07 00:34 - 00688992 ____R (Swearware) C:\Users\Barry\Downloads\dds.scr
2014-03-07 00:26 - 2014-03-07 00:26 - 00001871 _____ () C:\Users\fixvirus\Desktop\RKreport[0]_D_03062014_232653.txt
2014-03-07 00:26 - 2014-03-07 00:26 - 00001836 _____ () C:\Users\fixvirus\Desktop\RKreport[0]_S_03062014_232630.txt
2014-03-07 00:25 - 2014-03-07 00:25 - 00688992 _____ (Swearware) C:\Users\fixvirus\Downloads\dds.scr
2014-03-07 00:24 - 2014-03-07 00:26 - 00000000 ____D () C:\Users\fixvirus\Desktop\RK_Quarantine
2014-03-06 23:21 - 2014-03-07 00:20 - 00000000 ____D () C:\AdwCleaner
2014-03-06 23:21 - 2014-03-06 23:21 - 01244192 _____ () C:\Users\fixvirus\Downloads\adwcleaner.exe
2014-03-06 23:18 - 2014-03-06 23:20 - 221488392 _____ () C:\Users\fixvirus\Downloads\EmsisoftEmergencyKit.exe
2014-03-06 23:04 - 2014-03-06 23:05 - 103517456 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\msert.exe
2014-03-06 22:56 - 2014-03-06 23:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-06 22:55 - 2014-03-06 22:55 - 10820032 _____ (SurfRight B.V.) C:\Users\fixvirus\Downloads\HitmanPro_x64.exe
2014-03-06 22:52 - 2014-03-06 22:52 - 04413952 _____ () C:\Users\fixvirus\Downloads\RogueKillerX64.exe
2014-03-06 22:45 - 2014-03-06 22:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\fixvirus\Downloads\iExplore.exe
2014-03-06 22:39 - 2014-03-06 22:39 - 00001343 _____ () C:\Windows\IE11_main.log
2014-03-06 22:37 - 2014-03-06 22:41 - 368945248 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2014-03-06 22:37 - 2014-03-06 22:37 - 25640672 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-06 21:54 - 2014-03-06 21:54 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Malwarebytes
2014-03-06 15:02 - 2014-03-06 15:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-03-06 14:53 - 2014-03-06 14:53 - 00080456 _____ (Malwarebytes Corporation) C:\Users\fixvirus\Desktop\mbam-clean-1.60.2.0003.exe
2014-03-06 14:37 - 2014-03-06 14:37 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-06 12:50 - 2014-03-06 12:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-06 12:50 - 2014-03-06 12:50 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Tvsukernel
2014-03-06 12:42 - 2014-03-06 12:42 - 00002996 _____ () C:\Windows\System32\Tasks\PMTask
2014-03-06 09:52 - 2014-03-06 09:54 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\LSC
2014-03-06 09:52 - 2014-03-06 09:52 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Adobe
2014-03-06 09:51 - 2014-03-06 12:03 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\LSC
2014-03-06 01:11 - 2014-03-06 01:11 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Oracle
2014-03-06 01:08 - 2014-03-06 01:08 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\fixvirus\Downloads\tdsskiller.exe
2014-03-06 01:06 - 2014-03-06 09:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 01:05 - 2014-03-06 14:48 - 00000000 ____D () C:\Users\fixvirus\Desktop\mbar
2014-03-06 01:05 - 2014-03-06 01:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\fixvirus\Downloads\mbar-1.07.0.1009.exe
2014-03-06 01:01 - 2014-03-06 01:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\fixvirus\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-06 01:00 - 2014-03-06 01:00 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Intel Corporation
2014-03-06 00:59 - 2014-03-06 11:03 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Google
2014-03-06 00:59 - 2014-03-06 09:51 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Adobe
2014-03-06 00:59 - 2014-03-06 01:01 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Intuit
2014-03-06 00:59 - 2014-03-06 00:59 - 00114496 _____ () C:\Users\fixvirus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 00:59 - 2014-03-06 00:59 - 00001428 _____ () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 00:59 - 2014-03-06 00:59 - 00000020 ___SH () C:\Users\fixvirus\ntuser.ini
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\LastPass
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Apple Computer
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\VirtualStore
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus
2014-03-06 00:59 - 2013-05-03 01:52 - 00000000 ____D () C:\Users\fixvirus\AppData\LocalGoogle
2014-03-06 00:59 - 2013-01-11 04:00 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Microsoft Help
2014-03-06 00:59 - 2012-11-09 14:28 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Macromedia
2014-03-06 00:59 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-06 00:59 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-06 00:26 - 2014-03-10 20:23 - 00003385 _____ () C:\Windows\setupact.log
2014-03-06 00:26 - 2014-03-10 18:57 - 00140842 _____ () C:\Windows\PFRO.log
2014-03-06 00:26 - 2014-03-06 00:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 23:41 - 2014-03-05 23:42 - 04765152 _____ (Piriform Ltd) C:\Users\Barry\Downloads\ccsetup411.exe
2014-03-05 23:41 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-05 23:41 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-03 20:51 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-03 20:51 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-03 20:51 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-03 20:51 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-03 20:51 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-03 20:51 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-03 20:51 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-03 20:51 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-03 20:51 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-03 20:51 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-03 20:51 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-03 20:51 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-03 20:51 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-03 20:51 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-03 20:51 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-03 20:51 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-03 20:50 - 2014-03-03 20:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 20:50 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-03 20:50 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-03 20:34 - 2014-03-03 20:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Barry\Downloads\MicrosoftFixit.IEAddon.RNP.503115255792938.12.1.Run.exe
