Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

2201.	Solve : please take a look?
Answer» Found this MESSAGE about half way into a file called productcontext 1200. Should I be worried? Computer is running fine and all scans mbam, sasw,and sbsd COME up clean. Hello, I'm your 32bit Impersonated custom action serverNo, It has been there a long time. Almost any AV would have flagged it by now.Thanks for LOOKING, that's a relief

Discussion

2202.	Solve : Free Anti-Virus?
Answer» Hi, I have virus/malware problems that BitDefender does not seem able to deal with. Their support staff keeps asking for more information, but seems at a loss. You guys once mentioned a free anti-virus program that was very effective. Could you repeat that information for me? Thanksavast is goodavira free is goodMake sure you uninstall the old one first before you install the new one. It is never good to have more than one antvirus on your computer. Avast: http://www.avast.com/eng/avast_4_home.html (make sure you register for the free code) or AVG: http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801If you're having malware/virus issues it would be best to have your computer cleaned first. Go to the first thread in this forum and do what it SAYS and post the logs here.AVG is very good and very popular, I have been using computers since 2001 and I have not had one virus yet I'm quite proud. xQuote from: crog13 on December 01, 2009, 09:08:24 AM AVG is very good and very popular, I have been using computers since 2001 and I have not had one virus yet I'm quite proud. x avg takes up a lot of room and slows the pc downQuote from: harry 48 on December 01, 2009, 12:33:21 PM avg takes up a lot of room and slows the pc down Somebody else may like it and have it working fine on their PC. Maybe you hated it and went away with it. Bullwinkle should try different AV's and find one he likes best. And note, there is no 100% perfect AV in the world. Okay, let's not turn this into a "best anti virus" thread - there are enough of those. The OP asked for a good, free AV. The first two responses answered his question PERFECTLY. Not sure why there was any NEED for anything after that i could not agree more allan , well said my good man For me, I'm just saying that AVG, AVAST, AVIRA, MSE are the popular free AV's that I know of out there that many people are using. It's just, OP should look at each one and see which he's most comfortable using in the event he's got a virus (or another virus or something) That's all. Else, I agree direct to the point is good Quote Okay, let's not turn this into a "best anti virus" thread - there are enough of those. The OP asked for a good, free AV. The first two responses answered his question perfectly. Not sure why there was any need for anything after that MicroSoft Security Essentials review Download here

2202.

Solve : Free Anti-Virus?

Answer»

Hi, I have virus/malware problems that BitDefender does not seem able to deal with. Their support staff keeps asking for more information, but seems at a loss.

You guys once mentioned a free anti-virus program that was very effective. Could you repeat that information for me?

Thanksavast is goodavira free is goodMake sure you uninstall the old one first before you install the new one. It is never good to have more than one antvirus on your computer.

Avast: http://www.avast.com/eng/avast_4_home.html (make sure you register for the free code)

or

AVG: http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801If you're having malware/virus issues it would be best to have your computer cleaned first. Go to the first thread in this forum and do what it SAYS and post the logs here.AVG is very good and very popular, I have been using computers since 2001 and I have not had one virus yet I'm quite proud. xQuote from: crog13 on December 01, 2009, 09:08:24 AM

AVG is very good and very popular, I have been using computers since 2001 and I have not had one virus yet I'm quite proud. x

avg takes up a lot of room and slows the pc downQuote from: harry 48 on December 01, 2009, 12:33:21 PM

avg takes up a lot of room and slows the pc down

Somebody else may like it and have it working fine on their PC. Maybe you hated it and went away with it.

Bullwinkle should try different AV's and find one he likes best. And note, there is no 100% perfect AV in the world. Okay, let's not turn this into a "best anti virus" thread - there are enough of those. The OP asked for a good, free AV. The first two responses answered his question PERFECTLY. Not sure why there was any NEED for anything after that i could not agree more allan , well said my good man For me, I'm just saying that AVG, AVAST, AVIRA, MSE are the popular free AV's that I know of out there that many people are using. It's just, OP should look at each one and see which he's most comfortable using in the event he's got a virus (or another virus or something)

That's all.

Else, I agree direct to the point is good Quote

Okay, let's not turn this into a "best anti virus" thread - there are enough of those. The OP asked for a good, free AV. The first two responses answered his question perfectly. Not sure why there was any need for anything after that

