Jump to content

I think I've been hijacked :(


Scirca
 Share

Recommended Posts

So here's the problem, while visiting my parents from college, they told me they were having some computer troubles, and asked me to check them out. There's a bunch of stuff going on, and I've tried a few things, but they didn't seem to work, so I'm turning to you guys for some help.

 

Here's what's going on:

1) A bunch of "Bad Image" errors. examples: HP Printer drivers, Belkin Router Manager, Citrix, and some thing named "vprot.exe."

2) They were confused because Chrome was uninstalled without reason. When i tried to go to Google's chrome page and downloaded it, it would give me the error 0x80040890 (If I'm correct) I tried Googling it to no avail. Then I noticed a Chrome installer on the desktop and stupidly clicked on it. It turned out to be bogus, but AVG caught it before it connected to the internet. I promptly closed the "installer" and deleted it. I can remember that the package was signed by "Optimum Installer."

3) I uninstalled this program called "SuperSaver" not sure what it was, but it seemed really shady and they did not remember installing any program.

4) There was also an other really shady search bar from conduit that I uninstalled.

 

I've run AVG and MalwareBytes to no avail (they caught like one or two things, but that's about it), and CCleaner(Fixed a HUGE amount of errors, but they were mainly registry keys and other stuff). I ran SuperAntiSpyware and that caght a Trojan, but I still have reason to believe it is infected, and the bad image errors still persist. I am curently running a scan in Microsoft Security Essentials, and downloaded Hitman which is ready to go once MSE finished doing its thing.

 

Attached is hopefully a correct log that I creted using HijackThis (On the starting screen, I pressed Scan and Log and ran the program as an admin):

 

Thanks in advance for taking your time to help me.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:53:37 PM, on 4/7/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17256)
Boot mode: Normal

Running processes:
C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
C:Program Files (x86)SkypePhoneSkype.exe
C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe
C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe
C:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe
C:Program Files (x86)Dell Support Centerbinsprtcmd.exe
C:Program Files (x86)HPDigital ImagingbinHpqSRmon.exe
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe
C:Program Files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe
C:Program Files (x86)AVG Secure Searchvprot.exe
C:Program Files (x86)RealRealPlayerUpdaterealsched.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)HPDigital Imagingsmart web printinghpswp_clipbook.exe
C:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:UsersELDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
O4 - HKLM..Run: [PDVDDXSrv] "C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe"
O4 - HKLM..Run: [Dell Webcam Central] "C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" /mode2
O4 - HKLM..Run: [Desktop Disc Tool] "c:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe"
O4 - HKLM..Run: [DellSupportCenter] "C:Program Files (x86)Dell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKLM..Run: [GrooveMonitor] "C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [hpqSRMon] C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [VirtualCloneDrive] "C:Program Files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe" /s
O4 - HKLM..Run: [ConnectionCenter] "C:Program Files (x86)CitrixICA Clientconcentr.exe" /startup
O4 - HKLM..Run: [instaLAN] "C:Program Files (x86)BelkinRouter Setup and MonitorBelkinRouterMonitor.exe" startup
O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [sDTray] "C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe"
O4 - HKCU..Run: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [spybot-S&D Cleaning] "C:Program Files (x86)Spybot - Search & Destroy 2SDCleaner.exe" /autoclean
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:Program FilesDellDellDockDellDock.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller14.2.0ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:Program Files (x86)BelkinRouter Setup and MonitorBelkinService.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Belkin Local Backup Service - Unknown owner - C:Program FilesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:Program FilesBelkinBelkin USB Print and Storage CenterBkapcs.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:Program FilesDellDellDockDockLogin.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program Files (x86)Dell Support Centerbinsprtsvc.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:Program FilesDellDell Wireless WLAN CardWLTRYSVC.EXE
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 13492 bytes

Link to comment
Share on other sites

Hi Scirca,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

[*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

[*]The fixes are specific to your problem and should only be used for the issues on this machine.

[*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

[*]It's often worth reading through these instructions and printing them for ease of reference.

[*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

[*]Please reply to this thread. Do not start a new topic.

Let's start off with a little tool to clean things up a bit.

 

AdwCleaner

[*]Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

[*]Then... I'd like to see a better log.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

 

dds.scr

dds.com

 

 

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

[*]When done, DDS will open two (2) logs:

[*]DDS.txt

[*]Attach.txt

[*]Save both reports to your desktop

[*]Please include the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file in most cases.

Link to comment
Share on other sites

Hello TomK

 

Thank you for the speedy response. Here is the first log that you asked for. I will get the DDS one for you asap.

 

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 16:42:09# Updated 02/04/2013 by Xplode# Operating system : Windows 7 Home Premium (64 bits)# User : EL - EL-PC# Boot Mode : Normal# Running from : C:UsersELDesktopadwcleaner.exe# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:Program Files (x86)Common FilesAVG Secure SearchFile Deleted : C:ENDFolder Deleted : C:Program Files (x86)AVG Secure SearchFolder Deleted : C:Program Files (x86)ConduitFolder Deleted : C:ProgramDataAskFolder Deleted : C:ProgramDataAVG Secure SearchFolder Deleted : C:UsersELAppDataLocalAVG Secure SearchFolder Deleted : C:UsersELAppDataLocalConduitFolder Deleted : C:UsersELAppDataLocalLowAVG Secure SearchFolder Deleted : C:UsersELAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UsersELAppDataLocalLowConduitFolder Deleted : C:UsersELAppDataLocalLowPriceGong

***** [Registry] *****

Key Deleted : HKCUSoftwareAppDataLowSoftwareConduitSearchScopesKey Deleted : HKCUSoftwareAppDataLowSoftwareCrossriderKey Deleted : HKCUSoftwareAppDataLowSoftwarePriceGongKey Deleted : HKCUSoftwareAppDataLowSoftwareSmartBarKey Deleted : HKCUSoftwareAVG Secure SearchKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSoftwareAVG Secure SearchKey Deleted : HKLMSOFTWAREClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLMSOFTWAREClassesAppIDScriptHelper.EXEKey Deleted : HKLMSOFTWAREClassesAppIDViProtocol.DLLKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPIKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPI.1Key Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObjKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObj.1Key Deleted : HKLMSOFTWAREClassesProd.capKey Deleted : HKLMSOFTWAREClassesPROTOCOLSHandlerviprotocolKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApiKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApi.1Key Deleted : HKLMSOFTWAREClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSOFTWAREClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLEKey Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLE.1Key Deleted : HKLMSoftwareConduitKey Deleted : HKLMSoftwareFreeze.comKey Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallAVG Secure SearchKey Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEFValue Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [Avg@toolbar]Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

- Internet Explorer v8.0.7600.17256

Replaced : [HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={9B92F9EF-407E-4642-AF76-223354AF6450}&mid=43170a320b75497686bb507ae1922475-6831f578ff4c039fdabd2cb18c2709fb6a483714&lang=en&ds=AVG&pr=fr&d=2012-06-10 10:07:48&v=12.2.5.32&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[s1].txt - [8069 octets] - [07/04/2013 16:42:09]

########## EOF - C:AdwCleaner[s1].txt - [8129 octets] ##########

Link to comment
Share on other sites

 

Hi Scirca,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

[*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

[*]The fixes are specific to your problem and should only be used for the issues on this machine.