2014-03-03 11:01 - 2014-03-06 14:32 - 00000000 ____D () C:\found.000
2014-02-26 22:53 - 2014-02-26 22:53 - 30710565 _____ () C:\Users\Barry\Downloads\JDSchramm_2011A-480p.mp4
2014-02-21 03:24 - 2014-02-21 03:24 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-17 13:02 - 2014-02-17 13:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 13:02 - 2014-02-17 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 13:02 - 2014-02-17 13:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 13:02 - 2014-02-17 13:02 - 00000000 ____D () C:\Program Files\iPod
2014-02-16 14:54 - 2014-02-16 14:54 - 00090915 _____ () C:\Users\Barry\Downloads\3811_manifest_2014-02-12_13-02.xlsx
2014-02-16 14:54 - 2014-02-16 14:54 - 00038968 _____ () C:\Users\Barry\Downloads\WM IM 02-16-2014.txt
2014-02-16 14:36 - 2014-02-16 14:54 - 00038968 _____ () C:\Users\Barry\Downloads\3811_manifest_2014-02-12_13-02.csv
2014-02-16 14:36 - 2014-02-16 14:36 - 00022235 _____ () C:\Users\Barry\Downloads\3736_manifest_2014-02-12_11-44.csv
2014-02-16 14:36 - 2014-02-16 14:36 - 00020102 _____ () C:\Users\Barry\Downloads\3812_manifest_2014-02-12_13-02.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00029875 _____ () C:\Users\Barry\Downloads\3772_manifest_2014-02-12_12-29.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00015675 _____ () C:\Users\Barry\Downloads\3738_manifest_2014-02-12_11-44.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00013200 _____ () C:\Users\Barry\Downloads\3767_manifest_2014-02-12_12-26.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00011749 _____ () C:\Users\Barry\Downloads\3786_manifest_2014-02-12_12-48.csv
2014-02-16 14:28 - 2014-02-16 14:28 - 00007324 _____ () C:\Users\Barry\Downloads\GO IM 02-16-2014.txt
2014-02-16 14:28 - 2014-02-16 14:28 - 00000000 _____ () C:\Users\Barry\Downloads\E995C610
2014-02-16 13:59 - 2014-02-16 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 03:14 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 03:14 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 03:14 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 03:14 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 03:14 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 03:14 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 03:14 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 03:14 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 03:14 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 03:14 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 03:14 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 03:14 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 03:14 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 03:14 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 03:14 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 03:14 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 03:14 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 03:14 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 03:14 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 03:14 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 03:14 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 03:14 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 03:14 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 03:14 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 03:14 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 03:14 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 03:14 - 2013-11-26 04:16 - 00000000 _____ () C:\Windows\SysWOW64\d2d1.dll
2014-02-12 03:14 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 16:30 - 2014-02-09 16:30 - 00643680 _____ () C:\Users\Barry\Downloads\Toolbar_production_100987.crxbho.exe
2014-02-09 01:11 - 2014-02-09 01:11 - 00864256 _____ () C:\Users\Barry\Downloads\InstaRateWindows.msi
2014-02-09 01:11 - 2014-02-09 01:11 - 00000000 ____D () C:\Program Files (x86)\DYMO Endicia
2014-02-09 01:06 - 2014-02-09 01:06 - 00000000 ____D () C:\Users\Public\Documents\Endicia
2014-02-09 00:26 - 2014-02-09 00:26 - 00003188 _____ () C:\Windows\System32\Tasks\{C9C5BCD6-146C-459E-BB3F-68AE9D3D0E68}
2014-02-09 00:25 - 2014-02-09 00:25 - 00003100 _____ () C:\Windows\System32\Tasks\{811E79ED-0580-469C-A472-59C662D5AA4F}
2014-02-09 00:23 - 2014-02-09 00:23 - 00117744 _____ () C:\Users\Barry\Downloads\EndiciaPremiumFullSetup (1).exe
2014-02-09 00:15 - 2014-02-09 00:15 - 00117744 _____ () C:\Users\Barry\Downloads\EndiciaPremiumFullSetup.exe
2014-02-09 00:13 - 2014-02-09 00:25 - 00000000 ____D () C:\Program Files (x86)\Endicia
2014-02-09 00:13 - 2014-02-09 00:23 - 00000000 ____D () C:\ProgramData\firebird
2014-02-09 00:13 - 2014-02-09 00:13 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Endicia
2014-02-08 22:44 - 2014-02-08 22:44 - 00119032 _____ () C:\Users\Barry\Downloads\EndiciaProFullSetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-10 21:50 - 2014-03-10 21:50 - 00016812 _____ () C:\Users\Barry\Downloads\FRST.txt