MicroSoft Security Essentials review
Download here

Discussion

2203.	Solve : hardware problems with fan always on?
Answer» Hi, I posted a log in Computer Hardware Forum, and was suggested I might have malware, so have carried out the tests and scans recommended by evilfantasy, and would like some advice. I am still experiencing the fan on almost continously. Logs attached: SuperAntispyware Malwarebytes' Anti-Malware HijackThis --------------------------------------------------------------------------------------------------------------- PREVIOUS POST October 15, 2009, 12:43:59 PM Yesterday I started experiencing my laptop display blanking, then received a display driver error in notification menu. Unfortunately, the only bit of the error I got was "display driver nvl.." or something. I rebooted, Windows didn't start properly, then ran "Startup REPAIR" (a Vista autmated scan? not sure) which concluded "unspecified changes to system configuration might have caused the problem" and recommended restoring to a System Restore point, which I click OK to. Got to desktop ok, but the same error happened again re display driver (sorry, I didn't think to write it down). I also at this point got another diagnosis application from Vista giving me errors with the Display driver, the specifics for the info on this are: ----------------------------------- Product Windows Problem Video hardware error Date 14/10/2009 20:13 Status Not Reported Description A problem with your video hardware caused Windows to stop working correctly. Problem signature Problem Event Name: LiveKernelEvent OS Version: 6.0.6001.2.1.0.256.1 Locale ID: 2057 Files that help describe the problem WD-20091014-2012.dmp sysdata.xml Version.txt Extra information about the problem BCCode: 117 BCP1: 84D1A3E8 BCP2: 8BA07350 BCP3: 00000000 BCP4: 00000000 OS Version: 6_0_6001 Service Pack: 1_0 Product: 256_1 ---------------------------------------------- I have copies of the other "files wthat help describe the problem", although I can't open the .dmp file. Other things I then tried: In Device Manager, I checked the Display adaptor, it was showing as working correctly. The driver files were showing from 2007. I clicked "update Driver" (Display Adaptor: NVIDIA GeForce 8400N GS), Windows searched for a driver for a while and began install. But the screen then crashed: grey colour with vertical lines. Also the fan started going on for 4 seconds, off for 4 seconds, on and off like that. I forced a reboot but really from then on I could'nt see anything on the screen. Thinking it might be just the display affected, and the normal BOOT up might be visible 'underneath' it, I pressed F8, then Enter, hoping to start a Safe Boot. The screen did change slightly, I think maybe it did something. But I still couldn't see anything so I just shut down. I left it overnight to today, and switching on I could reboot, it ran the Startup Repair, again suggesting a System Restore. This time I didn't accept. It kept scanning with "attempting repair" I think, then rebooted itself and I could log on to Windows. However, now the fan is on continuously, although I can log on and apparently USE everything ok. Note on checking the Display Adaptor driver now, it is:Date: 03/09/2008. Current System information on Monitor is attached in Word Doc "System Information - Monitor.doc" I am not sure what to do next. I am not aware of a "scan" I can do to check for problems. I am fairly computer literate, working in IT support, although not the strongest on hardware faults. ----------------------- System information: OS Name: Microsoft Windows Vista Ultimate Version: 6.0.6001 Service Pack 1 Build 6001 System Manufacturer: Dell Inc. System Model: XPS M1330 System Type: X86-based PC Processor: Intel Core 2 Duo CPU T8100 @ 2.10GHz BIOS Version/Date: Dell Inc A09, 03/02/2008 Installed Physical Memory (RAM): 2.00 GB ----------------------- Any suggestions greatly appreciated, Heywogr -------------------------------------------------------------------------------------------------------- PREVIOUS POST October 17, 2009, 10:23:08 AM Hi, does anyone have any ideas on what I can do to solve this? I've done an MBAM (Malwarebytes' AntiMalware) and it picked up a Win32/Cryptor and a Trojan.TDSS, and seemed to clear ok. When I start in Safe Mode with Networking, it starts ok, everything seems fine. When I start normally, the fan just goes continuously or on/off. Does that mean it's a driver/service issue, or a virus? [Saving space, attachment deleted by admin]it looks like you have a few problems and i think a keylogger has got into your pc wait for an expert to help you , harryHi, Sorry, I know there a thing about not bumping up your thread to have it looked at, but it's been over 5 weeks since I posted asking for help. I realise people are busy and do this voluntarily etc but if it's not going to be answered for weeks on end or even COMMENTED on that it's in a queue, it just gets annoying. What's the point of supporting or offering support, you might as well just say "don't post any requests for help for the time being until we have cleared our backlog" or something. If no-one's going to look and and provide any assistance for the keylogger or any other issues I might have, I'll just close this post down in resignation in a few days. Closing this topic as mentioned above. A wee bit disappointed...Nobody understands why you think a fan always on is a software problem. Which fan? My old PC has two fans that are always on. So some hardware experts told you you have malware? How do you prove that? I have been working with PC hardware for years ... and have yet to get a fan infected with Mallarme! And if I were to write an evil hack to corrupt somebody's fan, which I would not, but if I did... I would make it turn the fan OFF! The problem is your post is hard to believe... unless you can provide m,ore detail. Sounds like hardware failure to me, really. I don't see anything that could be a keylogger in the logs; they look pretty clean to me. I had similar issues with a Radeon 7000VE; screen would get a bunch of yellow lines all over in 3d modes and unless I quit right away I'd be unable to see at the desktop either; then the whole thing would seize up. also got a few BSOD errors from it. used a different video card, and the problems went away. Since this is a laptop, that's not an option. Only sure-fire test to see if it's really software related is to PERFORM a complete reinstall, and if the problem persists, it's probably a hardware issue.Quote from: BC_Programmer on December 01, 2009, 02:44:55 PM Sounds like hardware failure to me, really. I don't see anything that could be a keylogger in the logs; they look pretty clean to me. I had similar issues with a Radeon 7000VE; screen would get a bunch of yellow lines all over in 3d modes and unless I quit right away I'd be unable to see at the desktop either; then the whole thing would seize up. also got a few BSOD errors from it. used a different video card, and the problems went away. Since this is a laptop, that's not an option. Only sure-fire test to see if it's really software related is to perform a complete reinstall, and if the problem persists, it's probably a hardware issue. One of the times I have to agree with yo, BC.

2203.

Solve : hardware problems with fan always on?

Answer»

Hi,

I posted a log in Computer Hardware Forum, and was suggested I might have malware, so have carried out the tests and scans recommended by evilfantasy, and would like some advice.

I am still experiencing the fan on almost continously.

Logs attached:
SuperAntispyware
Malwarebytes' Anti-Malware
HijackThis

---------------------------------------------------------------------------------------------------------------

PREVIOUS POST October 15, 2009, 12:43:59 PM
Yesterday I started experiencing my laptop display blanking, then received a display driver error in notification menu. Unfortunately, the only bit of the error I got was "display driver nvl.." or something.

I rebooted, Windows didn't start properly, then ran "Startup REPAIR" (a Vista autmated scan? not sure) which concluded "unspecified changes to system configuration might have caused the problem" and recommended restoring to a System Restore point, which I click OK to.

Got to desktop ok, but the same error happened again re display driver (sorry, I didn't think to write it down).

I also at this point got another diagnosis application from Vista giving me errors with the Display driver, the specifics for the info on this are:

-----------------------------------
Product
Windows

Problem
Video hardware error

Date
14/10/2009 20:13

Status
Not Reported

Description
A problem with your video hardware caused Windows to stop working correctly.

Problem signature
Problem Event Name: LiveKernelEvent
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 2057

Files that help describe the problem
WD-20091014-2012.dmp
sysdata.xml
Version.txt

Extra information about the problem
BCCode: 117
BCP1: 84D1A3E8
BCP2: 8BA07350
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 256_1
----------------------------------------------

I have copies of the other "files wthat help describe the problem", although I can't open the .dmp file.

Other things I then tried:
In Device Manager, I checked the Display adaptor, it was showing as working correctly. The driver files were showing from 2007. I clicked "update Driver" (Display Adaptor: NVIDIA GeForce 8400N GS), Windows searched for a driver for a while and began install.

But the screen then crashed: grey colour with vertical lines. Also the fan started going on for 4 seconds, off for 4 seconds, on and off like that. I forced a reboot but really from then on I could'nt see anything on the screen.

Thinking it might be just the display affected, and the normal BOOT up might be visible 'underneath' it, I pressed F8, then Enter, hoping to start a Safe Boot. The screen did change slightly, I think maybe it did something. But I still couldn't see anything so I just shut down.