[*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

[*]It's often worth reading through these instructions and printing them for ease of reference.

[*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

[*]Please reply to this thread. Do not start a new topic.

Let's start off with a little tool to clean things up a bit.

 

AdwCleaner

[*]Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

[*]Then... I'd like to see a better log.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

 

dds.scr

dds.com

 

 

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

[*]When done, DDS will open two (2) logs:

[*]DDS.txt

[*]Attach.txt

[*]Save both reports to your desktop

[*]Please include the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file in most cases.

 

Here is the DDS and Attach files that you asked for.

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.17256 BrowserJavaVersion: 10.7.2

Run by EL at 16:55:42 on 2013-04-07

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2565 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

c:Program FilesMicrosoft Security ClientMsMpEng.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Program FilesDellDellDockDockLogin.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Program FilesDellDell Wireless WLAN CardWLTRYSVC.EXE

C:Windowssystem32WLANExt.exe

C:Program FilesDellDell Wireless WLAN Cardbcmwltry.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program FilesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe

C:Program FilesBelkinBelkin USB Print and Storage CenterBkapcs.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe

C:Windowssystem32taskhost.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32svchost.exe -k imgsvc

C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe

C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe

C:Program FilesDellTPadApoint.exe

C:Program FilesDellDell Wireless WLAN CardWLTRAY.EXE

C:Program FilesDellQuickSetquickset.exe

C:WindowsSystem32igfxtray.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program Files (x86)SkypePhoneSkype.exe

C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe

C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe

C:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe

C:Program Files (x86)Dell Support Centerbinsprtcmd.exe

C:Program Files (x86)HPDigital ImagingbinHpqSRmon.exe

C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe

C:Program Files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe

C:Program Files (x86)RealRealPlayerUpdaterealsched.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe

C:Windowssystem32SearchIndexer.exe

C:Program FilesDellTPadApMsgFwd.exe

C:Program FilesDellTPadHidFind.exe

C:Program FilesDellTPadApntex.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)HPDigital Imagingsmart web printinghpswp_clipbook.exe

C:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe

C:Program Files (x86)Dell Support Centerbinsprtsvc.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32wuauclt.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

uRun: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

uRun: [spybot-S&D Cleaning] "C:Program Files (x86)Spybot - Search & Destroy 2SDCleaner.exe" /autoclean

mRun: [PDVDDXSrv] "C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:Program Files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:Program Files (x86)Dell Support Centerbinsprtcmd.exe" /P DellSupportCenter

mRun: [GrooveMonitor] "C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe"

mRun: [hpqSRMon] C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe

mRun: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

mRun: [VirtualCloneDrive] "C:Program Files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe" /s

mRun: [ConnectionCenter] "C:Program Files (x86)CitrixICA Clientconcentr.exe" /startup

mRun: [instaLAN] "C:Program Files (x86)BelkinRouter Setup and MonitorBelkinRouterMonitor.exe" startup

mRun: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"

mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [sDTray] "C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe"

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}3556D6F6370257E6F63702D6F637472757F637 : DHCPNameServer = 192.168.0.1

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}3786162797C633 : DHCPNameServer = 192.168.1.1

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}75C414E4 : DHCPNameServer = 192.168.0.1

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}C4F60756A7026416D696C69702E4564777F627B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}C696E6B6379737 : DHCPNameServer = 167.206.245.130 167.206.245.129

TCP: Interfaces{ABB2BB67-55CB-4163-8FFA-2B21FE7D07FD}E4544574541425 : DHCPNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program Files (x86)CitrixICA ClientIcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-Run: [Apoint] C:Program FilesDellTPadApoint.exe

x64-Run: [broadcom Wireless Manager UI] C:Program FilesDellDell Wireless WLAN CardWLTRAY.exe

x64-Run: [QuickSet] C:Program FilesDellQuickSetQuickSet.exe

x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe

x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe

x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe

x64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkey

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2013-1-20 230320]

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2009-12-24 55280]

R1 avgtp;avgtp;C:WindowsSystem32driversavgtpx64.sys [2012-9-4 39768]

R1 ctxusbm;Citrix USB Monitor Driver;C:WindowsSystem32driversctxusbm.sys [2010-4-16 87600]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2012-7-11 140672]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:Program FilesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe [2011-9-5 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:Program FilesBelkinBelkin USB Print and Storage CenterBkapcs.exe [2011-9-5 55296]

R2 DockLoginService;Dock Login Service;C:Program FilesDellDellDockDockLogin.exe [2009-6-9 155648]

R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2013-4-6 398184]

R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2013-4-6 682344]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [2013-4-7 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2013-4-7 1369624]

R2 sxuptp;SXUPTP Driver;C:WindowsSystem32driverssxuptp.sys [2011-9-5 291352]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe [2013-2-18 968880]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:WindowsSystem32driversCtClsFlt.sys [2009-12-24 172704]

R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2013-4-6 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-6-10 539240]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [2013-4-7 168384]

S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-13 160944]

S3 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2013-1-20 130008]

S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientNisSrv.exe [2013-1-27 379360]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2009-12-24 215552]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-6-22 1255736]

.

=============== Created Last 30 ================

.

2013-04-07 20:42:27 121 ----a-w- C:WindowsDeleteOnReboot.bat

2013-04-07 18:35:24 -------- d-----w- C:ProgramDataSpybot - Search & Destroy

2013-04-07 18:35:08 17272 ----a-w- C:WindowsSystem32sdnclean64.exe

2013-04-07 18:34:56 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy 2

2013-04-07 15:57:54 -------- d-----w- C:UsersELAppDataRoamingSUPERAntiSpyware.com

2013-04-07 15:56:40 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com

2013-04-07 15:56:40 -------- d-----w- C:Program FilesSUPERAntiSpyware

2013-04-07 15:49:02 972264 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{6AD1CE50-43E1-42FC-B92B-76FF0FCDA798}gapaengine.dll

2013-04-07 15:48:57 9311288 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{38BF51E0-105B-4E83-83FF-5783F9FF9AFD}mpengine.dll

2013-04-07 15:27:56 9311288 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{0B07C52A-B452-4979-B9EB-D4C57D497C0A}mpengine.dll

2013-04-07 15:27:55 282744 ------w- C:WindowsSystem32MpSigStub.exe

2013-04-07 15:08:51 -------- d-----w- C:Program Files (x86)Microsoft Security Client