2014-03-10 21:50 - 2014-03-10 21:47 - 00000000 ____D () C:\FRST
2014-03-10 21:47 - 2014-03-10 21:47 - 02157056 _____ (Farbar) C:\Users\Barry\Downloads\FRST64.exe
2014-03-10 21:44 - 2014-03-10 21:44 - 00019150 _____ () C:\Users\Barry\Desktop\attach.txt
2014-03-10 21:43 - 2014-03-10 21:44 - 00015742 _____ () C:\Users\Barry\Desktop\dds.txt
2014-03-10 21:38 - 2014-03-10 21:37 - 00033790 _____ () C:\Users\Barry\Desktop\CheckResults.txt
2014-03-10 21:37 - 2014-03-10 21:37 - 00688992 ____R (Swearware) C:\Users\Barry\Downloads\dds.com
2014-03-10 21:37 - 2014-03-10 21:36 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Barry\Downloads\mbam-check-2.0.0.1000.exe
2014-03-10 21:37 - 2012-11-09 14:21 - 01132312 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 21:24 - 2013-01-24 11:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:22 - 2012-11-09 14:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 21:14 - 2014-03-10 21:14 - 00347816 _____ (Microsoft Corporation) C:\Users\Barry\Downloads\MicrosoftFixit.IEPerformance.RNP.5031792981922576.8.1.Run.exe
2014-03-10 20:43 - 2014-03-08 21:50 - 00000000 ____D () C:\Users\Barry\AppData\Local\CrashDumps
2014-03-10 20:43 - 2014-01-23 14:47 - 00000000 ____D () C:\Program Files\Java
2014-03-10 20:31 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 20:31 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 20:29 - 2014-03-09 21:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-10 20:24 - 2012-11-09 14:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 20:23 - 2014-03-06 00:26 - 00003385 _____ () C:\Windows\setupact.log
2014-03-10 20:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 18:57 - 2014-03-06 00:26 - 00140842 _____ () C:\Windows\PFRO.log
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Malwarebytes
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 00:16 - 2014-03-10 00:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 00:15 - 2014-03-10 00:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-10 00:14 - 2014-03-09 18:20 - 00000000 ____D () C:\Users\Barry\AppData\Local\LogMeIn Rescue Applet
2014-03-10 00:12 - 2014-03-10 00:12 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Barry\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-09 22:18 - 2014-03-09 19:41 - 00000000 ____D () C:\Users\Barry\AppData\Local\Avg2014
2014-03-09 22:15 - 2011-02-15 05:42 - 00000000 ____D () C:\Windows\Panther
2014-03-09 22:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-09 21:42 - 2014-03-09 21:42 - 00000000 ___HD () C:\$AVG
2014-03-09 21:42 - 2014-03-09 17:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-09 21:32 - 2014-03-09 21:32 - 00000000 ____D () C:\Users\Barry\AppData\Local\MFAData
2014-03-09 21:28 - 2014-03-09 21:28 - 04462384 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_stb_en_2014_4335_free.exe
2014-03-09 21:14 - 2014-03-09 21:14 - 01565744 _____ () C:\Users\Barry\Downloads\AVG_Remover_en.exe
2014-03-09 20:46 - 2014-03-09 20:46 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (7).exe
2014-03-09 20:41 - 2014-03-09 20:41 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (6).exe
2014-03-09 20:36 - 2014-03-09 20:36 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (5).exe
2014-03-09 20:16 - 2014-03-09 20:16 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (4).exe
2014-03-09 20:03 - 2014-03-09 20:03 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (3).exe
2014-03-09 19:58 - 2014-03-09 19:58 - 00003288 ____N () C:\bootsqm.dat
2014-03-09 19:53 - 2012-11-09 14:31 - 629712384 ___SH () C:\Windows\lenovo_fastboot.img
2014-03-09 19:48 - 2014-03-09 19:48 - 00000000 ____D () C:\Windows\pss
2014-03-09 19:48 - 2013-01-08 22:35 - 00000000 ___RD () C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 19:44 - 2014-03-09 19:44 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\AVG2014
2014-03-09 19:44 - 2014-03-09 17:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-09 19:38 - 2014-03-09 19:37 - 155264904 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_x64_all_2014_4335a7045.exe
2014-03-09 19:37 - 2013-05-05 13:23 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Dropbox
2014-03-09 19:33 - 2013-05-05 16:12 - 00000000 ___RD () C:\Users\Barry\Google Drive
2014-03-09 19:33 - 2013-05-05 13:25 - 00000000 ___RD () C:\Users\Barry\Dropbox
2014-03-09 19:31 - 2014-03-09 19:30 - 00365676 _____ () C:\Users\Barry\Downloads\avgremover.log
2014-03-09 19:30 - 2014-03-09 19:30 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Barry\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-03-09 19:30 - 2014-03-09 19:30 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Barry\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-03-09 19:00 - 2014-03-09 19:00 - 10820032 _____ (SurfRight B.V.) C:\Users\Barry\Downloads\HitmanPro_x64 (1).exe
2014-03-09 19:00 - 2014-03-09 18:59 - 10820032 _____ (SurfRight B.V.) C:\Users\Barry\Downloads\HitmanPro_x64.exe
2014-03-09 18:50 - 2014-03-09 18:50 - 00000000 ____D () C:\Users\Barry\AppData\Local\AVG SafeGuard toolbar
2014-03-09 18:48 - 2014-03-09 18:48 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-09 18:47 - 2014-03-09 18:48 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-09 18:33 - 2014-03-09 18:32 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (2).exe
2014-03-09 18:28 - 2014-03-09 18:28 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue (1).exe
2014-03-09 18:20 - 2014-03-09 18:20 - 01250144 _____ (LogMeIn, Inc.) C:\Users\Barry\Downloads\Support-LogMeInRescue.exe
2014-03-09 18:06 - 2013-07-11 18:28 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-09 18:04 - 2014-03-09 17:56 - 00000033 _____ () C:\Users\Barry\Desktop\Avg support.txt