I left it overnight to today, and switching on I could reboot, it ran the Startup Repair, again suggesting a System Restore. This time I didn't accept. It kept scanning with "attempting repair" I think, then rebooted itself and I could log on to Windows. However, now the fan is on continuously, although I can log on and apparently USE everything ok.

Note on checking the Display Adaptor driver now, it is:Date: 03/09/2008.

Current System information on Monitor is attached in Word Doc "System Information - Monitor.doc"

I am not sure what to do next. I am not aware of a "scan" I can do to check for problems. I am fairly
computer literate, working in IT support, although not the strongest on hardware faults.

-----------------------
System information:
OS Name: Microsoft Windows Vista Ultimate
Version: 6.0.6001 Service Pack 1 Build 6001
System Manufacturer: Dell Inc.
System Model: XPS M1330
System Type: X86-based PC
Processor: Intel Core 2 Duo CPU T8100 @ 2.10GHz
BIOS Version/Date: Dell Inc A09, 03/02/2008
Installed Physical Memory (RAM): 2.00 GB

-----------------------

Any suggestions greatly appreciated,

Heywogr

--------------------------------------------------------------------------------------------------------
PREVIOUS POST October 17, 2009, 10:23:08 AM
Hi, does anyone have any ideas on what I can do to solve this?

I've done an MBAM (Malwarebytes' AntiMalware) and it picked up a Win32/Cryptor and a Trojan.TDSS, and seemed to clear ok.

When I start in Safe Mode with Networking, it starts ok, everything seems fine. When I start normally, the fan just goes continuously or on/off. Does that mean it's a driver/service issue, or a virus?

[Saving space, attachment deleted by admin]it looks like you have a few problems and i think a keylogger has got into your pc

wait for an expert to help you , harryHi,

Sorry, I know there a thing about not bumping up your thread to have it looked at, but it's been over 5 weeks since I posted asking for help. I realise people are busy and do this voluntarily etc but if it's not going to be answered for weeks on end or even COMMENTED on that it's in a queue, it just gets annoying. What's the point of supporting or offering support, you might as well just say "don't post any requests for help for the time being until we have cleared our backlog" or something.

If no-one's going to look and and provide any assistance for the keylogger or any other issues I might have, I'll just close this post down in resignation in a few days.

Closing this topic as mentioned above. A wee bit disappointed...Nobody understands why you think a fan always on is a software problem.
Which fan? My old PC has two fans that are always on.
So some hardware experts told you you have malware?
How do you prove that?
I have been working with PC hardware for years ...
and have yet to get a fan infected with Mallarme!

And if I were to write an evil hack to corrupt somebody's fan, which I would not, but if I did...
I would make it turn the fan OFF!

The problem is your post is hard to believe...
unless you can provide m,ore detail. Sounds like hardware failure to me, really.

I don't see anything that could be a keylogger in the logs; they look pretty clean to me.

I had similar issues with a Radeon 7000VE; screen would get a bunch of yellow lines all over in 3d modes and unless I quit right away I'd be unable to see at the desktop either; then the whole thing would seize up. also got a few BSOD errors from it.

used a different video card, and the problems went away.

Since this is a laptop, that's not an option. Only sure-fire test to see if it's really software related is to PERFORM a complete reinstall, and if the problem persists, it's probably a hardware issue.Quote from: BC_Programmer on December 01, 2009, 02:44:55 PM

Sounds like hardware failure to me, really.

I don't see anything that could be a keylogger in the logs; they look pretty clean to me.

I had similar issues with a Radeon 7000VE; screen would get a bunch of yellow lines all over in 3d modes and unless I quit right away I'd be unable to see at the desktop either; then the whole thing would seize up. also got a few BSOD errors from it.

used a different video card, and the problems went away.

Since this is a laptop, that's not an option. Only sure-fire test to see if it's really software related is to perform a complete reinstall, and if the problem persists, it's probably a hardware issue.

One of the times I have to agree with yo, BC.

Discussion

2204.	Solve : Badware/malware help with website?
Answer» Hi, hope someone can help me. I run a website and it says that it is a ATTACK site when visitors come from google. My site runs with a CMS and I ' hoping someone can help me with this. I am willing to pay for help.Don't worry, all our help is free. First off, give us a LINK for your site, then POST your source code of the site here, so we can make sure the site ISN'T an attack site. After one of the malware specialists checks it, you can notify google that the site is infact NOT an attack site. If it is infected, the other EXPERTS can help with the DISINFECTION process and telling google that is now clean.

Discussion

2205.	Solve : Antivirus System PRO Virus [Logs Attached]?
Answer» They've stopped. Is it possible that there could be traces of the infection still on my external (seeing as it has been unplugged)?You can scan your external drive but first do this before plugging it in. Panda USB and AutoRun Vaccine Insert your external drive before you begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically. Download Panda USB and AutoRun Vaccine and save it to your desktop. * Extract (unzip) the file to your desktop and a folder named USBVaccine will be created. * Open that folder and double-click on USBVaccine.exe to start the program. * Click Run * Click the button to Vaccinate computer. * Insert your USB flash drive. * When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s). * Exit Panda USB and AutoRun Vaccine when done. Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is INFECTED or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB DRIVES have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process. ---------- Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. * Click START then RUN * Now type COMBOFIX /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. UPDATE anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online SCAMS, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks for all your help! :]Your welcome. Safe surfing...

2205.

Solve : Antivirus System PRO Virus [Logs Attached]?

Answer»

They've stopped.

Is it possible that there could be traces of the infection still on my external (seeing as it has been unplugged)?You can scan your external drive but first do this before plugging it in.

Panda USB and AutoRun Vaccine

Insert your external drive before you begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

Download Panda USB and AutoRun Vaccine and save it to your desktop.

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is INFECTED or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB DRIVES have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

----------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type COMBOFIX /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
UPDATE anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online SCAMS, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks for all your help! :]Your welcome.

Safe surfing...

Discussion

2206.

Solve : Search Links Redirecting Me to Wrong Pages?

Answer»

I know that there currently is another thread on this, but as most forums do no condone hijacking other people's threads I decided it was best to make my own.

Whenever I do a search on Google(or any other website for that matter) the link I click on leads me to the incorrect page. Most of the pages that I am redirected to are advertisements, but some of them have been harmful pages that AVG has blocked me from viewing.

I should probably mention that for some reason I can't get into Safe Mode, but that is for another thread, another time. Unless it's somehow related...

Anyway, I FOLLOWED the directions on the first post, and here are the results.

Step 1: Add or Remove Programs
Nothing fishy looking in here.