2013-04-07 15:08:45 -------- d-----w- C:Program FilesMicrosoft Security Client

2013-04-07 15:08:20 374664 ----a-w- C:WindowsSystem32driversnetio.sys

2013-04-06 19:21:15 9728 ----a-w- C:WindowsSystem32Wdfres.dll

2013-04-06 19:21:15 785512 ----a-w- C:WindowsSystem32driversWdf01000.sys

2013-04-06 19:21:15 54376 ----a-w- C:WindowsSystem32driversWdfLdr.sys

2013-04-06 19:21:15 2560 ----a-w- C:WindowsSystem32driversen-USwdf01000.sys.mui

2013-04-06 19:20:36 14336 ----a-w- C:WindowsSystem32driverssffp_sd.sys

2013-04-06 18:44:21 46080 ----a-w- C:WindowsSystem32atmlib.dll

2013-04-06 18:44:21 367616 ----a-w- C:WindowsSystem32atmfd.dll

2013-04-06 18:44:21 34304 ----a-w- C:WindowsSysWow64atmlib.dll

2013-04-06 18:44:21 295424 ----a-w- C:WindowsSysWow64atmfd.dll

2013-04-06 18:43:55 87040 ----a-w- C:WindowsSystem32driversWUDFPf.sys

2013-04-06 18:43:55 84992 ----a-w- C:WindowsSystem32WUDFSvc.dll

2013-04-06 18:43:55 198656 ----a-w- C:WindowsSystem32driversWUDFRd.sys

2013-04-06 18:43:55 194048 ----a-w- C:WindowsSystem32WUDFPlatform.dll

2013-04-06 18:43:54 744448 ----a-w- C:WindowsSystem32WUDFx.dll

2013-04-06 18:43:54 45056 ----a-w- C:WindowsSystem32WUDFCoinstaller.dll

2013-04-06 18:43:54 229888 ----a-w- C:WindowsSystem32WUDFHost.exe

2013-04-06 18:33:52 459216 ----a-w- C:WindowsSystem32driverscng.sys

2013-04-06 18:32:57 1656688 ----a-w- C:WindowsSystem32driversntfs.sys

2013-04-06 18:23:47 509952 ----a-w- C:WindowsSystem32ntshrui.dll

2013-04-06 18:23:46 442880 ----a-w- C:WindowsSysWow64ntshrui.dll

2013-04-06 18:23:18 1425408 ----a-w- C:Program FilesCommon FilesSystemadomsado15.dll

2013-04-06 18:23:14 987136 ----a-w- C:Program Files (x86)Common FilesSystemadomsado15.dll

2013-04-06 18:22:56 2048 ----a-w- C:WindowsSysWow64tzres.dll

2013-04-06 18:22:56 2048 ----a-w- C:WindowsSystem32tzres.dll

2013-04-06 18:22:30 956416 ----a-w- C:WindowsSystem32localspl.dll

2013-04-06 18:19:31 67584 ----a-w- C:Windowssplwow64.exe

2013-04-06 18:19:31 559104 ----a-w- C:WindowsSystem32spoolsv.exe

2013-04-06 18:03:40 3213824 ----a-w- C:WindowsSystem32msi.dll

2013-04-06 18:03:40 2342400 ----a-w- C:WindowsSysWow64msi.dll

2013-04-06 18:02:35 182272 ----a-w- C:WindowsSystem32cryptsvc.dll

2013-04-06 18:02:35 1462784 ----a-w- C:WindowsSystem32crypt32.dll

2013-04-06 18:02:35 140288 ----a-w- C:WindowsSystem32cryptnet.dll

2013-04-06 18:02:35 1157632 ----a-w- C:WindowsSysWow64crypt32.dll

2013-04-06 18:02:34 139264 ----a-w- C:WindowsSysWow64cryptsvc.dll

2013-04-06 18:02:34 103936 ----a-w- C:WindowsSysWow64cryptnet.dll

2013-04-06 17:23:44 801280 ----a-w- C:WindowsSystem32usp10.dll

2013-04-06 17:23:44 627712 ----a-w- C:WindowsSysWow64usp10.dll

2013-04-06 17:23:42 503808 ----a-w- C:WindowsSystem32srcore.dll

2013-04-06 17:23:42 43008 ----a-w- C:WindowsSysWow64srclient.dll

2013-04-06 16:33:35 -------- d-----w- C:Windows53FA9A9F3C194D43AD6BDEF365D469BA.TMP

2013-04-06 15:40:49 -------- d-----w- C:Program FilesCCleaner

2013-04-06 15:06:43 -------- d-----w- C:UsersEL53FA9A9F3C194D43AD6BDEF365D469BA.TMP

2013-04-06 15:03:03 4126720 ----a-w- C:Program Files (x86)GUTFC69.tmp

2013-04-06 15:03:03 -------- d-----w- C:Program Files (x86)GUMFC68.tmp

2013-04-06 12:56:16 -------- d-----w- C:UsersELAppDataRoamingMalwarebytes

2013-04-06 12:56:06 24176 ----a-w- C:WindowsSystem32driversmbam.sys

2013-04-06 12:56:06 -------- d-----w- C:ProgramDataMalwarebytes

2013-04-06 12:56:06 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2013-04-06 12:55:51 -------- d-----w- C:UsersELAppDataLocalPrograms

2013-04-06 03:47:32 -------- d-----w- C:UsersELAppDataLocalSolid Savings

.

==================== Find3M ====================

.

2013-04-06 03:03:28 73432 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2013-04-06 03:03:28 693976 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2013-02-28 16:34:37 1198080 ----a-w- C:WindowsSystem32wininet.dll

2013-02-28 16:34:03 57856 ----a-w- C:WindowsSystem32licmgr10.dll

2013-02-28 16:16:46 981504 ----a-w- C:WindowsSysWow64wininet.dll

2013-02-28 16:16:10 44544 ----a-w- C:WindowsSysWow64licmgr10.dll

2013-02-28 15:12:49 482816 ----a-w- C:WindowsSystem32html.iec

2013-02-28 14:51:56 386048 ----a-w- C:WindowsSysWow64html.iec

2013-02-28 13:55:02 1638912 ----a-w- C:WindowsSystem32mshtml.tlb

2013-02-28 13:26:56 1638912 ----a-w- C:WindowsSysWow64mshtml.tlb

2013-02-18 15:21:02 39768 ----a-w- C:WindowsSystem32driversavgtpx64.sys

2013-02-12 14:02:22 19968 ----a-w- C:WindowsSystem32driversusb8023.sys

2013-01-20 19:59:04 230320 ----a-w- C:WindowsSystem32driversMpFilter.sys

2013-01-20 19:59:04 130008 ----a-w- C:WindowsSystem32driversNisDrvWFP.sys

.

============= FINISH: 16:56:29.41 ===============

 

Attach.txt:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume2

Install Date: 4/1/2010 9:21:03 PM

System Uptime: 4/7/2013 4:43:40 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0K138P

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 227.15 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP89: 2/20/2013 7:51:13 PM - Scheduled Checkpoint

RP90: 4/5/2013 11:16:29 PM - Removed Google Talk Plugin

RP91: 4/6/2013 10:46:04 AM - Removed IDT Audio

RP92: 4/6/2013 11:06:33 AM - Removed Camtasia Studio 7

RP93: 4/6/2013 12:33:20 PM - Removed Camtasia Studio 7

RP94: 4/6/2013 2:37:37 PM - Windows Update

RP95: 4/7/2013 11:03:29 AM - Removed AVG 2013

RP96: 4/7/2013 11:06:24 AM - Removed AVG 2013

RP97: 4/7/2013 11:08:03 AM - Windows Update

RP98: 4/7/2013 1:31:10 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

3M Littmann Introduction to Heart Sounds

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.01)

Adobe Shockwave Player 11.5

Advanced Audio FX Engine

Belkin Setup and Router Monitor

Belkin USB Print and Storage Center

BufferChm

Camtasia Studio 7

CCleaner

Chessmaster 10th Edition

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Core Content Review of Family Medicine 2009

D1500

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Webcam Central

Dell Wireless WLAN Card Utility

DeviceDiscovery

DivX Codec

DivX Player

DJ_SF_03_D1500_Software_Min

Dropbox

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

ImgBurn

Intel® Graphics Media Accelerator Driver

Java 7 Update 7

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSVCRT

PowerDVD DX

Quickset64

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Roxio Burn

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shop for HP Supplies

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Veetle TV 0.9.17

Video Mover

VirtualCloneDrive

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.5

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

Winrar 3.93

.