2014-03-09 17:53 - 2013-01-09 01:05 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-08 21:53 - 2014-03-08 21:53 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\supportdotcom
2014-03-08 21:52 - 2014-03-08 21:52 - 00816400 _____ () C:\Users\Barry\Downloads\Nexus.com
2014-03-08 21:27 - 2013-12-01 10:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-08 20:53 - 2014-03-08 20:53 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-03-08 20:52 - 2014-03-08 20:52 - 28656912 _____ (Panda Security ) C:\Users\Barry\Downloads\PandaCloudCleaner.exe
2014-03-08 20:27 - 2014-03-08 20:27 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\TuneUp Software
2014-03-08 20:26 - 2014-03-08 20:25 - 90578216 _____ (AVAST Software) C:\Users\Barry\Downloads\avast_free_antivirus_setup.exe
2014-03-08 20:24 - 2014-03-08 20:23 - 04462384 _____ (AVG Technologies) C:\Users\Barry\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-07 15:47 - 2014-03-07 15:47 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Lenovo
2014-03-07 09:03 - 2014-03-07 09:03 - 00000000 ____D () C:\Program Files\Intel
2014-03-07 09:02 - 2014-03-07 09:02 - 00000146 _____ () C:\Windows\system32\WmiConf.txt
2014-03-07 09:02 - 2014-03-07 09:02 - 00000000 _____ () C:\Rule.txt
2014-03-07 09:01 - 2012-11-09 14:19 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-07 02:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-07 00:34 - 2014-03-07 00:33 - 00688992 ____R (Swearware) C:\Users\Barry\Downloads\dds.scr
2014-03-07 00:26 - 2014-03-07 00:26 - 00001871 _____ () C:\Users\fixvirus\Desktop\RKreport[0]_D_03062014_232653.txt
2014-03-07 00:26 - 2014-03-07 00:26 - 00001836 _____ () C:\Users\fixvirus\Desktop\RKreport[0]_S_03062014_232630.txt
2014-03-07 00:26 - 2014-03-07 00:24 - 00000000 ____D () C:\Users\fixvirus\Desktop\RK_Quarantine
2014-03-07 00:25 - 2014-03-07 00:25 - 00688992 _____ (Swearware) C:\Users\fixvirus\Downloads\dds.scr
2014-03-07 00:20 - 2014-03-06 23:21 - 00000000 ____D () C:\AdwCleaner
2014-03-06 23:21 - 2014-03-06 23:21 - 01244192 _____ () C:\Users\fixvirus\Downloads\adwcleaner.exe
2014-03-06 23:20 - 2014-03-06 23:18 - 221488392 _____ () C:\Users\fixvirus\Downloads\EmsisoftEmergencyKit.exe
2014-03-06 23:13 - 2014-03-06 22:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-06 23:05 - 2014-03-06 23:04 - 103517456 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\msert.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 10820032 _____ (SurfRight B.V.) C:\Users\fixvirus\Downloads\HitmanPro_x64.exe
2014-03-06 22:52 - 2014-03-06 22:52 - 04413952 _____ () C:\Users\fixvirus\Downloads\RogueKillerX64.exe
2014-03-06 22:45 - 2014-03-06 22:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\fixvirus\Downloads\iExplore.exe
2014-03-06 22:41 - 2014-03-06 22:37 - 368945248 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2014-03-06 22:39 - 2014-03-06 22:39 - 00001343 _____ () C:\Windows\IE11_main.log
2014-03-06 22:37 - 2014-03-06 22:37 - 25640672 _____ (Microsoft Corporation) C:\Users\fixvirus\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-06 21:54 - 2014-03-06 21:54 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Malwarebytes
2014-03-06 15:07 - 2013-01-09 01:02 - 00000000 ____D () C:\Users\Barry\AppData\Local\Lenovo
2014-03-06 15:02 - 2014-03-06 15:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-03-06 14:53 - 2014-03-06 14:53 - 00080456 _____ (Malwarebytes Corporation) C:\Users\fixvirus\Desktop\mbam-clean-1.60.2.0003.exe
2014-03-06 14:48 - 2014-03-06 01:05 - 00000000 ____D () C:\Users\fixvirus\Desktop\mbar
2014-03-06 14:37 - 2014-03-06 14:37 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-06 14:37 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2014-03-06 14:37 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-06 14:35 - 2012-11-09 14:34 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-06 14:34 - 2013-12-26 17:05 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-06 14:32 - 2014-03-03 11:01 - 00000000 ____D () C:\found.000
2014-03-06 12:50 - 2014-03-06 12:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-06 12:50 - 2014-03-06 12:50 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Tvsukernel
2014-03-06 12:42 - 2014-03-06 12:42 - 00002996 _____ () C:\Windows\System32\Tasks\PMTask
2014-03-06 12:42 - 2012-11-09 14:31 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-06 12:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-06 12:39 - 2012-11-09 14:06 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-06 12:05 - 2013-01-09 21:57 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-06 12:05 - 2012-11-09 14:29 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-06 12:03 - 2014-03-06 09:51 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\LSC
2014-03-06 11:03 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Google
2014-03-06 09:54 - 2014-03-06 09:52 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\LSC
2014-03-06 09:53 - 2012-11-09 14:28 - 00000000 ____D () C:\Program Files\Lenovo
2014-03-06 09:53 - 2011-02-15 05:42 - 00000000 ____D () C:\SWTOOLS
2014-03-06 09:52 - 2014-03-06 09:52 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Adobe
2014-03-06 09:52 - 2012-11-09 14:28 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-06 09:51 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Adobe
2014-03-06 09:48 - 2014-03-06 01:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 01:11 - 2014-03-06 01:11 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Oracle
2014-03-06 01:08 - 2014-03-06 01:08 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\fixvirus\Downloads\tdsskiller.exe