Step 2: House Cleaning
Ran CCleaner.

Step 3: SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2009 at 10:56 PM

Application Version : 4.29.1002

Core Rules Database Version : 4162
Trace Rules Database Version: 2086

Scan type : Complete Scan
Total Scan Time : 01:10:24

Memory items scanned : 433
Memory threats detected : 0
Registry items scanned : 4737
Registry threats detected : 0
File items scanned : 115778
File threats detected : 0

Step 4: Malwarebytes Anti-MALWARE (MBAM)

Malwarebytes' Anti-Malware 1.41
Database version: 2949
Windows 5.1.2600 Service Pack 3

10/14/2009 10:05:58 pm
mbam-log-2009-10-14 (22-05-58).txt

Scan type: Quick Scan
Objects scanned: 91871
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 5: Update Your Java (JRE)
Updated Java and ran JavaRa.

Step 6: HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:20 pm, on 10/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\caa73f0e-a377-4e7b-8a12-7099d1f02c89.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ACTIVEX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5852 bytes

So, how do I rid myself of this annoyance?
Hi HollowNobody, can you please go these following sites:
http://www.kaspersky.com/
http://www.eset.com/
http://www.avira.com/

Just a try. Check if you can access the above websites.Your HijackThis reportThanks for the reply.
Yes, I am able to access the websites listed. Quote from: HollowNobody on October 15, 2009, 03:14:49 PM

Thanks for the reply.
Yes, I am able to access the websites listed.

please do not touch your hjt log report and wait for an EXPERT to help you , getting bad help could harm your pc Quote from: harry 48 on October 15, 2009, 03:25:39 PM

please do not touch your hjt log report and wait for an EXPERT to help you , getting bad help could harm your pc

Alright...Quote

C:\Program Files\SUPERAntiSpyware\caa73f0e-a377-4e7b-8a12-7099d1f02c89.exe

Did you rename SUPERAntiSpyware with that name?Quote from: evilfantasy on October 15, 2009, 06:09:01 PM

Did you rename SUPERAntiSpyware with that name?

No, I didn't rename anything during installation nor afterward.Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
Code: [Select]C:\Program Files\SUPERAntiSpyware\caa73f0e-a377-4e7b-8a12-7099d1f02c89.exe2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.VirSCAN.org Scanned Report :
Scanned time : 2009/10/15 20:24:33 (EDT)
Scanner results: 3% Scanner(1/37) found malware!
File Name : caa73f0e-a377-4e7b-8a12-7099d1f02c89.exe
File Size : 1998576 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a295508c034f5d7ece57898be5532ff3
SHA1 : 87ce867daef0dcee47194e68e31bd71f67f08d3 b
Online report : http://virscan.org/report/d87878bef16192b0c0e52a84664578ca.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091016043114 2009-10-16 4.14 -
AhnLab V3 2009.10.16.01 2009.10.16 2009-10-16 0.91 -
AntiVir 8.2.1.35 7.1.6.114 2009-10-15 0.23 -
Antiy 2.0.18 20091015.3008068 2009-10-15 0.12 -
Arcavir 2009 200910151548 2009-10-15 0.11 -
Authentium 5.1.1 200910151521 2009-10-15 9.40 -
AVAST! 4.7.4 091014-0 2009-10-14 0.09 -
AVG 8.5.288 270.14.20/2439 2009-10-16 0.39 -
BitDefender 7.81008.4353114 7.28351 2009-10-16 3.76 -
CA (VET) 9.0.0.143 35.1.7069 2009-10-16 2.64 -
ClamAV 0.95.2 9901 2009-10-15 0.27 -
Comodo 3.12 2614 2009-10-15 0.76 -
CP Secure 1.3.0.5 2009.10.16 2009-10-16 0.50 -
Dr.Web 4.44.0.9170 2009.10.15 2009-10-15 5.97 -
F-Prot 4.4.4.56 20091015 2009-10-15 9.04 -
F-Secure 7.02.73807 2009.10.16.01 2009-10-16 6.85 -
Fortinet 2.81-3.120 10.949 2009-10-15 0.44 -
GData 19.8419/19.512 20091016 2009-10-16 6.19 -
ViRobot 20091015 2009.10.15 2009-10-15 0.42 -
Ikarus T3.1.01.72 2009.10.15.74138 2009-10-15 4.13 -
JiangMin 11.0.800 2009.10.15 2009-10-15 4.67 -
Kaspersky 5.5.10 2009.10.15 2009-10-15 0.10 -
KingSoft 2009.2.5.15 2009.10.15.19 2009-10-15 0.65 -
McAfee 5.3.00 5772 2009-10-15 3.38 -
Microsoft 1.5101 2009.10.16 2009-10-16 6.02 -
Norman 6.03.02 6.03.00 2009-10-15 4.01 -
Panda 9.05.01 2009.10.15 2009-10-15 1.86 -
Trend Micro 8.700-1004 6.546.02 2009-10-15 0.03 -
Quick Heal 10.00 2009.10.15 2009-10-15 1.70 -
Rising 20.0 21.51.34.00 2009-10-15 1.12 -
Sophos 3.00.1 4.46 2009-10-16 2.56 -
Sunbelt 5452 5452 2009-10-15 1.80 -
Symantec 1.3.0.24 20091015.003 2009-10-15 0.09 -
nProtect 20091014.02 5818832 2009-10-14 7.16 -
The Hacker 6.5.0.2 v00043 2009-10-15 0.72 -
VBA32 3.12.10.11 20091015.0850 2009-10-15 2.10 Win32 Shadow Service Install (suspicious)
VirusBuster 4.5.11.10 10.112.69/2007672 2009-10-15 2.99 -
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

DirLook::
C:\Program Files\SUPERAntiSpyware

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeAfter I drag the .txt file to and click run two windows of AVG Identity Portection pop up saying that they've found malware. After quarantining both of them nothing happens: no reboot, no dialog boxes, nothing.

Is that just AVG blocking ComboFix or is that what ComboFix does?Quote

After quarantining both of them nothing happens: no reboot, no dialog boxes, nothing.

You need to allow ComboFix to run, not quarantine it.