==== Event Viewer Messages From Past Week ========

.

4/7/2013 4:44:49 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.

4/7/2013 4:44:29 PM, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: HP CUE DeviceDiscovery Service is not a valid Win32 application.

4/7/2013 4:44:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AffinegyService service to connect.

4/7/2013 4:44:27 PM, Error: Service Control Manager [7000] - The AffinegyService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2013 11:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:22:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:17:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

4/7/2013 11:16:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: EL-PCEL Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:16:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: EL-PCEL Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:16:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: EL-PCEL Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:16:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

4/7/2013 11:12:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:12:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:12:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:12:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:12:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:12:45 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

4/7/2013 11:10:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:10:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:10:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:10:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:10:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

4/7/2013 11:10:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

4/7/2013 1:34:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063).

4/7/2013 1:31:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

4/6/2013 3:42:26 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

4/6/2013 12:11:01 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.

4/6/2013 11:11:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/6/2013 11:11:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

4/6/2013 11:11:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/6/2013 11:11:37 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/6/2013 11:11:37 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

4/6/2013 11:10:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff880052d30dc, 0xfffff880090a2808, 0xfffff880090a2070). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 040613-40856-01.

4/6/2013 10:34:40 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

4/5/2013 11:05:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

4/5/2013 11:05:37 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2013 10:57:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2013 10:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/5/2013 10:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/5/2013 10:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/5/2013 10:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/5/2013 10:57:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/5/2013 10:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/5/2013 10:57:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia ctxusbm DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:57:06 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2013 10:46:26 PM, Error: Service Control

Link to comment
Share on other sites

That looks pretty good.

 

Let's try this:

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link -->
http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
[*]Double click on ComboFix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

Link to comment
Share on other sites

That looks pretty good.

 

Let's try this:

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html

 

[*]Double click on ComboFix.exe & follow the prompts.

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

Here is the log files that you have asked. The tool was great! It got rid of the "Bad Image" errors at startup! I will now attempt reinstalling Chrome and tell you how that turns out.

Again, thanks for the help so far.

 

ComboFix 13-04-06.02 - EL 04/07/2013 19:02:06.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2654 [GMT -4:00]

Running from: c:usersELDesktopComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:usersELAppDataRoaming.#

c:usersELAppDataRoaming.#MBX@A08@22D1C00.###

c:usersELAppDataRoaming.#MBX@A08@22D1C10.###

c:usersELAppDataRoaming.#MBX@A08@22D1C20.###

c:usersELAppDataRoaming.#MBX@A08@22D1C30.###

.

.

((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))

.

.

2013-04-07 20:57 . 2013-03-15 03:28 9311288 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{9A13E441-404E-4CCD-A5EB-BC401414ECB8}mpengine.dll

2013-04-07 20:42 . 2013-04-07 20:42 121 ----a-w- c:windowsDeleteOnReboot.bat

2013-04-07 18:35 . 2013-04-07 19:36 -------- d-----w- c:programdataSpybot - Search & Destroy

2013-04-07 18:35 . 2009-01-25 16:14 17272 ----a-w- c:windowssystem32sdnclean64.exe

2013-04-07 18:34 . 2013-04-07 18:35 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2

2013-04-07 15:57 . 2013-04-07 15:57 -------- d-----w- c:usersELAppDataRoamingSUPERAntiSpyware.com

2013-04-07 15:56 . 2013-04-07 15:57 -------- d-----w- c:program filesSUPERAntiSpyware

2013-04-07 15:56 . 2013-04-07 15:56 -------- d-----w- c:programdataSUPERAntiSpyware.com

2013-04-07 15:49 . 2013-04-07 15:48 972264 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{6AD1CE50-43E1-42FC-B92B-76FF0FCDA798}gapaengine.dll

2013-04-07 15:27 . 2013-03-19 09:50 9311288 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{0B07C52A-B452-4979-B9EB-D4C57D497C0A}mpengine.dll

2013-04-07 15:27 . 2013-04-02 10:34 282744 ------w- c:windowssystem32MpSigStub.exe

2013-04-07 15:08 . 2013-04-07 15:08 -------- d-----w- c:program files (x86)Microsoft Security Client

2013-04-07 15:08 . 2013-04-07 15:09 -------- d-----w- c:program filesMicrosoft Security Client

2013-04-07 15:08 . 2010-04-09 11:06 374664 ----a-w- c:windowssystem32driversnetio.sys

2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:program files (x86)Intel

2013-04-06 19:21 . 2012-07-26 04:55 785512 ----a-w- c:windowssystem32driversWdf01000.sys

2013-04-06 19:21 . 2012-07-26 04:55 54376 ----a-w- c:windowssystem32driversWdfLdr.sys

2013-04-06 19:21 . 2012-07-26 04:47 2560 ----a-w- c:windowssystem32driversen-USwdf01000.sys.mui

2013-04-06 19:21 . 2012-07-26 02:36 9728 ----a-w- c:windowssystem32Wdfres.dll

2013-04-06 19:20 . 2009-10-10 03:17 14336 ----a-w- c:windowssystem32driverssffp_sd.sys

2013-04-06 18:44 . 2012-12-16 16:52 46080 ----a-w- c:windowssystem32atmlib.dll

2013-04-06 18:44 . 2012-12-16 14:40 367616 ----a-w- c:windowssystem32atmfd.dll

2013-04-06 18:44 . 2012-12-16 14:25 295424 ----a-w- c:windowsSysWow64atmfd.dll

2013-04-06 18:44 . 2012-12-16 14:25 34304 ----a-w- c:windowsSysWow64atmlib.dll

2013-04-06 18:43 . 2012-07-26 03:08 84992 ----a-w- c:windowssystem32WUDFSvc.dll

2013-04-06 18:43 . 2012-07-26 03:08 194048 ----a-w- c:windowssystem32WUDFPlatform.dll

2013-04-06 18:43 . 2012-07-26 02:26 87040 ----a-w- c:windowssystem32driversWUDFPf.sys

2013-04-06 18:43 . 2012-07-26 02:26 198656 ----a-w- c:windowssystem32driversWUDFRd.sys

2013-04-06 18:43 . 2012-07-26 03:08 229888 ----a-w- c:windowssystem32WUDFHost.exe