2014-03-06 01:05 - 2014-03-06 01:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\fixvirus\Downloads\mbar-1.07.0.1009.exe
2014-03-06 01:02 - 2014-03-06 01:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\fixvirus\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-06 01:01 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\Intuit
2014-03-06 01:00 - 2014-03-06 01:00 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Intel Corporation
2014-03-06 00:59 - 2014-03-06 00:59 - 00114496 _____ () C:\Users\fixvirus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 00:59 - 2014-03-06 00:59 - 00001428 _____ () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 00:59 - 2014-03-06 00:59 - 00000020 ___SH () C:\Users\fixvirus\ntuser.ini
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ___RD () C:\Users\fixvirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\LastPass
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Roaming\Apple Computer
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus\AppData\Local\VirtualStore
2014-03-06 00:59 - 2014-03-06 00:59 - 00000000 ____D () C:\Users\fixvirus
2014-03-06 00:26 - 2014-03-06 00:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 23:42 - 2014-03-05 23:41 - 04765152 _____ (Piriform Ltd) C:\Users\Barry\Downloads\ccsetup411.exe
2014-03-03 21:03 - 2014-01-03 12:12 - 00000000 ___RD () C:\Users\Barry\Desktop\Avi Backup
2014-03-03 20:50 - 2014-03-03 20:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 20:35 - 2014-03-03 20:34 - 00347816 _____ (Microsoft Corporation) C:\Users\Barry\Downloads\MicrosoftFixit.IEAddon.RNP.503115255792938.12.1.Run.exe
2014-03-03 11:02 - 2013-01-08 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 01:07 - 2013-12-26 16:57 - 00005120 _____ () C:\Users\Barry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-26 22:53 - 2014-02-26 22:53 - 30710565 _____ () C:\Users\Barry\Downloads\JDSchramm_2011A-480p.mp4
2014-02-21 03:24 - 2014-02-21 03:24 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 03:24 - 2013-01-24 11:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 03:24 - 2013-01-24 11:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 03:24 - 2013-01-24 11:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 13:03 - 2014-02-17 13:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 13:03 - 2014-02-17 13:02 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 13:03 - 2014-02-17 13:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 13:02 - 2014-02-17 13:02 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 12:59 - 2013-01-16 12:23 - 00000000 ____D () C:\ProgramData\Apple
2014-02-16 15:45 - 2013-01-23 20:41 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Apple Computer
2014-02-16 14:54 - 2014-02-16 14:54 - 00090915 _____ () C:\Users\Barry\Downloads\3811_manifest_2014-02-12_13-02.xlsx
2014-02-16 14:54 - 2014-02-16 14:54 - 00038968 _____ () C:\Users\Barry\Downloads\WM IM 02-16-2014.txt
2014-02-16 14:54 - 2014-02-16 14:36 - 00038968 _____ () C:\Users\Barry\Downloads\3811_manifest_2014-02-12_13-02.csv
2014-02-16 14:36 - 2014-02-16 14:36 - 00022235 _____ () C:\Users\Barry\Downloads\3736_manifest_2014-02-12_11-44.csv
2014-02-16 14:36 - 2014-02-16 14:36 - 00020102 _____ () C:\Users\Barry\Downloads\3812_manifest_2014-02-12_13-02.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00029875 _____ () C:\Users\Barry\Downloads\3772_manifest_2014-02-12_12-29.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00015675 _____ () C:\Users\Barry\Downloads\3738_manifest_2014-02-12_11-44.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00013200 _____ () C:\Users\Barry\Downloads\3767_manifest_2014-02-12_12-26.csv
2014-02-16 14:35 - 2014-02-16 14:35 - 00011749 _____ () C:\Users\Barry\Downloads\3786_manifest_2014-02-12_12-48.csv
2014-02-16 14:28 - 2014-02-16 14:28 - 00007324 _____ () C:\Users\Barry\Downloads\GO IM 02-16-2014.txt
2014-02-16 14:28 - 2014-02-16 14:28 - 00000000 _____ () C:\Users\Barry\Downloads\E995C610
2014-02-16 13:59 - 2014-02-16 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 13:32 - 2012-08-13 10:45 - 00000000 ____D () C:\UPS
2014-02-16 04:02 - 2013-08-13 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-09 16:30 - 2014-02-09 16:30 - 00643680 _____ () C:\Users\Barry\Downloads\Toolbar_production_100987.crxbho.exe
2014-02-09 04:16 - 2012-11-09 14:32 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 04:16 - 2012-11-09 14:32 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 01:11 - 2014-02-09 01:11 - 00864256 _____ () C:\Users\Barry\Downloads\InstaRateWindows.msi
2014-02-09 01:11 - 2014-02-09 01:11 - 00000000 ____D () C:\Program Files (x86)\DYMO Endicia
2014-02-09 01:06 - 2014-02-09 01:06 - 00000000 ____D () C:\Users\Public\Documents\Endicia
2014-02-09 00:31 - 2013-01-09 21:56 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Skype
2014-02-09 00:26 - 2014-02-09 00:26 - 00003188 _____ () C:\Windows\System32\Tasks\{C9C5BCD6-146C-459E-BB3F-68AE9D3D0E68}
2014-02-09 00:25 - 2014-02-09 00:25 - 00003100 _____ () C:\Windows\System32\Tasks\{811E79ED-0580-469C-A472-59C662D5AA4F}
2014-02-09 00:25 - 2014-02-09 00:13 - 00000000 ____D () C:\Program Files (x86)\Endicia
2014-02-09 00:23 - 2014-02-09 00:23 - 00117744 _____ () C:\Users\Barry\Downloads\EndiciaPremiumFullSetup (1).exe
2014-02-09 00:23 - 2014-02-09 00:13 - 00000000 ____D () C:\ProgramData\firebird
2014-02-09 00:15 - 2014-02-09 00:15 - 00117744 _____ () C:\Users\Barry\Downloads\EndiciaPremiumFullSetup.exe
2014-02-09 00:13 - 2014-02-09 00:13 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Endicia
2014-02-08 22:44 - 2014-02-08 22:44 - 00119032 _____ () C:\Users\Barry\Downloads\EndiciaProFullSetup.exe
 
