JustLookingForHelp Posted March 19, 2014 ID:804831 Share Posted March 19, 2014 Hi,My family has been noticing our computer running slower the past few weeks. We do not typically download random files and haven't had many issues in the past outside of some adware and unwanted toolbars. We used MBAM to remove any problems to great effect in the past and were looking for it to resolve our current issue. After running MBAM, it pops up about 100 infected files which are PUP's from what appears to be google chrome (a browser that we do not use). Once I attempt to remove the files, MBAM immediately stops responding. I'm not sure if this is something related to our antivirus or if there might be something deeply rooted stopping MBAM. I have run two other programs (Hitman Pro and Ad-aware) and they only came up with one file that was easily quarantined. I have a general idea of what steps I should take from here, but would like some guidance. Thanks. Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:804834 Share Posted March 19, 2014 Welcome to the forum. Please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8) (please don't put logs in code or quotes and use the default font) (Please don't forget to run the RogueKiller scan below) General Forum P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, pirated MS Office, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running, please create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:804870 Share Posted March 19, 2014 Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.51.2Run by Donna at 22:02:51 on 2014-03-18Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4158 [GMT -5:00].AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\Windows\ehome\ehmsas.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\HTC\ModeSelection\VMMModeSelection.exeC:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\ProgramData\Search Protection\SearchProtection.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\hp\kbd\kbd.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllmWinlogon: Userinit = userinit.exeBHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [KBD] C:\HP\KBD\KbdStub.EXEmRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUNmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exeStartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.254TCP: Interfaces\{C9E4DA18-0AE2-4780-98DC-DABC4EEC1ABB} : DHCPNameServer = 192.168.1.254AppInit_DLLs= LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dllx64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"x64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Notify: igfxcui - igfxdev.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Donna\AppData\Roaming\Mozilla\plugins\npicaN.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-15 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-15 207904]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-15 1038072]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-15 421704]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-15 78648]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-15 50344]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2012-5-14 121800]S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2012-5-14 121800]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-26 89920].=============== Created Last 30 ================..==================== Find3M ====================.2014-03-17 02:14:46 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-03-17 02:14:46 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2014-03-17 02:14:46 421704 ----a-w- C:\Windows\System32\drivers\aswsp.sys2014-03-17 02:14:46 334136 ----a-w- C:\Windows\System32\aswBoot.exe2014-03-17 02:14:46 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-03-17 02:14:46 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2014-03-17 02:14:45 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys2014-03-17 02:14:45 43152 ----a-w- C:\Windows\avastSS.scr2014-03-12 11:06:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 11:06:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-02 19:05:02 90015360 ----a-w- C:\Windows\System32\mrt.exe2014-02-19 11:45:35 1032192 ----a-w- C:\Windows\System32\wininet.dll2014-02-19 11:45:21 1430528 ----a-w- C:\Windows\System32\urlmon.dll2014-02-19 11:45:21 108544 ----a-w- C:\Windows\System32\url.dll2014-02-19 11:43:31 1129984 ----a-w- C:\Windows\System32\mstime.dll2014-02-19 11:43:19 763904 ----a-w- C:\Windows\System32\mshtmled.dll2014-02-19 11:43:19 623104 ----a-w- C:\Windows\System32\msfeeds.dll2014-02-19 11:43:19 5737472 ----a-w- C:\Windows\System32\mshtml.dll2014-02-19 11:42:49 32256 ----a-w- C:\Windows\System32\jsproxy.dll2014-02-19 11:42:38 224768 ----a-w- C:\Windows\System32\ieui.dll2014-02-19 11:42:37 7051776 ----a-w- C:\Windows\System32\ieframe.dll2014-02-19 11:42:37 377856 ----a-w- C:\Windows\System32\iertutil.dll2014-02-19 11:42:37 249856 ----a-w- C:\Windows\System32\iepeers.dll2014-02-19 11:42:35 422400 ----a-w- C:\Windows\System32\ieapfltr.dll2014-02-19 11:42:35 146944 ----a-w- C:\Windows\apppatch\AppPatch64\iebrshim.dll2014-02-19 11:41:49 33792 ----a-w- C:\Windows\System32\corpol.dll2014-02-19 10:17:11 485376 ----a-w- C:\Windows\System32\html.iec2014-02-19 09:39:26 834048 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-19 09:39:23 1177600 ----a-w- C:\Windows\SysWow64\urlmon.dll2014-02-19 09:39:23 106496 ----a-w- C:\Windows\SysWow64\url.dll2014-02-19 09:39:02 671232 ----a-w- C:\Windows\SysWow64\mstime.dll2014-02-19 09:38:58 498688 ----a-w- C:\Windows\SysWow64\msfeeds.dll2014-02-19 09:38:58 480256 ----a-w- C:\Windows\SysWow64\mshtmled.dll2014-02-19 09:38:58 3627008 ----a-w- C:\Windows\SysWow64\mshtml.dll2014-02-19 09:38:50 27648 ----a-w- C:\Windows\SysWow64\jsproxy.dll2014-02-19 09:38:46 271872 ----a-w- C:\Windows\SysWow64\iertutil.dll2014-02-19 09:38:46 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll2014-02-19 09:38:46 180736 ----a-w- C:\Windows\SysWow64\ieui.dll2014-02-19 09:38:45 6119424 ----a-w- C:\Windows\SysWow64\ieframe.dll2014-02-19 09:38:45 53760 ----a-w- C:\Windows\apppatch\iebrshim.dll2014-02-19 09:38:45 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll2014-02-19 09:38:38 19456 ----a-w- C:\Windows\SysWow64\corpol.dll2014-02-19 09:38:35 1383424 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-19 08:13:05 389632 ----a-w- C:\Windows\SysWow64\html.iec2014-02-19 08:04:56 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll2013-12-19 03:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-12-19 03:04:13 264616 ----a-w- C:\Windows\SysWow64\javaws.exe2013-12-19 03:04:09 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-12-19 03:03:46 174504 ----a-w- C:\Windows\SysWow64\java.exe.