2013-04-06 18:43 . 2012-07-26 03:08 744448 ----a-w- c:windowssystem32WUDFx.dll

2013-04-06 18:43 . 2012-07-26 03:08 45056 ----a-w- c:windowssystem32WUDFCoinstaller.dll

2013-04-06 18:35 . 2012-06-16 05:25 850944 ----a-w- c:windowssystem32jscript.dll

2013-04-06 18:33 . 2012-06-02 05:37 459216 ----a-w- c:windowssystem32driverscng.sys

2013-04-06 18:32 . 2012-08-31 18:02 1656688 ----a-w- c:windowssystem32driversntfs.sys

2013-04-06 18:23 . 2012-01-04 09:58 509952 ----a-w- c:windowssystem32ntshrui.dll

2013-04-06 18:23 . 2012-01-04 09:03 442880 ----a-w- c:windowsSysWow64ntshrui.dll

2013-04-06 18:23 . 2012-06-06 05:50 1425408 ----a-w- c:program filesCommon FilesSystemadomsado15.dll

2013-04-06 18:23 . 2012-06-06 05:09 987136 ----a-w- c:program files (x86)Common FilesSystemadomsado15.dll

2013-04-06 18:22 . 2012-11-09 05:34 2048 ----a-w- c:windowssystem32tzres.dll

2013-04-06 18:22 . 2012-11-09 04:49 2048 ----a-w- c:windowsSysWow64tzres.dll

2013-04-06 18:22 . 2012-05-14 05:20 956416 ----a-w- c:windowssystem32localspl.dll

2013-04-06 18:19 . 2012-02-11 06:29 559104 ----a-w- c:windowssystem32spoolsv.exe

2013-04-06 18:19 . 2012-02-11 06:29 67584 ----a-w- c:windowssplwow64.exe

2013-04-06 18:03 . 2012-04-07 12:18 3213824 ----a-w- c:windowssystem32msi.dll

2013-04-06 18:03 . 2012-04-07 11:34 2342400 ----a-w- c:windowsSysWow64msi.dll

2013-04-06 18:02 . 2012-06-02 05:25 182272 ----a-w- c:windowssystem32cryptsvc.dll

2013-04-06 18:02 . 2012-06-02 05:25 1462784 ----a-w- c:windowssystem32crypt32.dll

2013-04-06 18:02 . 2012-06-02 05:25 140288 ----a-w- c:windowssystem32cryptnet.dll

2013-04-06 18:02 . 2012-06-02 04:45 1157632 ----a-w- c:windowsSysWow64crypt32.dll

2013-04-06 18:02 . 2012-06-02 04:45 139264 ----a-w- c:windowsSysWow64cryptsvc.dll

2013-04-06 18:02 . 2012-06-02 04:45 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2013-04-06 17:23 . 2012-11-22 10:32 801280 ----a-w- c:windowssystem32usp10.dll

2013-04-06 17:23 . 2012-11-22 09:33 627712 ----a-w- c:windowsSysWow64usp10.dll

2013-04-06 17:23 . 2012-05-05 08:30 503808 ----a-w- c:windowssystem32srcore.dll

2013-04-06 17:23 . 2012-05-05 07:44 43008 ----a-w- c:windowsSysWow64srclient.dll

2013-04-06 16:33 . 2013-04-06 16:33 -------- d-----w- c:windows53FA9A9F3C194D43AD6BDEF365D469BA.TMP

2013-04-06 15:40 . 2013-04-06 15:40 -------- d-----w- c:program filesCCleaner

2013-04-06 15:06 . 2013-04-06 15:06 -------- d-----w- c:usersEL53FA9A9F3C194D43AD6BDEF365D469BA.TMP

2013-04-06 15:03 . 2013-04-06 15:08 4126720 ----a-w- c:program files (x86)GUTFC69.tmp

2013-04-06 15:03 . 2013-04-06 15:03 -------- d-----w- c:program files (x86)GUMFC68.tmp

2013-04-06 12:56 . 2013-04-06 12:56 -------- d-----w- c:usersELAppDataRoamingMalwarebytes

2013-04-06 12:56 . 2013-04-06 12:56 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2013-04-06 12:56 . 2013-04-06 12:56 -------- d-----w- c:programdataMalwarebytes

2013-04-06 12:56 . 2012-12-14 20:49 24176 ----a-w- c:windowssystem32driversmbam.sys

2013-04-06 12:55 . 2013-04-06 12:55 -------- d-----w- c:usersELAppDataLocalPrograms

2013-04-06 03:47 . 2013-04-06 03:47 -------- d-----w- c:usersELAppDataLocalSolid Savings

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-06 03:03 . 2012-04-29 23:29 693976 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2013-04-06 03:03 . 2011-06-10 22:13 73432 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2013-03-04 18:53 . 2011-02-15 22:46 72013344 ----a-w- c:windowssystem32MRT.exe

2013-02-18 15:21 . 2012-09-04 15:57 39768 ----a-w- c:windowssystem32driversavgtpx64.sys

2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:windowssystem32driversMpFilter.sys

2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:windowssystem32driversNisDrvWFP.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Skype"="c:program files (x86)SkypePhoneSkype.exe" [2012-07-13 17418928]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2012-11-01 5629312]

"Spybot-S&D Cleaning"="c:program files (x86)Spybot - Search & Destroy 2SDCleaner.exe" [2012-11-13 3713032]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:program files (x86)Dell Support Centerbinsprtcmd.exe" [2009-05-21 206064]

"GrooveMonitor"="c:program files (x86)Microsoft OfficeOffice12GrooveMonitor.exe" [2009-02-26 30040]

"hpqSRMon"="c:program files (x86)HPDigital ImagingbinhpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2007-05-08 54840]

"VirtualCloneDrive"="c:program files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe" [2009-06-17 85160]

"ConnectionCenter"="c:program files (x86)CitrixICA Clientconcentr.exe" [2010-05-12 300472]

"InstaLAN"="c:program files (x86)BelkinRouter Setup and MonitorBelkinRouterMonitor.exe" [2011-04-29 1770400]

"TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2012-03-14 296056]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-12-18 946352]

"SDTray"="c:program files (x86)Spybot - Search & Destroy 2SDTray.exe" [2012-11-13 3825176]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-9-20 270336]

.

c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *00sdnclean64.exe

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-13 160944]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2013-01-27 379360]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2009-05-08 215552]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-06-23 1255736]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2009-07-09 55280]

S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2013-02-18 39768]

S1 ctxusbm;Citrix USB Monitor Driver;c:windowssystem32DRIVERSctxusbm.sys [2010-04-16 87600]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2012-07-11 140672]

S2 Belkin Local Backup Service;Belkin Local Backup Service;c:program filesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe [2010-02-17 181760]

S2 Belkin Network USB Helper;Belkin Network USB Helper;c:program filesBelkinBelkin USB Print and Storage CenterBkapcs.exe [2010-02-09 55296]

S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [2009-06-09 155648]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-12-14 682344]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:program files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [2012-11-13 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:program files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2012-11-13 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:program files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [2012-11-13 168384]

S2 sxuptp;SXUPTP Driver;c:windowssystem32DRIVERSsxuptp.sys [2009-06-22 291352]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe [2013-02-18 968880]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys [2009-06-15 172704]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-12-14 24176]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-07 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-14 03:33]

.