Some content of TEMP:
====================
C:\Users\Ellie\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Ellie\AppData\Local\Temp\MyClaroTB.exe
C:\Users\Ellie\AppData\Local\Temp\Setup-C4.exe
C:\Users\Ellie\AppData\Local\Temp\uninst1.exe
C:\Users\Ellie\AppData\Local\Temp\utt52C9.tmp.exe
C:\Users\fixvirus\AppData\Local\Temp\ntdll_dump.dll
C:\Users\fixvirus\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 01:32
 
==================== End Of Log ============================
 
I will post the next file in the next post. This will not post with both as it is too long.
Link to post
Share on other sites

  • Staff

Hello pittzgreen

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Hi there Gringo,

 

 I ran the 2 programs. The computer still seems to be hesitating, but here are those reports:

 

AdwCleaner[s3]

 

# AdwCleaner v3.022 - Report created 13/03/2014 at 19:30:35
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Barry - HOME-OFFICE
# Running from : C:\Users\Barry\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Barry\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\zt7s5wne.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default\prefs.js ]
 
 
[ File : C:\Users\Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\zt7s5wne.default\prefs.js ]
 
Line Deleted : user_pref("CT3289075.FF19Solved", "true");
Line Deleted : user_pref("CT3289075.UserID", "UN42304211186552210");
Line Deleted : user_pref("CT3289075.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3289075.autoDisableScopes", -1);
Line Deleted : user_pref("CT3289075.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289075.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3289075.installDate", "28/4/2013 10:22:51");
Line Deleted : user_pref("CT3289075.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3289075.keyword", "true");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v6 Customized Web Search");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
Line Deleted : user_pref("smartbar.originalHomepage", "about:home");
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Ellie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
 
[ File : C:\Users\fixvirus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
 
*************************
 
AdwCleaner[R0].txt - [3726 octets] - [06/03/2014 23:22:10]
AdwCleaner[R1].txt - [1127 octets] - [06/03/2014 23:28:21]
AdwCleaner[R2].txt - [1247 octets] - [07/03/2014 00:19:04]
AdwCleaner[R3].txt - [6570 octets] - [13/03/2014 19:22:48]
AdwCleaner[s0].txt - [3787 octets] - [06/03/2014 23:24:26]
AdwCleaner[s1].txt - [1191 octets] - [06/03/2014 23:29:49]
AdwCleaner[s2].txt - [1311 octets] - [07/03/2014 00:20:18]
AdwCleaner[s3].txt - [6085 octets] - [13/03/2014 19:30:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [6145 octets] ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Barry on Thu 03/13/2014 at 19:40:53.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Barry\AppData\Roaming\mywordtool"
Successfully deleted: [Empty Folder] C:\Users\Barry\appdata\local\{296F5BA3-8117-4773-834C-22BC959FA58F}
Successfully deleted: [Empty Folder] C:\Users\Barry\appdata\local\{330D49E8-46DA-47E1-994A-861E2BB26D6E}
Successfully deleted: [Empty Folder] C:\Users\Barry\appdata\local\{37298554-7AC5-4CC2-9072-B926DBF31A59}
Successfully deleted: [Empty Folder] C:\Users\Barry\appdata\local\{91D56943-5414-469D-9096-DE141CC78462}
Successfully deleted: [Empty Folder] C:\Users\Barry\appdata\local\{C56A14E1-D41A-463C-B4E8-3B909CC5A793}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Barry\AppData\Roaming\mozilla\firefox\profiles\pgca5d7o.default\prefs.js
 
