Jump to content

Possibly infected


Recommended Posts

Hi,

My family has been noticing our computer running slower the past few weeks. We do not typically download random files and haven't had many issues in the past outside of some adware and unwanted toolbars. We used MBAM to remove any problems to great effect in the past and were looking for it to resolve our current issue. After running MBAM, it pops up about 100 infected files which are PUP's from what appears to be google chrome (a browser that we do not use). Once I attempt to remove the files, MBAM immediately stops responding. I'm not sure if this is something related to our antivirus or if there might be something deeply rooted stopping MBAM. I have run two other programs (Hitman Pro and Ad-aware) and they only came up with one file that was easily quarantined. I have a general idea of what steps I should take from here, but would like some guidance.

Thanks.

Link to post
Share on other sites

Welcome to the forum.

Please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, pirated MS Office, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 10.51.2
Run by Donna at 22:02:51 on 2014-03-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6133.4158 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mWinlogon: Userinit = userinit.exe
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
StartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.



TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C9E4DA18-0AE2-4780-98DC-DABC4EEC1ABB} : DHCPNameServer = 192.168.1.254
AppInit_DLLs=     
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg


x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Donna\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-15 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-15 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-15 421704]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-15 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-15 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2012-5-14 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2012-5-14 121800]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-26 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-17 02:14:46    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-17 02:14:46    65264    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2014-03-17 02:14:46    421704    ----a-w-    C:\Windows\System32\drivers\aswsp.sys
2014-03-17 02:14:46    334136    ----a-w-    C:\Windows\System32\aswBoot.exe
2014-03-17 02:14:46    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-17 02:14:46    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-17 02:14:45    64752    ----a-w-    C:\Windows\System32\drivers\aswRdr.sys
2014-03-17 02:14:45    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-12 11:06:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:06:13    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-02 19:05:02    90015360    ----a-w-    C:\Windows\System32\mrt.exe
2014-02-19 11:45:35    1032192    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-19 11:45:21    1430528    ----a-w-    C:\Windows\System32\urlmon.dll
2014-02-19 11:45:21    108544    ----a-w-    C:\Windows\System32\url.dll
2014-02-19 11:43:31    1129984    ----a-w-    C:\Windows\System32\mstime.dll
2014-02-19 11:43:19    763904    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-02-19 11:43:19    623104    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-02-19 11:43:19    5737472    ----a-w-    C:\Windows\System32\mshtml.dll
2014-02-19 11:42:49    32256    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-02-19 11:42:38    224768    ----a-w-    C:\Windows\System32\ieui.dll
2014-02-19 11:42:37    7051776    ----a-w-    C:\Windows\System32\ieframe.dll
2014-02-19 11:42:37    377856    ----a-w-    C:\Windows\System32\iertutil.dll
2014-02-19 11:42:37    249856    ----a-w-    C:\Windows\System32\iepeers.dll
2014-02-19 11:42:35    422400    ----a-w-    C:\Windows\System32\ieapfltr.dll
2014-02-19 11:42:35    146944    ----a-w-    C:\Windows\apppatch\AppPatch64\iebrshim.dll
2014-02-19 11:41:49    33792    ----a-w-    C:\Windows\System32\corpol.dll
2014-02-19 10:17:11    485376    ----a-w-    C:\Windows\System32\html.iec
2014-02-19 09:39:26    834048    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-19 09:39:23    1177600    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-02-19 09:39:23    106496    ----a-w-    C:\Windows\SysWow64\url.dll
2014-02-19 09:39:02    671232    ----a-w-    C:\Windows\SysWow64\mstime.dll
2014-02-19 09:38:58    498688    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-02-19 09:38:58    480256    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-02-19 09:38:58    3627008    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-02-19 09:38:50    27648    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-02-19 09:38:46    271872    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-02-19 09:38:46    193024    ----a-w-    C:\Windows\SysWow64\iepeers.dll
2014-02-19 09:38:46    180736    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-02-19 09:38:45    6119424    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-02-19 09:38:45    53760    ----a-w-    C:\Windows\apppatch\iebrshim.dll
2014-02-19 09:38:45    380928    ----a-w-    C:\Windows\SysWow64\ieapfltr.dll
2014-02-19 09:38:38    19456    ----a-w-    C:\Windows\SysWow64\corpol.dll
2014-02-19 09:38:35    1383424    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-19 08:13:05    389632    ----a-w-    C:\Windows\SysWow64\html.iec
2014-02-19 08:04:56    1383424    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-16 00:42:40    608032    ----a-w-    C:\SecurityScanner.dll
2013-12-19 03:09:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-19 03:04:13    264616    ----a-w-    C:\Windows\SysWow64\javaws.exe
2013-12-19 03:04:09    175016    ----a-w-    C:\Windows\SysWow64\javaw.exe
2013-12-19 03:03:46    174504    ----a-w-    C:\Windows\SysWow64\java.exe
.
============= FINISH: 22:03:21.19 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2011 2:21:02 PM
System Uptime: 3/18/2014 8:23:54 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Benicia
Processor: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz | CPU 1 | 2400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 239.39 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.625 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Brother MFL-Pro Suite
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
Free YouTube to MP3 Converter version 3.10.815
Google Update Helper
HandBrake 0.9.9.1
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 51
Java Auto Updater
Java SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software  1.14.17.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
PaperPort Image Printer 64-bit
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wiliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wiliper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Windows Media Player Firefox Plugin
WModem Driver Installer
Yahoo! Detect
.
==== End Of File ===========================
 