2013-04-07 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-14 03:33]

.

2013-04-07 c:windowsTasksSUPERAntiSpyware Scheduled Task abf4e18b-761d-4c22-aa5d-89252f4592e8.job

- c:program filesSUPERAntiSpywareSASTask.exe [2011-05-04 17:52]

.

2013-04-07 c:windowsTasksSUPERAntiSpyware Scheduled Task f51e9932-54d9-43a0-8f83-a85206c4c164.job

- c:program filesSUPERAntiSpywareSASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Apoint"="c:program filesDellTPadApoint.exe" [2009-03-10 309760]

"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-02-11 417304]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2013-01-27 1281512]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:windowsSysWOW64blank.htm

IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-vProt - c:program files (x86)AVG Secure Searchvprot.exe

Notify-SDWinLogon - SDWinLogon.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:windowssystem32AdobeShockwave 11uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*1*CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*2*CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAdobeARM1.0armsvc.exe

c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe

c:program files (x86)Dell Support Centerbinsprtsvc.exe

.

**************************************************************************

.

Completion time: 2013-04-07 19:38:13 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-07 23:38

.

Pre-Run: 245,537,046,528 bytes free

Post-Run: 245,210,304,512 bytes free

.

- - End Of File - - 3F732747CF707E7AD4E3942F865CFD52

 

Link to comment
Share on other sites

I'd like you to get me an online scan:

 

Go here to run an online scanner from ESET.

[*]Turn off the real time scanner of any existing antivirus program while performing the online scan

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]When asked, allow the activeX control to install

[*]Click Start

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

[*]Click Scan

[*]Wait for the scan to finish

[*]When the scan completes, press the LIST OF THREATS FOUND button

[*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

[*]Include the contents of this report in your next reply.

[*]Press the BACK button.

[*]Press Finish

Link to comment
Share on other sites

C:UsersELAppDataRoamingAVGRescuePC Tuneup 2011111219224707583.rsc multiple threatsC:UsersELAppDataRoamingRealUpdateUpgradeHelperRealPlayer10.40agentstub_datastubinst_pkg_en-us.cab Win32/OpenCandy applicationC:UsersELDownloadsgimp_installer_1606.exe a variant of Win32/InstallIQ applicationC:UsersELDownloadsSetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application

 

Sorry for the wait

Link to comment
Share on other sites

No wait for me. I log on and check whenever I get the chance. It's a bigger deal for the person being helped to have to wait for me to log on. :)

 

Each of those items will reinstall adware if ran. Let's remove them.

 

COMBOFIX-Script

[*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::C:UsersELAppDataRoamingAVGRescuePC Tuneup 2011111219224707583.rsc C:UsersELAppDataRoamingRealUpdateUpgradeHelperRealPlayer10.40agentstub_datastubinst_pkg_en-us.cab C:UsersELDownloadsgimp_installer_1606.exe C:UsersELDownloadsSetupImgBurn_2.5.5.0.exe 
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

 

Posted Image

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

[*]CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Also, please update me as to how things seem to be running now.