Emptied folder: C:\Users\Barry\AppData\Roaming\mozilla\firefox\profiles\pgca5d7o.default\minidumps [19 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/13/2014 at 19:45:42.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

  • Staff

Hello pittzgreen

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi Gringo,

  I followed all instructions. Computer is still hesitating, and IE is still crashing. Here's the log:

 

ComboFix 14-03-13.01 - Barry 03/13/2014  21:44:05.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8016.6361 [GMT -4:00]
Running from: c:\users\Barry\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-14 to 2014-03-14  )))))))))))))))))))))))))))))))
.
.
2014-03-14 01:53 . 2014-03-14 01:53 -------- d-----w- c:\users\Ellie\AppData\Local\temp
2014-03-14 01:53 . 2014-03-14 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-13 23:40 . 2014-03-13 23:40 -------- d-----w- c:\windows\ERUNT
2014-03-13 06:27 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-13 06:27 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-13 06:27 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 06:27 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 06:27 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 06:27 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 06:27 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 06:27 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 13:43 . 2014-03-12 13:43 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2014-03-11 13:42 . 2014-03-11 13:42 -------- d-----w- c:\programdata\AVG 0214c Campaign
2014-03-11 07:01 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-03-11 07:01 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-11 02:44 . 2014-03-11 02:44 40760 ----a-w- c:\windows\system32\drivers\psadd.sys
2014-03-11 02:41 . 2014-03-11 02:44 -------- d-----w- C:\swshare
2014-03-11 02:23 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2014-03-11 01:47 . 2014-03-11 01:51 -------- d-----w- C:\FRST
2014-03-10 04:16 . 2014-03-10 04:16 -------- d-----w- c:\users\Barry\AppData\Roaming\Malwarebytes
2014-03-10 04:16 . 2014-03-10 04:16 -------- d-----w- c:\programdata\Malwarebytes
2014-03-10 04:16 . 2014-03-10 04:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-10 04:16 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-10 01:42 . 2014-03-10 01:42 -------- d-----w- C:\$AVG
2014-03-10 01:32 . 2014-03-13 22:28 -------- d-----w- c:\programdata\MFAData
2014-03-10 01:32 . 2014-03-10 01:32 -------- d-----w- c:\users\Barry\AppData\Local\MFAData
2014-03-09 23:44 . 2014-03-09 23:44 -------- d-----w- c:\users\Barry\AppData\Roaming\AVG2014
2014-03-09 23:41 . 2014-03-10 02:18 -------- d-----w- c:\users\Barry\AppData\Local\Avg2014
2014-03-09 22:48 . 2014-03-09 22:47 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-09 22:20 . 2014-03-10 04:14 -------- d-----w- c:\users\Barry\AppData\Local\LogMeIn Rescue Applet
2014-03-09 21:41 . 2014-03-09 23:44 -------- d-----w- c:\programdata\AVG2014
2014-03-09 21:40 . 2014-03-10 01:42 -------- d-----w- c:\program files (x86)\AVG
2014-03-09 01:53 . 2014-03-09 01:53 -------- d-----w- c:\users\Barry\AppData\Roaming\supportdotcom
2014-03-09 01:53 . 2014-03-09 02:15 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2014-03-09 01:50 . 2014-03-11 00:43 -------- d-----w- c:\users\Barry\AppData\Local\CrashDumps
2014-03-09 00:59 . 2014-02-17 06:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8EC4B8B-8B0D-41CC-A13C-C7FB88F6B58C}\mpengine.dll
2014-03-09 00:53 . 2013-04-29 13:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-03-09 00:53 . 2014-03-09 00:53 -------- d-----w- c:\program files (x86)\Panda Security
2014-03-09 00:27 . 2014-03-09 00:27 -------- d-----w- c:\users\Barry\AppData\Roaming\TuneUp Software
2014-03-07 13:03 . 2014-03-07 13:03 -------- d-----w- c:\program files\Intel
2014-03-07 03:21 . 2014-03-13 23:31 -------- d-----w- C:\AdwCleaner
2014-03-07 02:56 . 2014-03-07 03:13 -------- d-----w- c:\programdata\HitmanPro
2014-03-06 18:37 . 2014-03-06 18:37 -------- d-----w- c:\program files (x86)\Windows Sidebar
2014-03-06 13:52 . 2014-03-06 13:52 -------- d-----w- C:\drivers
2014-03-06 05:06 . 2014-03-06 13:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-06 04:59 . 2014-03-06 04:59 -------- d-----w- c:\users\fixvirus
2014-03-06 03:41 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-06 03:41 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-04 00:50 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-04 00:50 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-03 15:01 . 2014-03-06 18:32 -------- d-----w- C:\found.000
2014-02-21 07:24 . 2014-02-21 07:24 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-17 17:02 . 2014-02-17 17:02 -------- d-----w- c:\program files\iPod
2014-02-17 17:02 . 2014-02-17 17:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:02 . 2014-02-17 17:03 -------- d-----w- c:\program files\iTunes
2014-02-17 17:02 . 2014-02-17 17:03 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 07:24 . 2013-01-24 15:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 07:24 . 2013-01-24 15:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 00:09 . 2013-01-09 04:11 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-03 17:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-09 06:48 . 2014-01-09 06:48 32128 ----a-w- c:\windows\system32\ssmirrdr.dll
2014-01-09 06:48 . 2014-01-09 06:48 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-30 23:37 . 2013-01-09 03:36 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-12-26 21:04 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-16 20:03 . 2013-01-09 03:34 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-12-16 20:03 . 2013-01-09 03:34 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-16 20:03 . 2013-01-09 03:34 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
.
c:\users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Barry\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0??
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
R4 LMIRescue_af6b08b6-6485-4356-9e18-cb6278c43e9e;LogMeIn Rescue (af6b08b6-6485-4356-9e18-cb6278c43e9e);c:\users\Barry\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe;c:\users\Barry\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
R4 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [x]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [x]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-06 05:22 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 07:24]
.
2014-03-14 c:\windows\Tasks\AVG_SYS_TASK.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-03-11 19:07]
.
2014-03-13 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-03-11 19:07]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 18:32]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 18:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Barry\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\pgca5d7o.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-13  21:56:29
ComboFix-quarantined-files.txt  2014-03-14 01:56
.
Pre-Run: 12,811,493,376 bytes free
Post-Run: 13,493,379,072 bytes free
.
- - End Of File - - 8E0055179CEA9212FFD32A091C483FA6
Link to post
Share on other sites