============= FINISH: 22:03:21.19 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 7/25/2011 2:21:02 PMSystem Uptime: 3/18/2014 8:23:54 PM (2 hours ago).Motherboard: PEGATRON CORPORATION | | BeniciaProcessor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2400/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 239.39 GiB free.D: is FIXED (NTFS) - 12 GiB total, 1.625 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Ad-Aware AntivirusAd-Aware Security Add-onAdAwareInstallerAdAwareUpdaterAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader X (10.1.9)AntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourBrother MFL-Pro SuiteCards_Calendar_OrderGift_DoMorePlugoutCCleanerCitrix XenApp Web PluginCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCyberLink DVD Suite DeluxeEnhanced Multimedia Keyboard SolutionFree YouTube to MP3 Converter version 3.10.815Google Update HelperHandBrake 0.9.9.1Hardware Diagnostic ToolsHewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HPTCSSetupIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManageriTunesJava 7 Update 51Java Auto UpdaterJava SE Runtime Environment 6 Update 1LabelPrintLightScribe System Software 1.14.17.1LightScribeTemplateLabelerMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4.5.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Excel ViewerMicrosoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Home and Student 60 day trialMicrosoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesPaperPort Image Printer 64-bitPower2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverScanSoft PaperPort 11Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2837615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2837617) 32-Bit EditionTomTom HOMETomTom HOME Visual Studio Merge ModulesTurboTax 2011TurboTax 2011 wiliperTurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wrapperTurboTax 2012TurboTax 2012 wiliperTurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wrapperTurboTax 2013TurboTax 2013 wiliperTurboTax 2013 WinPerFedFormsetTurboTax 2013 WinPerReleaseEngineTurboTax 2013 WinPerTaxSupportTurboTax 2013 wrapperUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VideoToolkit01Windows Media Player Firefox PluginWModem Driver InstallerYahoo! Detect.==== End Of File =========================== RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Donna [Admin rights]Mode : Scan -- Date : 03/18/2014 22:17:23| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 5 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe [7]) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost::1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST3500413AS +++++--- User ---[MBR] 23090deb78eb9182a33d44f1de1d9172[bSP] 51fbeb8a9bdb130fd9ef73cd52e43004 : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464669 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951642405 | Size: 12268 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03182014_221723.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:804949 Share Posted March 19, 2014 Please start with this: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805028 Share Posted March 19, 2014 This is the log for AdwCleaner. I'd like to know if all of it is necessary to be removed in your opinion. # AdwCleaner v3.022 - Report created 19/03/2014 at 11:06:48# Updated 13/03/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Donna - DONNA-PC# Running from : C:\Users\Donna\Downloads\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xmlFolder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TBFolder Found C:\Program Files (x86)\ConduitFolder Found C:\Program Files (x86)\Toolbar CleanerFolder Found C:\ProgramData\blekko toolbarsFolder Found C:\ProgramData\Browser ManagerFolder Found C:\ProgramData\Search ProtectionFolder Found C:\Users\Donna\AppData\LocalLow\adawaretbFolder Found C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\adawaretb***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\AppDataLow\Software\adawaretbKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Found : HKCU\Software\WEDLMNGRKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : [x64] HKCU\Software\WEDLMNGRKey Found : HKLM\Software\adawaretbKey Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretbKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Found : HKLM\Software\Toolbar CleanerKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Found : [x64] HKLM\SOFTWARE\Updater By SweetpacksValue Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [search Protection]Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]***** [ Browsers ] *****-\\ Internet Explorer v7.0.6002.18005-\\ Mozilla Firefox v27.0.1 (en-US)[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\prefs.js ]*************************AdwCleaner[R0].txt - [3075 octets] - [19/03/2014 11:02:25]AdwCleaner[R1].txt - [2967 octets] - [19/03/2014 11:06:48]########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3027 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805042 Share Posted March 19, 2014 Yes, clean it all up, MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805048 Share Posted March 19, 2014 Malwarebytes detects the PUP's but still stops responding when the trying to remove the files. The AdwCleaner log: # AdwCleaner v3.022 - Report created 19/03/2014 at 11:47:31# Updated 13/03/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Donna - DONNA-PC# Running from : C:\Users\Donna\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****[!] Folder Deleted : C:\ProgramData\blekko toolbars[!] Folder Deleted : C:\ProgramData\Browser Manager[!] Folder Deleted : C:\ProgramData\Search Protection[!] Folder Deleted : C:\Program Files (x86)\Conduit[!] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner[!] Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB[!] Folder Deleted : C:\Users\Donna\AppData\LocalLow\adawaretb[!] Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\adawaretbFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [search Protection]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Key Deleted : HKCU\Software\WEDLMNGRKey Deleted : HKCU\Software\AppDataLow\Software\adawaretbKey Deleted : HKLM\Software\adawaretbKey Deleted : HKLM\Software\Toolbar CleanerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretbKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretbKey Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks***** [ Browsers ] *****-\\ Internet Explorer v7.0.6002.18005-\\ Mozilla Firefox v27.0.1 (en-US)[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\prefs.js ]*************************AdwCleaner[R0].txt - [3075 octets] - [19/03/2014 11:02:25]AdwCleaner[R1].txt - [3135 octets] - [19/03/2014 11:06:48]AdwCleaner[R2].txt - [3289 octets] - [19/03/2014 11:46:12]AdwCleaner[s0].txt - [3139 octets] - [19/03/2014 11:47:31]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3199 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805050 Share Posted March 19, 2014 Please run another scan with DDS, MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805058 Share Posted March 19, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.51.2Run by Donna at 12:08:06 on 2014-03-19Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4126 [GMT -5:00].AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskeng.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\HTC\ModeSelection\VMMModeSelection.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\ehome\ehmsas.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Windows\System32\mobsync.exeC:\hp\kbd\kbd.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\msiexec.exeC:\Windows\System32\svchost.exe -k swprvC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [KBD] C:\HP\KBD\KbdStub.EXEmRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUNmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"StartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.254TCP: Interfaces\{C9E4DA18-0AE2-4780-98DC-DABC4EEC1ABB} : DHCPNameServer = 192.168.1.254AppInit_DLLs= LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"x64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Notify: igfxcui - igfxdev.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Donna\AppData\Roaming\Mozilla\plugins\npicaN.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-15 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-15 207904]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-15 1038072]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-15 421704]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-15 78648]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-15 50344]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2012-5-14 121800]S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2012-5-14 121800]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-26 89920].=============== Created Last 30 ================..==================== Find3M ====================.2014-03-17 02:14:46 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-03-17 02:14:46 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2014-03-17 02:14:46 421704 ----a-w- C:\Windows\System32\drivers\aswsp.sys2014-03-17 02:14:46 334136 ----a-w- C:\Windows\System32\aswBoot.exe2014-03-17 02:14:46 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-03-17 02:14:46 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2014-03-17 02:14:45 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys2014-03-17 02:14:45 43152 ----a-w- C:\Windows\avastSS.scr2014-03-12 11:06:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 11:06:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-02 19:05:02 90015360 ----a-w- C:\Windows\System32\mrt.exe2014-02-19 11:45:35 1032192 ----a-w- C:\Windows\System32\wininet.dll2014-02-19 11:45:21 1430528 ----a-w- C:\Windows\System32\urlmon.dll2014-02-19 11:45:21 108544 ----a-w- C:\Windows\System32\url.dll2014-02-19 11:43:31 1129984 ----a-w- C:\Windows\System32\mstime.dll2014-02-19 11:43:19 763904 ----a-w- C:\Windows\System32\mshtmled.dll2014-02-19 11:43:19 623104 ----a-w- C:\Windows\System32\msfeeds.dll2014-02-19 11:43:19 5737472 ----a-w- C:\Windows\System32\mshtml.dll2014-02-19 11:42:49 32256 ----a-w- C:\Windows\System32\jsproxy.dll2014-02-19 11:42:38 224768 ----a-w- C:\Windows\System32\ieui.dll2014-02-19 11:42:37 7051776 ----a-w- C:\Windows\System32\ieframe.dll2014-02-19 11:42:37 377856 ----a-w- C:\Windows\System32\iertutil.dll2014-02-19 11:42:37 249856 ----a-w- C:\Windows\System32\iepeers.dll2014-02-19 11:42:35 422400 ----a-w- C:\Windows\System32\ieapfltr.dll2014-02-19 11:42:35 146944 ----a-w- C:\Windows\apppatch\AppPatch64\iebrshim.dll2014-02-19 11:41:49 33792 ----a-w- C:\Windows\System32\corpol.dll2014-02-19 10:17:11 485376 ----a-w- C:\Windows\System32\html.iec2014-02-19 09:39:26 834048 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-19 09:39:23 1177600 ----a-w- C:\Windows\SysWow64\urlmon.dll2014-02-19 09:39:23 106496 ----a-w- C:\Windows\SysWow64\url.dll2014-02-19 09:39:02 671232 ----a-w- C:\Windows\SysWow64\mstime.dll2014-02-19 09:38:58 498688 ----a-w- C:\Windows\SysWow64\msfeeds.dll2014-02-19 09:38:58 480256 ----a-w- C:\Windows\SysWow64\mshtmled.dll2014-02-19 09:38:58 3627008 ----a-w- C:\Windows\SysWow64\mshtml.dll2014-02-19 09:38:50 27648 ----a-w- C:\Windows\SysWow64\jsproxy.dll2014-02-19 09:38:46 271872 ----a-w- C:\Windows\SysWow64\iertutil.dll2014-02-19 09:38:46 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll2014-02-19 09:38:46 180736 ----a-w- C:\Windows\SysWow64\ieui.dll2014-02-19 09:38:45 6119424 ----a-w- C:\Windows\SysWow64\ieframe.dll2014-02-19 09:38:45 53760 ----a-w- C:\Windows\apppatch\iebrshim.dll2014-02-19 09:38:45 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll2014-02-19 09:38:38 19456 ----a-w- C:\Windows\SysWow64\corpol.dll2014-02-19 09:38:35 1383424 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-19 08:13:05 389632 ----a-w- C:\Windows\SysWow64\html.iec2014-02-19 08:04:56 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll.============= FINISH: 12:08:34.27 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 7/25/2011 2:21:02 PMSystem Uptime: 3/19/2014 11:48:15 AM (1 hours ago).Motherboard: PEGATRON CORPORATION | | BeniciaProcessor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2400/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 239.9 GiB free.D: is FIXED (NTFS) - 12 GiB total, 1.625 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Ad-Aware AntivirusAdAwareInstallerAdAwareUpdaterAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader X (10.1.9)AntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourBrother MFL-Pro SuiteCards_Calendar_OrderGift_DoMorePlugoutCCleanerCitrix XenApp Web PluginCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCyberLink DVD Suite DeluxeEnhanced Multimedia Keyboard SolutionFree YouTube to MP3 Converter version 3.10.815Google Update HelperHandBrake 0.9.9.1Hardware Diagnostic ToolsHewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HPTCSSetupIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManageriTunesJava 7 Update 51Java Auto UpdaterJava SE Runtime Environment 6 Update 1LabelPrintLightScribe System Software 1.14.17.1LightScribeTemplateLabelerMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4.5.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Excel ViewerMicrosoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Home and Student 60 day trialMicrosoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesPaperPort Image Printer 64-bitPower2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverScanSoft PaperPort 11Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2837615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2837617) 32-Bit EditionTomTom HOMETomTom HOME Visual Studio Merge ModulesTurboTax 2011TurboTax 2011 wiliperTurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wrapperTurboTax 2012TurboTax 2012 wiliperTurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wrapperTurboTax 2013TurboTax 2013 wiliperTurboTax 2013 WinPerFedFormsetTurboTax 2013 WinPerReleaseEngineTurboTax 2013 WinPerTaxSupportTurboTax 2013 wrapperUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VideoToolkit01Windows Media Player Firefox PluginWModem Driver InstallerYahoo! Detect.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805068 Share Posted March 19, 2014 Before you continue, Please start system restore and create a new restore point! Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805075 Share Posted March 19, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.2 (02.20.2014:1)OS: Windows Vista Home Premium x64Ran by Donna on Wed 03/19/2014 at 12:52:56.12~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2086212698-3976109763-3206017142-1000\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URLSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URLSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebpSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}~~~ FilesSuccessfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Donna\appdata\local\adawarebp"Successfully deleted: [Folder] "C:\Users\Donna\appdata\local\cre"Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{51C012A2-2EC0-4B6F-B043-880CB1C698AE}~~~ FireFoxSuccessfully deleted: [Folder] C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}Successfully deleted the following from C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\prefs.jsEmptied folder: C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\minidumps [45 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 03/19/2014 at 13:00:22.47End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805084 Share Posted March 19, 2014 AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B} FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED} What are you using for your anti-virus program??? I see you have Avast and Ad-Aware You can't use both.... Dangers of running 2 anti-virus programs ----------------------------------- Please use your CCleaner to clean out temp files --------------------------------- Reboot into safe mode and try running Malwarebytes. MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805089 Share Posted March 19, 2014 We have been using avast for years. My dad downloaded Ad-Aware less than two days ago for some reason. The problem with malwarebytes was occurring prior to its download. I was going to remove Ad-Aware but I read in your opening post that it would be preferred if I don't install/uninstall anything unless you recommend it while I'm working with you.CCleaner has been run.Malwarebytes still cannot remove the files in safe mode and will not respond. Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805096 Share Posted March 19, 2014 OK...do you have the Pro (paid) version of the free version?? Please run this scan: Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805104 Share Posted March 19, 2014 Free version. I attached both as they were fairly long.FRST_19-03-2014_14-21-47.txtAddition.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805108 Share Posted March 19, 2014 While I look over the logs....... Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot Download and run this cleaner: mbam-clean.exe Reboot <---very important Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first) http://www.malwarebytes.org/mwb-download/ MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805113 Share Posted March 19, 2014 Alright, all of that went through easily. Should I run Malwarebytes? Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805114 Share Posted March 19, 2014 No not yet...first:Please uninstall Ad-AwareReset Google Chrome: (it's corrupt)https://support.google.com/chrome/answer/3296214?hl=enReboot and now try MB.Let me know...MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805129 Share Posted March 19, 2014 Ad-Aware has been uninstalled. Google Chrome had actually been unistalled, so I reinstalled it and reset it. After the Reboot MB detects the files, but still stops responding when trying to remove them. Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805131 Share Posted March 19, 2014 Can you run MB again but this time stop after the scan and post the log of what it's detecting. MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805134 Share Posted March 19, 2014 Sure. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.19.08Windows Vista Service Pack 2 x64 NTFSInternet Explorer 7.0.6002.18005Donna :: DONNA-PC [administrator]3/19/2014 3:36:52 PMMBAM-log-2014-03-19 (15-40-36).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219497Time elapsed: 2 minute(s), 38 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 98C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0 (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\API (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\img (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\aboutBox (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\aboutBox\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ac (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ac\res (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\api (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\msd (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spbd (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spbd\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spsd (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spsd\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg\ftd (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg\ftd\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gadgetFrame (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf\img (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\img (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\404 (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON\Js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\img (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images\dark (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images\light (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\Optimizer (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\Optimizer\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\agreement (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\css\custom-theme (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\menu_dlg (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\css\custom-theme (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\buildSettings (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\Css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\script (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\style (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\style\rsx (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH_IN_NEW_TAB (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\img (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\resources (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER\css (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER\js (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\core (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib\jquery.alerts (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib\jquery.alerts\images (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\sl (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\_locales (PUP.Optional.MixiDJ.A) -> No action taken.C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\_locales\en (PUP.Optional.MixiDJ.A) -> No action taken.Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805139 Share Posted March 19, 2014 OK..there's the answer, as I said before Chrome is corrupt. So select all of those and have MB ignore those. Now you should be able to run MB without any problems. Let me know , MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805150 Share Posted March 19, 2014 Ok MB runs without any problems now. Is there anything to be concerened about with those Chrome files? Thank you. Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2014 ID:805154 Share Posted March 19, 2014 No, they don't exist. Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
JustLookingForHelp Posted March 19, 2014 Author ID:805160 Share Posted March 19, 2014 Results of screen317's Security Check version 0.99.80 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus out of date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Java SE Runtime Environment 6 Update 1 Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0.1) Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Recommended Posts