Link to comment
Share on other sites

ComboFix 13-04-06.02 - EL 04/08/2013 20:11:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2194 [GMT -4:00]
Running from: c:usersELDesktopComboFix.exe
Command switches used :: c:usersELDesktopCFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:usersELAppDataRoamingAVGRescuePC Tuneup 2011111219224707583.rsc"
"c:usersELAppDataRoamingRealUpdateUpgradeHelperRealPlayer10.40agentstub_datastubinst_pkg_en-us.cab"
"c:usersELDownloadsgimp_installer_1606.exe"
"c:usersELDownloadsSetupImgBurn_2.5.5.0.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usersELAppDataRoamingAVGRescuePC Tuneup 2011111219224707583.rsc
c:usersELAppDataRoamingRealUpdateUpgradeHelperRealPlayer10.40agentstub_datastubinst_pkg_en-us.cab
c:usersELDownloadsgimp_installer_1606.exe
c:usersELDownloadsSetupImgBurn_2.5.5.0.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))
.
.
2013-04-09 00:18 . 2013-04-09 00:18 -------- d-----w- c:usersDefaultAppDataLocaltemp
2013-04-09 00:02 . 2013-04-09 00:02 -------- d-----w- c:windowsLastGood
2013-04-08 23:11 . 2013-03-15 03:28 9311288 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{8539D951-ACD8-426E-9B59-B74790A2D9B8}mpengine.dll
2013-04-08 23:05 . 2013-04-08 23:21 -------- d-----w- c:programdataHitmanPro
2013-04-08 23:03 . 2013-01-04 06:11 2284544 ----a-w- c:windowsSysWow64msmpeg2vdec.dll
2013-04-08 23:03 . 2013-01-13 19:53 187392 ----a-w- c:windowsSysWow64UIAnimation.dll
2013-04-08 23:03 . 2013-01-13 19:24 221184 ----a-w- c:windowssystem32UIAnimation.dll
2013-04-08 23:03 . 2013-01-04 06:11 2776576 ----a-w- c:windowssystem32msmpeg2vdec.dll
2013-04-08 23:00 . 2012-10-03 17:44 303104 ----a-w- c:windowssystem32nlasvc.dll
2013-04-08 23:00 . 2012-10-03 17:44 246272 ----a-w- c:windowssystem32netcorehc.dll
2013-04-08 23:00 . 2012-10-03 17:44 216576 ----a-w- c:windowssystem32ncsi.dll
2013-04-08 23:00 . 2012-10-03 17:42 569344 ----a-w- c:windowssystem32iphlpsvc.dll
2013-04-08 23:00 . 2012-10-03 16:42 175104 ----a-w- c:windowsSysWow64netcorehc.dll
2013-04-08 23:00 . 2012-10-03 16:42 156672 ----a-w- c:windowsSysWow64ncsi.dll
2013-04-08 23:00 . 2012-10-03 16:07 45568 ----a-w- c:windowssystem32driverstcpipreg.sys
2013-04-08 23:00 . 2012-01-13 07:12 52224 ----a-w- c:windowsSysWow64nlaapi.dll
2013-04-08 23:00 . 2012-10-03 17:44 70656 ----a-w- c:windowssystem32nlaapi.dll
2013-04-08 23:00 . 2012-10-03 17:44 18944 ----a-w- c:windowssystem32netevent.dll
2013-04-08 23:00 . 2012-10-03 16:42 18944 ----a-w- c:windowsSysWow64netevent.dll
2013-04-08 01:15 . 2013-04-08 01:15 -------- d-----w- c:program files (x86)ESET
2013-04-08 01:00 . 2013-04-08 01:00 -------- d-----w- c:windowssystem32SPReview
2013-04-08 00:19 . 2013-03-15 03:28 9311288 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll
2013-04-07 20:42 . 2013-04-07 20:42 121 ----a-w- c:windowsDeleteOnReboot.bat
2013-04-07 18:35 . 2013-04-07 19:36 -------- d-----w- c:programdataSpybot - Search & Destroy
2013-04-07 18:34 . 2013-04-08 23:37 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2
2013-04-07 15:57 . 2013-04-07 15:57 -------- d-----w- c:usersELAppDataRoamingSUPERAntiSpyware.com
2013-04-07 15:56 . 2013-04-07 15:57 -------- d-----w- c:program filesSUPERAntiSpyware
2013-04-07 15:56 . 2013-04-07 15:56 -------- d-----w- c:programdataSUPERAntiSpyware.com
2013-04-07 15:49 . 2013-04-07 15:48 972264 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{6AD1CE50-43E1-42FC-B92B-76FF0FCDA798}gapaengine.dll
2013-04-07 15:27 . 2013-03-19 09:50 9311288 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{0B07C52A-B452-4979-B9EB-D4C57D497C0A}mpengine.dll
2013-04-07 15:27 . 2013-04-02 10:34 282744 ------w- c:windowssystem32MpSigStub.exe
2013-04-07 15:08 . 2013-04-07 15:08 -------- d-----w- c:program files (x86)Microsoft Security Client
2013-04-07 15:08 . 2013-04-07 15:09 -------- d-----w- c:program filesMicrosoft Security Client
2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:program files (x86)Intel
2013-04-06 19:21 . 2012-07-26 04:55 785512 ----a-w- c:windowssystem32driversWdf01000.sys
2013-04-06 19:21 . 2012-07-26 04:55 54376 ----a-w- c:windowssystem32driversWdfLdr.sys
2013-04-06 19:21 . 2012-07-26 04:47 2560 ----a-w- c:windowssystem32driversen-USwdf01000.sys.mui
2013-04-06 19:21 . 2012-07-26 02:36 9728 ----a-w- c:windowssystem32Wdfres.dll
2013-04-06 18:44 . 2012-12-16 17:11 46080 ----a-w- c:windowssystem32atmlib.dll
2013-04-06 18:44 . 2012-12-16 14:45 367616 ----a-w- c:windowssystem32atmfd.dll
2013-04-06 18:44 . 2012-12-16 14:13 295424 ----a-w- c:windowsSysWow64atmfd.dll
2013-04-06 18:44 . 2012-12-16 14:13 34304 ----a-w- c:windowsSysWow64atmlib.dll
2013-04-06 18:43 . 2012-07-26 03:08 84992 ----a-w- c:windowssystem32WUDFSvc.dll
2013-04-06 18:43 . 2012-07-26 03:08 194048 ----a-w- c:windowssystem32WUDFPlatform.dll
2013-04-06 18:43 . 2012-07-26 02:26 87040 ----a-w- c:windowssystem32driversWUDFPf.sys
2013-04-06 18:43 . 2012-07-26 02:26 198656 ----a-w- c:windowssystem32driversWUDFRd.sys
2013-04-06 18:43 . 2012-07-26 03:08 229888 ----a-w- c:windowssystem32WUDFHost.exe
2013-04-06 18:43 . 2012-07-26 03:08 744448 ----a-w- c:windowssystem32WUDFx.dll
2013-04-06 18:43 . 2012-07-26 03:08 45056 ----a-w- c:windowssystem32WUDFCoinstaller.dll
2013-04-06 18:36 . 2013-01-04 05:46 215040 ----a-w- c:windowssystem32winsrv.dll
2013-04-06 18:36 . 2013-01-04 04:51 5120 ----a-w- c:windowsSysWow64wow32.dll
2013-04-06 18:36 . 2013-01-04 02:47 25600 ----a-w- c:windowsSysWow64setup16.exe
2013-04-06 18:36 . 2013-01-04 02:47 7680 ----a-w- c:windowsSysWow64instnm.exe
2013-04-06 18:36 . 2013-01-04 02:47 14336 ----a-w- c:windowsSysWow64ntvdm64.dll
2013-04-06 18:36 . 2013-01-04 02:47 2048 ----a-w- c:windowsSysWow64user.exe
2013-04-06 18:34 . 2012-11-30 05:41 424448 ----a-w- c:windowssystem32KernelBase.dll
2013-04-06 18:33 . 2012-06-02 05:48 95600 ----a-w- c:windowssystem32driversksecdd.sys
2013-04-06 18:32 . 2012-08-31 18:19 1659760 ----a-w- c:windowssystem32driversntfs.sys
2013-04-06 18:23 . 2012-01-04 10:44 509952 ----a-w- c:windowssystem32ntshrui.dll
2013-04-06 18:22 . 2012-11-09 05:45 2048 ----a-w- c:windowssystem32tzres.dll
2013-04-06 18:22 . 2012-11-09 04:42 2048 ----a-w- c:windowsSysWow64tzres.dll
2013-04-06 18:22 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll
2013-04-06 18:22 . 2010-11-20 13:27 39424 ----a-w- c:windowssystem32Spoolprtprocsx64winprint.dll
2013-04-06 18:19 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe
2013-04-06 18:19 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe
2013-04-06 18:03 . 2012-04-07 12:31 3216384 ----a-w- c:windowssystem32msi.dll
2013-04-06 18:03 . 2012-04-07 11:26 2342400 ----a-w- c:windowsSysWow64msi.dll
2013-04-06 18:02 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll
2013-04-06 18:02 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll
2013-04-06 18:02 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll
2013-04-06 18:02 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll
2013-04-06 18:02 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll
2013-04-06 18:02 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll
2013-04-06 17:23 . 2012-11-22 05:44 800768 ----a-w- c:windowssystem32usp10.dll
2013-04-06 17:23 . 2012-11-22 04:45 626688 ----a-w- c:windowsSysWow64usp10.dll
2013-04-06 17:23 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll
2013-04-06 17:23 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll
2013-04-06 17:23 . 2010-11-20 13:25 296960 ----a-w- c:windowssystem32rstrui.exe
2013-04-06 16:33 . 2013-04-06 16:33 -------- d-----w- c:windows53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2013-04-06 15:40 . 2013-04-06 15:40 -------- d-----w- c:program filesCCleaner
2013-04-06 15:06 . 2013-04-06 15:06 -------- d-----w- c:usersEL53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2013-04-06 15:03 . 2013-04-06 15:08 4126720 ----a-w- c:program files (x86)GUTFC69.tmp
2013-04-06 15:03 . 2013-04-06 15:03 -------- d-----w- c:program files (x86)GUMFC68.tmp
2013-04-06 12:56 . 2013-04-06 12:56 -------- d-----w- c:usersELAppDataRoamingMalwarebytes
2013-04-06 12:56 . 2013-04-06 12:56 -------- d-----w- c:programdataMalwarebytes
2013-04-06 12:55 . 2013-04-06 12:55 -------- d-----w- c:usersELAppDataLocalPrograms
2013-04-06 03:47 . 2013-04-06 03:47 -------- d-----w- c:usersELAppDataLocalSolid Savings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-08 01:19 . 2009-07-14 02:36 152576 ----a-w- c:windowsSysWow64msclmd.dll
2013-04-08 01:19 . 2009-07-14 02:36 175616 ----a-w- c:windowssystem32msclmd.dll
2013-04-06 03:03 . 2012-04-29 23:29 693976 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2013-04-06 03:03 . 2011-06-10 22:13 73432 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2013-03-04 18:53 . 2011-02-15 22:46 72013344 ----a-w- c:windowssystem32MRT.exe
2013-02-18 15:21 . 2012-09-04 15:57 39768 ----a-w- c:windowssystem32driversavgtpx64.sys
2013-02-12 05:45 . 2013-04-08 22:59 135168 ----a-w- c:windowsapppatchAppPatch64AcXtrnal.dll
2013-02-12 05:45 . 2013-04-08 22:59 308736 ----a-w- c:windowsapppatchAppPatch64AcGenral.dll
2013-02-12 05:45 . 2013-04-08 22:59 111104 ----a-w- c:windowsapppatchAppPatch64acspecfc.dll
2013-02-12 05:45 . 2013-04-08 22:59 350208 ----a-w- c:windowsapppatchAppPatch64AcLayers.dll
2013-02-12 04:48 . 2013-04-08 22:59 474112 ----a-w- c:windowsapppatchAcSpecfc.dll
2013-02-12 04:48 . 2013-04-08 22:59 2176512 ----a-w- c:windowsapppatchAcGenral.dll
2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:windowssystem32driversMpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:windowssystem32driversNisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt.14.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Skype"="c:program files (x86)SkypePhoneSkype.exe" [2012-07-13 17418928]
"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:program files (x86)Dell Support Centerbinsprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:program files (x86)Microsoft OfficeOffice12GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:program files (x86)HPDigital ImagingbinhpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2007-05-08 54840]
"VirtualCloneDrive"="c:program files (x86)Elaborate BytesVirtualCloneDriveVCDDaemon.exe" [2009-06-17 85160]
"ConnectionCenter"="c:program files (x86)CitrixICA Clientconcentr.exe" [2010-05-12 300472]
"InstaLAN"="c:program files (x86)BelkinRouter Setup and MonitorBelkinRouterMonitor.exe" [2011-04-29 1770400]
"TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2012-03-14 296056]
"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-12-18 946352]
.
c:programdataMicrosoftWindowsStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-9-20 270336]
.
c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *00sdnclean64.exe
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2009-05-08 215552]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-06-23 1255736]
S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2009-07-09 55280]
S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2013-02-18 39768]
S1 ctxusbm;Citrix USB Monitor Driver;c:windowssystem32DRIVERSctxusbm.sys [2010-04-16 87600]
S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2012-07-11 140672]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:program filesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:program filesBelkinBelkin USB Print and Storage CenterBkapcs.exe [2010-02-09 55296]
S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [2009-06-09 155648]
S2 sxuptp;SXUPTP Driver;c:windowssystem32DRIVERSsxuptp.sys [2009-06-22 291352]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe [2013-02-18 968880]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys [2009-06-15 172704]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-08 23:33 1642448 ----a-w- c:program files (x86)GoogleChromeApplication26.0.1410.43Installerchrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-08 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-14 03:33]
.
2013-04-08 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-14 03:33]
.
2013-04-08 c:windowsTasksSUPERAntiSpyware Scheduled Task abf4e18b-761d-4c22-aa5d-89252f4592e8.job
- c:program filesSUPERAntiSpywareSASTask.exe [2011-05-04 17:52]
.
2013-04-08 c:windowsTasksSUPERAntiSpyware Scheduled Task f51e9932-54d9-43a0-8f83-a85206c4c164.job
- c:program filesSUPERAntiSpywareSASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:usersELAppDataRoamingDropboxbinDropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Apoint"="c:program filesDellTPadApoint.exe" [2009-03-10 309760]
"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:windowssystem32igfxpers.exe" [2011-02-11 417304]
"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:windowsSysWOW64blank.htm
IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:windowsSystem32SPReviewSPReview.exe
AddRemove-Adobe Shockwave Player - c:windowssystem32AdobeShockwave 11uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-08 20:22:42
ComboFix-quarantined-files.txt 2013-04-09 00:22
ComboFix2.txt 2013-04-07 23:38
.
Pre-Run: 250,913,726,464 bytes free
Post-Run: 250,554,707,968 bytes free
.
- - End Of File - - AFEEAEB693A7AE5E2599F58B6466E248
Still, thanks for providing your help! :)
As of now, I was able to install Chrome and Win-7 SP1. The only thing that still persists is the bad image errors for the HP printer drivers and the Belkin Router manager. I plan on uninstalling the Belkin Router manager, and I might as well install a less "heavy" version of the HP printer drivers (without all that crapwear they force on you) so that should be covered, as long as it's not being produced from some type of malware.
Other than that, I wouldn't have been able to fix this without your help, thanks tons!
Link to comment
Share on other sites