  • Staff

Hello pittzgreen

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites

I ran the scan but IE is still crashing. The scan did not generate a report named "RKreport[2].txt". There were 2 reports: "RKreport[0]_D_03162014_104613.txt" and "RKreport[0]_S_03162014_104127.txt". Here they are:

 

"RKreport[0]_S_03162014_104127"

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Barry [Admin rights]
Mode : Scan -- Date : 03/16/2014 10:41:27
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] AVG-Secure-Search-Update-0214c.exe -- C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] AVG_SYS_TASK.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe -  --TASK_START_SYS --CMPID=0214c [7] -> FOUND
[V1][sUSP PATH] AVG_SYS_TASK_DELETE.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][sUSP PATH] AVG_SYS_TASK : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - --TASK_START_SYS --CMPID=0214c [7] -> FOUND
[V2][sUSP PATH] AVG_SYS_TASK_DELETE : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAKX-083CA1 +++++
--- User ---
[MBR] 33ecaa3d69c5326c665abfb0c9378a39
[bSP] 7bcb39f4e6af1222115a155e0a4bd85a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 226973 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 23d471f05c930ec49c3662dac873a79b
[bSP] 6ca4506f4c9cd270130f0648705fdea4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 226973 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 Mo
 
Finished : << RKreport[0]_S_03162014_104127.txt >>
 
 
 
"RKreport[0]_D_03162014_104613"
 
RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Barry [Admin rights]
Mode : Remove -- Date : 03/16/2014 10:46:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] AVG-Secure-Search-Update-0214c.exe -- C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] AVG_SYS_TASK.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe -  --TASK_START_SYS --CMPID=0214c [7] -> NOT SELECTED
[V1][sUSP PATH] AVG_SYS_TASK_DELETE.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> NOT SELECTED
[V2][sUSP PATH] AVG_SYS_TASK : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - --TASK_START_SYS --CMPID=0214c [7] -> NOT SELECTED
[V2][sUSP PATH] AVG_SYS_TASK_DELETE : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> NOT SELECTED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAKX-083CA1 +++++
--- User ---
[MBR] 33ecaa3d69c5326c665abfb0c9378a39
[bSP] 7bcb39f4e6af1222115a155e0a4bd85a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 226973 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 23d471f05c930ec49c3662dac873a79b
[bSP] 6ca4506f4c9cd270130f0648705fdea4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 226973 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 Mo
 
Finished : << RKreport[0]_D_03162014_104613.txt >>
RKreport[0]_S_03162014_104127.txt
 
 
 
Link to post
Share on other sites

  • Staff

Hello pittzgreen

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Hi Gringo,

   Thanks for checking in. I was able to downgrade IE back to version 8. What is taking so long is that I am now trying to upgrade back one step at a time to IE 11. And each update requires a restart. So far it's been working. Am I dong this right? I should be done today.

Link to post
Share on other sites

Back at IE 11. Freezing again. :-( I'm considering just reformatting the Hard Drive and reinstalling Windows. It's a huge pain, but it might be worth the hassle. Unless you have more ideas. What do you think? Also, any chance of whatever this is carrying over to a fresh install of windows?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.