ComboFix is a repair/diagnostics tool. It works in the same way malware would which is why AVG is seeing it as suspicious. You can right click AVG in your task bar and disable it while using ComboFix.ComboFix 09-10-15.03 - Owner 10/15/2009 21:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2592 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Installer\2b9648.msi
c:\windows\Installer\48fd2.msp
c:\windows\system32\tmp.reg
E:\Autorun.inf
E:\install.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-13 00:51 . 2009-09-10 18:5438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 00:51 . 2009-10-13 00:52--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2009-10-13 00:51 . 2009-09-10 18:5319160----a-w-c:\windows\system32\drivers\mbam.sys
2009-10-12 23:29 . 2009-10-12 23:29--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-12 23:29 . 2009-10-15 03:10--------d-----w-c:\program files\SUPERAntiSpyware
2009-10-12 23:29 . 2009-10-12 23:29--------d-----w-c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-12 23:28 . 2009-10-12 23:28--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2009-10-12 23:25 . 2009-10-12 23:25--------d-----w-c:\program files\Trend Micro
2009-10-12 22:36 . 2009-10-12 22:36--------d-----w-C:\$AVG
2009-10-12 22:35 . 2009-10-12 22:3525608----a-w-c:\windows\system32\drivers\AVGIDSxx.sys
2009-10-12 22:35 . 2009-10-12 22:3512464----a-w-c:\windows\system32\avgrsstx.dll
2009-10-12 22:35 . 2009-10-12 22:35356616----a-w-c:\windows\system32\drivers\avgtdix.sys
2009-10-12 22:35 . 2009-10-12 22:35161672----a-w-c:\windows\system32\drivers\avgrkx86.sys
2009-10-12 22:35 . 2009-10-12 22:35333192----a-w-c:\windows\system32\drivers\avgldx86.sys
2009-10-12 22:35 . 2009-10-12 22:3528424----a-w-c:\windows\system32\drivers\avgmfx86.sys
2009-10-12 22:35 . 2009-10-15 21:16--------d-----w-c:\windows\system32\drivers\Avg
2009-10-12 22:35 . 2009-10-12 22:35--------d-----w-c:\program files\AVG
2009-10-12 22:35 . 2009-10-12 22:35--------d-----w-c:\documents and settings\All Users\Application Data\avg9
2009-10-11 22:21 . 2009-10-11 22:21--------d-----w-c:\windows\system32\wbem\Repository
2009-10-11 21:38 . 2009-10-11 22:18--------d-----w-c:\documents and settings\All Users\Application Data\Avg8(2)
2009-10-11 19:51 . 2009-10-11 22:18--------dc----w-c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-11 19:51 . 2009-10-11 22:18--------d-----w-c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-09 22:52 . 2009-10-09 22:52--------d-----w-c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-09 22:52 . 2009-10-09 22:52--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 00:11 . 2009-10-03 00:113293184----a-w-c:\windows\system32\config\systemprofile\NTUSER(2).DAT
2009-09-19 22:07 . 2009-09-19 22:07--------d-----w-c:\documents and settings\Owner\Local Settings\Application Data\gctmp
2009-09-19 22:07 . 2009-09-19 22:07--------d-----w-c:\documents and settings\Owner\Local Settings\Application Data\Xenocode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 03:04 . 2008-11-27 22:10--------d-----w-c:\program files\Java
2009-10-11 22:20 . 2008-11-26 20:04--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 20:27 . 2008-11-28 21:28107888----a-w-c:\windows\system32\CmdLineExt.dll
2009-08-07 23:51 . 2009-08-07 23:5115308424----a-w-c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:5113642888----a-w-c:\windows\system32\xlivefnt.dll
2009-08-06 23:24 . 2008-11-26 18:19327896----a-w-c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-11-26 18:19209632----a-w-c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-11-26 18:1935552----a-w-c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-11-26 18:1935552----a-w-c:\windows\system32\wups(2)(2).dll
2009-08-06 23:24 . 2008-10-16 19:0944768----a-w-c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-10-16 19:0944768----a-w-c:\windows\system32\wups2(2)(2).dll
2009-08-06 23:24 . 2008-11-26 18:1953472----a-w-c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 10:0096480----a-w-c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-11-26 18:19575704----a-w-c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-11-26 18:191929952----a-w-c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 10:00204800----a-w-c:\windows\system32\mswebdvd.dll
2009-08-03 17:52 . 2009-07-10 16:0043520----a-w-c:\windows\system32\CmdLineExt03.dll
2009-07-31 19:23 . 2008-11-28 19:46411368----a-w-c:\windows\system32\deploytk.dll
2009-07-19 21:26 . 2008-11-26 20:2122656----a-w-c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-30 18:44 . 2008-12-04 21:09324976----a-w-c:\program files\mozilla firefox\components\coFFPlgn.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\SUPERAntiSpyware ----