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Donna [Admin rights]
Mode : Scan -- Date : 03/18/2014 22:17:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe [7]) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost
::1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST3500413AS +++++
--- User ---
[MBR] 23090deb78eb9182a33d44f1de1d9172
[bSP] 51fbeb8a9bdb130fd9ef73cd52e43004 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464669 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951642405 | Size: 12268 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03182014_221723.txt >>


 

Link to post
Share on other sites

Please start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

This is the log for AdwCleaner. I'd like to know if all of it is necessary to be removed in your opinion.

 

# AdwCleaner v3.022 - Report created 19/03/2014 at 11:06:48
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Donna - DONNA-PC
# Running from : C:\Users\Donna\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Search Protection
Folder Found C:\Users\Donna\AppData\LocalLow\adawaretb
Folder Found C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\adawaretb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawaretb
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [search Protection]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\prefs.js ]


*************************

AdwCleaner[R0].txt - [3075 octets] - [19/03/2014 11:02:25]
AdwCleaner[R1].txt - [2967 octets] - [19/03/2014 11:06:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3027 octets] ##########
 

Link to post
Share on other sites

Malwarebytes detects the PUP's but still stops responding when the trying to remove the files.

 

 

 

The AdwCleaner log:

 

# AdwCleaner v3.022 - Report created 19/03/2014 at 11:47:31
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Donna - DONNA-PC
# Running from : C:\Users\Donna\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\blekko toolbars
[!] Folder Deleted : C:\ProgramData\Browser Manager
[!] Folder Deleted : C:\ProgramData\Search Protection
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[!] Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[!] Folder Deleted : C:\Users\Donna\AppData\LocalLow\adawaretb
[!] Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\adawaretb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\prefs.js ]


*************************

AdwCleaner[R0].txt - [3075 octets] - [19/03/2014 11:02:25]
AdwCleaner[R1].txt - [3135 octets] - [19/03/2014 11:06:48]
AdwCleaner[R2].txt - [3289 octets] - [19/03/2014 11:46:12]
AdwCleaner[s0].txt - [3139 octets] - [19/03/2014 11:47:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3199 octets] ##########
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 10.51.2
Run by Donna at 12:08:06 on 2014-03-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6133.4126 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.



TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C9E4DA18-0AE2-4780-98DC-DABC4EEC1ABB} : DHCPNameServer = 192.168.1.254
AppInit_DLLs=     
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg


x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\zdegtkcw.default-1375302918744\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Donna\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-15 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-15 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-15 421704]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-15 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-15 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2012-5-14 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2012-5-14 121800]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-7-26 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-17 02:14:46    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-17 02:14:46    65264    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2014-03-17 02:14:46    421704    ----a-w-    C:\Windows\System32\drivers\aswsp.sys
2014-03-17 02:14:46    334136    ----a-w-    C:\Windows\System32\aswBoot.exe
2014-03-17 02:14:46    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-17 02:14:46    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-17 02:14:45    64752    ----a-w-    C:\Windows\System32\drivers\aswRdr.sys
2014-03-17 02:14:45    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-12 11:06:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:06:13    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-02 19:05:02    90015360    ----a-w-    C:\Windows\System32\mrt.exe
2014-02-19 11:45:35    1032192    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-19 11:45:21    1430528    ----a-w-    C:\Windows\System32\urlmon.dll
2014-02-19 11:45:21    108544    ----a-w-    C:\Windows\System32\url.dll
2014-02-19 11:43:31    1129984    ----a-w-    C:\Windows\System32\mstime.dll
2014-02-19 11:43:19    763904    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-02-19 11:43:19    623104    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-02-19 11:43:19    5737472    ----a-w-    C:\Windows\System32\mshtml.dll
2014-02-19 11:42:49    32256    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-02-19 11:42:38    224768    ----a-w-    C:\Windows\System32\ieui.dll
2014-02-19 11:42:37    7051776    ----a-w-    C:\Windows\System32\ieframe.dll
2014-02-19 11:42:37    377856    ----a-w-    C:\Windows\System32\iertutil.dll
2014-02-19 11:42:37    249856    ----a-w-    C:\Windows\System32\iepeers.dll
2014-02-19 11:42:35    422400    ----a-w-    C:\Windows\System32\ieapfltr.dll
2014-02-19 11:42:35    146944    ----a-w-    C:\Windows\apppatch\AppPatch64\iebrshim.dll
2014-02-19 11:41:49    33792    ----a-w-    C:\Windows\System32\corpol.dll
2014-02-19 10:17:11    485376    ----a-w-    C:\Windows\System32\html.iec
2014-02-19 09:39:26    834048    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-19 09:39:23    1177600    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-02-19 09:39:23    106496    ----a-w-    C:\Windows\SysWow64\url.dll
2014-02-19 09:39:02    671232    ----a-w-    C:\Windows\SysWow64\mstime.dll
2014-02-19 09:38:58    498688    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-02-19 09:38:58    480256    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-02-19 09:38:58    3627008    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-02-19 09:38:50    27648    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-02-19 09:38:46    271872    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-02-19 09:38:46    193024    ----a-w-    C:\Windows\SysWow64\iepeers.dll
2014-02-19 09:38:46    180736    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-02-19 09:38:45    6119424    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-02-19 09:38:45    53760    ----a-w-    C:\Windows\apppatch\iebrshim.dll
2014-02-19 09:38:45    380928    ----a-w-    C:\Windows\SysWow64\ieapfltr.dll
2014-02-19 09:38:38    19456    ----a-w-    C:\Windows\SysWow64\corpol.dll
2014-02-19 09:38:35    1383424    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-19 08:13:05    389632    ----a-w-    C:\Windows\SysWow64\html.iec
2014-02-19 08:04:56    1383424    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-16 00:42:40    608032    ----a-w-    C:\SecurityScanner.dll
.
============= FINISH: 12:08:34.27 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2011 2:21:02 PM
System Uptime: 3/19/2014 11:48:15 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Benicia
Processor: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz | CPU 1 | 2400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 239.9 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.625 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Brother MFL-Pro Suite
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
Free YouTube to MP3 Converter version 3.10.815
Google Update Helper
HandBrake 0.9.9.1
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 51
Java Auto Updater
Java SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software  1.14.17.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
PaperPort Image Printer 64-bit
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wiliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wiliper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Windows Media Player Firefox Plugin
WModem Driver Installer
Yahoo! Detect
.
==== End Of File ===========================
 

Link to post
Share on other sites

Before you continue, Please start system restore and create a new restore point!

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista Home Premium x64
Ran by Donna on Wed 03/19/2014 at 12:52:56.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2086212698-3976109763-3206017142-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Donna\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Donna\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{51C012A2-2EC0-4B6F-B043-880CB1C698AE}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\prefs.js


Emptied folder: C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\zdegtkcw.default-1375302918744\minidumps [45 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/19/2014 at 13:00:22.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}

AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}

FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

What are you using for your anti-virus program???

I see you have Avast and Ad-Aware

You can't use both....

Dangers of running 2 anti-virus programs

 

-----------------------------------

Please use your CCleaner to clean out temp files

---------------------------------

Reboot into safe mode and try running Malwarebytes.

MrC

Link to post
Share on other sites

We have been using avast for years. My dad downloaded Ad-Aware less than two days ago for some reason. The problem with malwarebytes was occurring prior to its download. I was going to remove Ad-Aware but I read in your opening post that it would be preferred if I don't install/uninstall anything unless you recommend it while I'm working with you.

CCleaner has been run.

Malwarebytes still cannot remove the files in safe mode and will not respond.

Link to post
Share on other sites

OK...do you have the Pro (paid) version of the free version??

Please run this scan:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

While I look over the logs.......

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwarebytes.org/mwb-download/

MrC

Link to post
Share on other sites

Sure.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.19.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Donna :: DONNA-PC [administrator]

3/19/2014 3:36:52 PM
MBAM-log-2014-03-19 (15-40-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219497
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 98
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0 (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\API (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\img (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\Search\NewTabPages\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\aboutBox (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\aboutBox\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ac (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ac\res (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\api (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\msd (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\options\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spbd (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spbd\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spsd (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\sp\spsd\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg\ftd (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\dlg\ftd\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gadgetFrame (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\gf\img (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\img (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\ui\menu\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\404 (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON\Js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\APPLICATION_BUTTON\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\HIGHLIGHTER\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\img (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\MULTI_RSS\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images\dark (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\images\light (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\NOTIFICATION\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\Optimizer (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\Optimizer\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\agreement (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\css\custom-theme (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\PRICE_GONG\menu_dlg (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\css\custom-theme (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\RADIO_PLAYER\js\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\buildSettings (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\Css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\script (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\style (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH\view\style\rsx (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\SEARCH_IN_NEW_TAB (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\img (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\TWITTER\resources (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER\css (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\al\wa\WEATHER\js (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\core (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib\jquery.alerts (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\lib\jquery.alerts\images (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\tb\sl (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\_locales (PUP.Optional.MixiDJ.A) -> No action taken.
C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\_locales\en (PUP.Optional.MixiDJ.A) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

No, they don't exist.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.80  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Java SE Runtime Environment 6 Update 1
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.