Let's run another junkware tool. I don't expect it to find much... but let's give it a try.

 

Please download Junkware Removal Tool by clicking here and save it to your desktop.

[*]Shutdown your antivirus to avoid any conflicts.

[*]Double click JRT.exe to run the tool.

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

Link to comment
Share on other sites

 

Let's run another junkware tool. I don't expect it to find much... but let's give it a try.

 

Please download Junkware Removal Tool by clicking here and save it to your desktop.

[*]Shutdown your antivirus to avoid any conflicts.

[*]Double click JRT.exe to run the tool.

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

I have to apologize, I wasn't able to log on yesterday due to college.

 

Here's the log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by EL on Wed 04/10/2013 at 17:28:24.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/10/2013 at 17:36:50.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to comment
Share on other sites

OK... let's clean up our toys and let you get back to your regularly scheduled life.

 

Time for some housekeeping

[*]Click START then RUN

[*]

 

[*]Now type ComboFix /Uninstall in the runbox and click OK.

[*]Note the space between the X and the U, it needs to be there.

[*]Posted Image

[*]The above procedure will:

[*]Implement some cleanup procedures.

[*]Reset System Restore.

Please re-enable any security that was disabled.

[*]Now to remove most of the tools that we have used in fixing your machine:

[*]Make sure you have an Internet Connection.

[*]Download OTC to your desktop and run it

[*]A list of tool components used in the cleanup of malware will be downloaded.

[*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.

[*]Click Yes to begin the cleanup process and remove these components, including this application.

[*]You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

If there are any tools or logs left... you can just delete them.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to comment
Share on other sites

 

OK... let's clean up our toys and let you get back to your regularly scheduled life.

 

Time for some housekeeping

[*]Click START then RUN

[*]

[*]Now type ComboFix /Uninstall in the runbox and click OK.

[*]Note the space between the X and the U, it needs to be there.

[*]Posted Image

[*]The above procedure will:

[*]Implement some cleanup procedures.

[*]Reset System Restore.

Please re-enable any security that was disabled.

[*]Now to remove most of the tools that we have used in fixing your machine:

[*]Make sure you have an Internet Connection.

[*]Download OTC to your desktop and run it

[*]A list of tool components used in the cleanup of malware will be downloaded.

[*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.

[*]Click Yes to begin the cleanup process and remove these components, including this application.

[*]You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

If there are any tools or logs left... you can just delete them.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

I cannot thank you enough for the great help! I guess that will be all. :)

Link to comment
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.Everyone else please begin a New Topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...