2009-10-15 03:10 . 2009-10-15 01:442000112----a-w-c:\program files\SUPERAntiSpyware\e0fc707a-1079-4851-b23d-75b94b5e9cec.exe
2009-10-15 01:44 . 2009-10-15 01:4429863----a-w-c:\program files\SUPERAntiSpyware\Language\ARABIC.LNG
2009-10-15 01:44 . 2009-10-15 01:4435576----a-w-c:\program files\SUPERAntiSpyware\Language\BULGARIAN (BG).LNG
2009-10-15 01:44 . 2009-09-15 15:421998576----a-w-c:\program files\SUPERAntiSpyware\caa73f0e-a377-4e7b-8a12-7099d1f02c89.exe
2009-09-15 15:42 . 2009-09-15 15:427408----a-r-c:\program files\SUPERAntiSpyware\SASENUM.SYS
2009-09-15 15:42 . 2009-09-15 15:429968----a-w-c:\program files\SUPERAntiSpyware\sasdifsv.sys
2009-09-15 15:42 . 2009-09-15 15:4274480----a-w-c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
2009-09-15 15:42 . 2009-10-15 01:442000112----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2009-09-15 15:42 . 2009-09-15 15:42158960----a-w-c:\program files\SUPERAntiSpyware\SSUpdate.exe
2009-09-15 14:47 . 2009-09-15 14:4720608955----a-w-c:\program files\SUPERAntiSpyware\PROCESSLIST.DB
2009-09-15 14:46 . 2009-09-15 14:461226937----a-w-c:\program files\SUPERAntiSpyware\PROCESSLISTRELATED.DB
2009-09-03 19:21 . 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll
2009-09-02 02:56 . 2009-10-15 01:4437812----a-w-c:\program files\SUPERAntiSpyware\Language\DUTCH (NL).LNG
2009-08-05 17:03 . 2009-08-05 17:0335985----a-w-c:\program files\SUPERAntiSpyware\Language\Swedish (SE).lng
2009-08-05 16:26 . 2009-08-05 16:2632627----a-w-c:\program files\SUPERAntiSpyware\Language\Hungarian (HU).lng
2009-08-05 16:24 . 2009-08-05 16:2434855----a-w-c:\program files\SUPERAntiSpyware\Language\Estonian (EST).lng
2009-01-15 15:44 . 2009-01-15 15:4434251----a-w-c:\program files\SUPERAntiSpyware\Language\DANISH (DK).LNG
2009-01-15 15:43 . 2009-01-15 15:4336425----a-w-c:\program files\SUPERAntiSpyware\Language\Norwegian (NO).lng
2009-01-15 15:31 . 2009-01-15 15:3136581----a-w-c:\program files\SUPERAntiSpyware\Language\Polish (PL).lng
2009-01-15 15:28 . 2009-01-15 15:2840572----a-w-c:\program files\SUPERAntiSpyware\Language\Macedonian (MK).lng
2008-11-04 22:37 . 2008-11-04 22:3739269----a-w-c:\program files\SUPERAntiSpyware\Language\Portuguese (BR).lng
2008-11-03 17:49 . 2008-11-03 17:4947912----a-w-c:\program files\SUPERAntiSpyware\RUNSAS.EXE
2008-11-03 17:30 . 2008-11-03 17:3040888----a-w-c:\program files\SUPERAntiSpyware\Language\German (DE).lng
2008-11-03 17:28 . 2008-11-03 17:2841152----a-w-c:\program files\SUPERAntiSpyware\Language\Italian (IT).lng
2008-11-03 15:37 . 2008-11-03 15:3740562----a-w-c:\program files\SUPERAntiSpyware\Language\Spanish (ES).lng
2008-11-03 15:36 . 2008-11-03 15:3642687----a-w-c:\program files\SUPERAntiSpyware\Language\French (FR).lng
2008-10-06 18:20 . 2008-10-06 18:2035739----a-w-c:\program files\SUPERAntiSpyware\Language\English (US).lng
2008-07-28 15:10 . 2008-07-28 15:10411136----a-w-c:\program files\SUPERAntiSpyware\SASREPAIRS.STG
2008-05-13 14:13 . 2008-05-13 14:1377824----a-w-c:\program files\SUPERAntiSpyware\SASSEH.DLL
2008-03-12 15:29 . 2008-03-12 15:2924576----a-r-c:\program files\SUPERAntiSpyware\SASINST.EXE
2007-11-27 17:12 . 2007-11-27 17:121088725----a-w-c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.chm
2007-10-02 18:08 . 2007-10-02 18:08122168----a-r-c:\program files\SUPERAntiSpyware\BootSafe.exe
2007-02-27 16:39 . 2007-02-27 16:3961440----a-w-c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
2006-09-19 19:55 . 2006-09-19 19:55360448----a-r-c:\program files\SUPERAntiSpyware\deupx.dll
2004-06-03 13:24 . 2004-06-03 13:2469632----a-w-c:\program files\SUPERAntiSpyware\Plugins\sab_incr.dll
2004-05-20 17:28 . 2004-05-20 17:282048----a-w-c:\program files\SUPERAntiSpyware\detect.wav
2004-05-07 19:31 . 2004-05-07 19:31348160----a-w-c:\program files\SUPERAntiSpyware\msvcr71.dll
2004-05-07 19:31 . 2004-05-07 19:3140960----a-w-c:\program files\SUPERAntiSpyware\Plugins\sab_mapi.dll
2004-05-07 19:31 . 2004-05-07 19:3161440----a-w-c:\program files\SUPERAntiSpyware\Plugins\sab_wab.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-12 22:3512464----a-w-c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^STARTUP^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/12/2009 6:35 pm 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/12/2009 6:35 pm 161672]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/12/2009 6:35 pm 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/12/2009 6:35 pm 356616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 am 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 am 74480]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/12/2009 6:35 pm 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/12/2009 6:35 pm 285392]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/12/2009 6:35 pm 5830152]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/12/2009 6:35 pm 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/12/2009 6:35 pm 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/12/2009 6:35 pm 25736]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\Owner\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Owner\LOCALS~1\Temp\pfsvgae.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 am 7408]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ohark9ju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1592454029-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84EF2146-A462-2D01-9B75-8E8D6E60D380}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"janggkjbgabndcfdaeli"=hex:6a,61,6d,6c,66,6a,63,66,6f,69,62,70,68,61,66,6b,67,
61,65,66,00,f2
"iadgmocoiacmmhbmgp"=hex:6a,61,6d,6c,66,6a,63,66,6f,69,62,70,68,61,66,6b,67,61,
65,66,00,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
e:\program files\RocketDock\RocketDock.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-10-16 21:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 01:52

Pre-Run: 69,737,598,976 bytes free
Post-Run: 69,972,209,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /numproc=2

246
Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:services
pfsvgae

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:files
c:\docume~1\Owner\LOCALS~1\Temp\pfsvgae.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Discussion

2207.	Solve : IE and google problems?
Answer» Hi, I am having trouble using google on Internet Explorer 8. The LINKS that are brought up when using google take me to random sites or spoof spyware and malware site. I have gone through the Steps that are instructed on here and i removed a couple of trojans and some spyware that come onto my laptop but the problem still persists. I do know that there was also FILES in my registery but these have been removed now aswell and when i run each scan etc the system is showing as clear of any spy/malware. Could anyone possibly give me any other solutions to fixing the problem, i am currently using firefox just now and there is no problems with google. I could continue to use firefox but it is so slow on my computer its nearly impossible to use. I have did roll IE8 back and reinstall it but nothing changed when i DONE this. I have posted my log files below. Thanks for anyhelp yous can give Malwarebytes' Anti-Malware 1.42 Database version: 3396 Windows 6.0.6000 Internet Explorer 8.0.6001.18865 21/12/2009 13:34:13 mbam-log-2009-12-21 (13-34-13).txt Scan type: Quick Scan Objects scanned: 91840 Time elapsed: 12 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No MALICIOUS items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:20, on 21/12/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\VIPRE\SBRC.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 6445 bytes

Discussion

2208.	Solve : Avira offer worthwhile??
Answer» Avira are making a two-year-for-one offer for their Premium Security Suite and I was wondering if this would be worth while. For the past year or so I have had their Anti Virus Personal Free version and have no problems with that. The paid-for version has extras - anti spy/malware/phishing and FIREWALL etc. At the moment I also have the free versions of SuperAntispyware, Malwarebytes and Windows Firewall, which I presume I would not need if everything was covered by one umbrella, as it were. Advice appreciated. I have Windows Vista Home Premium.I use Kasperski Anti Virus, Spyware Blaster for passive malware protection on the browsers, scan with MalwareBytes & SUPER Antispyware every few weeks, and I use a router with a NAT. The only firewall I have is the one provided with Windows. I've never USED a 3RD party firewall. I also create an image of my system partition several times a week (don't overlook the security protection provided by backup images!!). So to answer your question, if you feel it's worthwhile, then it is. If you're behind a router and use Windows' firewall, it's probably not needed though.i to get the offer but why take it , i have the same security as you plus ccleaner and thats all you need for a clean pc , go to tools and turn on the phishing filter , harrySorry Harry - but once again - ccleaner has nothing to do with security and I still have no idea what a "clean pc" is.Quote from: Allan on December 20, 2009, 01:40:57 PM Sorry Harry - but once again - ccleaner has nothing to do with security and I still have no idea what a "clean pc" is. sorry allan i did not say it was , as follows , ( i have the same security as you , plus ccleaner ) i consider a clean pc free of things that should not be in it Okay harry - it's Christmas week - I don't want to get into an argument about ccleaner Quote from: Allan on December 20, 2009, 01:55:47 PM Okay harry - it's Christmas week - I don't want to get into an argument about ccleaner Okay allan - i agree , i didn't bring the subject up merry XMAS and a happy new year And to you my friend

2208.

Solve : Avira offer worthwhile??

Answer»

Avira are making a two-year-for-one offer for their Premium Security Suite and I was wondering if this would be worth while.
For the past year or so I have had their Anti Virus Personal Free version and have no problems with that. The paid-for version has extras - anti spy/malware/phishing and FIREWALL etc. At the moment I also have the free versions of SuperAntispyware, Malwarebytes and Windows Firewall, which I presume I would not need if everything was covered by one umbrella, as it were.

Advice appreciated.

I have Windows Vista Home Premium.I use Kasperski Anti Virus, Spyware Blaster for passive malware protection on the browsers, scan with MalwareBytes & SUPER Antispyware every few weeks, and I use a router with a NAT. The only firewall I have is the one provided with Windows. I've never USED a 3RD party firewall. I also create an image of my system partition several times a week (don't overlook the security protection provided by backup images!!).

So to answer your question, if you feel it's worthwhile, then it is. If you're behind a router and use Windows' firewall, it's probably not needed though.i to get the offer but why take it , i have the same security as you plus ccleaner and thats all you need for a clean pc , go to tools and turn on the phishing filter , harrySorry Harry - but once again - ccleaner has nothing to do with security and I still have no idea what a "clean pc" is.Quote from: Allan on December 20, 2009, 01:40:57 PM

Sorry Harry - but once again - ccleaner has nothing to do with security and I still have no idea what a "clean pc" is.

sorry allan i did not say it was , as follows , ( i have the same security as you , plus ccleaner )

i consider a clean pc free of things that should not be in it Okay harry - it's Christmas week - I don't want to get into an argument about ccleaner Quote from: Allan on December 20, 2009, 01:55:47 PM

Okay harry - it's Christmas week - I don't want to get into an argument about ccleaner

Okay allan - i agree , i didn't bring the subject up merry XMAS and a happy new year And to you my friend

Discussion

2209.	Solve : what is this thing and how can I get rid of it??
Answer» okay, I have done the other scans too [Saving space, attachment deleted by admin]Thank you. Please do this: Open HijackThis and select Do a system scan only Place a check mark next to the following entries: (if there) O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Description: INTEL hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.) O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start (Description: InstallShield updater - not needed at startup. Removing this may free up system resources.) O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot (Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.) O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (Description: For fuji cameras - only needed when you are going to uninstall the software.) O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled (Description: This is a shortcut that has been disabled. You may remove this without any ill effects.) O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan Logokay, I have done this scan also. I have done so many scans that you have asked. I'm surprised that each scan keeps finding something new just when I thought the computer was finally clean! [Saving space, attachment deleted by admin]Hello haus_kat. Infection removal can be a long and tedious process but it looks as if you're in the clear. I just need you to run another HJT scan and paste it here.okay, here is the hjt log. thanks for helping! [Saving space, attachment deleted by admin]Hello haus_kat. You HJT log looks good and if there are no other issues, we'll do some clean-up. Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone HOME" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. You can uninstall HJT. SAS & MBAM can be kept and update and run them about once a week to keep your computer clean. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Then hit Enter To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Safe Surfing. I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan. I have been unable to remove ComboFix. It won't uninstall because it says that Microsoft Security Essentials prevents it or something. I have SpywareBlaster and I also got WOT some time ago but it just disappeared one day by itself. I guess you can only have one app at a time on FireFox? I installed another one after WOT and then I didn't see WOT there any more.Quote I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan. I'm sorry about the message about the Firewall. I'm trying to juggle too many fixes at once. Try this to remove ComboFix: Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt I'm not sure what the issue is with WOT on Firefox. You might be able to get some info on this link where you can VISIT their support site.I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names.Quote from: haus_kat on December 12, 2009, 01:54:35 AM I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names. They must have been removed in a previous fix. It looks like you're good to go. Luck.Thanks for all your help! In my computer, i saw virus with the name of "Net.Worm.Win32.kido.jq" so how can i clean it .I have only Kaspersky trial version 8.0 please suggest me. Tun Naing. The best way to get help is to go to the first thread in this forum (Read this before requesting malware removal help) and follow the directions, then start a thread of your own and post the necessary logs.

2209.

Solve : what is this thing and how can I get rid of it??

Answer»

okay, I have done the other scans too

[Saving space, attachment deleted by admin]Thank you. Please do this:

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
(Description: INTEL hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
(Description: For fuji cameras - only needed when you are going to uninstall the software.)

O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
(Description: This is a shortcut that has been disabled. You may remove this without any ill effects.)

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Logokay, I have done this scan also.
I have done so many scans that you have asked. I'm surprised that each scan keeps finding something new just when I thought the computer was finally clean!

[Saving space, attachment deleted by admin]Hello haus_kat. Infection removal can be a long and tedious process but it looks as if you're in the clear. I just need you to run another HJT scan and paste it here.okay, here is the hjt log. thanks for helping!

[Saving space, attachment deleted by admin]Hello haus_kat. You HJT log looks good and if there are no other issues, we'll do some clean-up.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone HOME" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

You can uninstall HJT. SAS & MBAM can be kept and update and run them about once a week to keep your computer clean.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Then hit Enter

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing. I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan. I have been unable to remove ComboFix. It won't uninstall because it says that Microsoft Security Essentials prevents it or something.

I have SpywareBlaster and I also got WOT some time ago but it just disappeared one day by itself. I guess you can only have one app at a time on FireFox? I installed another one after WOT and then I didn't see WOT there any more.Quote

I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan.

I'm sorry about the message about the Firewall. I'm trying to juggle too many fixes at once. Try this to remove ComboFix:

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt

I'm not sure what the issue is with WOT on Firefox. You might be able to get some info on this link where you can VISIT their support site.I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names.Quote from: haus_kat on December 12, 2009, 01:54:35 AM

I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names.

They must have been removed in a previous fix. It looks like you're good to go. Luck.Thanks for all your help! In my computer, i saw virus with the name of "Net.Worm.Win32.kido.jq"
so how can i clean it .I have only Kaspersky trial version 8.0
please suggest me.
Tun Naing. The best way to get help is to go to the first thread in this forum (Read this before requesting malware removal help) and follow the directions, then start a thread of your own and post the necessary logs.

Discussion

2210.	Solve : Trojan Vundu, winupdate86.exe and Spyware?
Answer» Hello! It looks like I am another victim of a Malaware/Spyware. Here are my symptoms: - By visiting a dubious website, I noticed that my firewall detected that a lot of new programs were asking for Internet access. I declined those requests. - I also noticed that everytime I tried to access programs like Notepad, Task Manager, I would get the following message: "application cannot be executed. The file is infected. Please activate your antivirus software". - MOREOVER, everytime I tried to access www.bleepingcomputer.com or www.malaware.org, my browser would get redirected to a site that basically said "I have a virus" - I ran HijackThis (2.0.2) and realized that \windows\system32\winupdate86.exe was one of the culprits. I cleaned that registry entry using HijackThis and deleted the file. This fixed some of the problems but the next time I rebooted, I had no internet connection and everytime I tried to install Malaware bytes, the setup program would crash. To fix that, I used System Resotre in XP to backup to a GOOD version of the OS and that seemed to give me back the Internet access and allowed me to install Malaware Bytes. - Next, I ran Malaware bytes which found four problems, including Trojan Vundo. I have attached the log. - Next, I ran DDS and I have attahced DDS.txt and Attach.txt - I have also attached the log file from GMER, gmer.txt - I could not run ComboFix as that seems to be unavailable right now. - My concern is that by System Restore, I disabled loading the malaware but it's still lurking on the computer. I also read that the Trojan associated with the message, "application cannot be executed. The file is infected. Please activate your antivirus software", steals financial data. - Do you guys see anything in the logs attached? I will really appreciate any help. Here are the logs, which were generated in this order: MBAM.txt (malwarebytes), DDS.txt, Attach.txt, GMER.txt, Hijackthis. GMER.txt: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-17 08:13:41 Windows 5.1.2600 SERVICE Pack 2 Running: 9l86u5c9.exe; Driver: C:\DOCUME~1\Gaurav\LOCALS~1\Temp\uxtyrpow.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xED41C78A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xED41C821] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xED41C738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xED41C74C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xED41C835] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xED41C861] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xED41C8CF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xED41C8B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xED41C7CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xED41C8FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xED41C80D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xED41C710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xED41C724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xED41C79E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xED41C937] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xED41C8A3] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xED41C88D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xED41C84B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xED41C923] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xED41C90F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xED41C776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xED41C762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xED41C877] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xED41C7F9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xED41C8E5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xED41C7E0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xED41C7B4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- DEVICES - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee PERSONAL Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \FileSystem\Fastfat \Fat BA22CC8A AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- [Saving space, attachment deleted by admin]

Discussion

2211.	Solve : Please check HJT log?
Answer» Now Micorsoft Outlook is not functioning correctly - upon starting, it doesn't do anything (keyboard shortcuts do not work) If i minimize it using winkey+D or alt-tab i cannot bring it back up again, and the MOUSE can't click on it (it vanishes when it is moved over outlook) I restarted the computer twice to no avial. Any ideas?Looks good. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > PROGRAMS > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- IMPORTANT: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all CRITICAL updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, FIREWALL and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

2211.

Solve : Please check HJT log?

Answer»

Now Micorsoft Outlook is not functioning correctly - upon starting, it doesn't do anything (keyboard shortcuts do not work)

If i minimize it using winkey+D or alt-tab i cannot bring it back up again,
and the MOUSE can't click on it (it vanishes when it is moved over outlook)

I restarted the computer twice to no avial. Any ideas?Looks good.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > PROGRAMS > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

IMPORTANT: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all CRITICAL updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, FIREWALL and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Discussion

2212.	Solve : serious virus?
Answer» I'm not sure,maybe i could try to remove them. O4 - HKCU\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm We can remove them if you don't know what they are. There are so many I would think it is a leftover from the virus. Let me work up a fix real quick while you are doing the other steps.i notice that the porn SIGN and ms antivirus icon always at my desktop. but i couldn't find the program at add/remove program and the html balck scrren window always pop upok.after remove all VIE and QQ related key it seems ok after reboot. here is the updated: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:14:19 PM, on 25-Aug-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\nipalsm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\RK Launcher\RKLauncher.exe C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe O4 - HKCU\..\Run: [MSCalsClocks] C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe O4 - Startup: eCentral.lnk = C:\Program Files\Eshasoft\Calendar and Day Planner (USA Edition)\eCentral.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.sheepshow.com.tw O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.ges.com.sg/iNotes6W.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207181156285 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207185880443 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Windows_IE7.0 - Unknown owner - C:\WINDOWS\IE7.0.exe (file missing) -- End of file - 9373 bytes OK I found another one. Name IE7.0.exe* http://isc.sans.org/diary.html?storyid=2537 ---------- Go to Start > Run, and copy/paste the following blue text into the Open box: sc stop Windows_IE7.0 Now click OK then enter the next line: sc DELETE Windows_IE7.0 Now click OK ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Download JavaRa and unzip it to your desktop. Double-click on JavaRa.exe to start the program. Click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. You can close it, you won't need to post it. Delete the JavaRa .zip .exe and .html files from the Desktop . Follow this link to download and install Java Runtime Environment (JRE) 6 Update 7 ---------- What problems still remain? ya,update the java. everthings is fine now. thank you so much. luckly i met you,else i will reinstall my OS. thanks a lotsJust a few more things. Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the RADIO button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Let us know if anything else comes up.alots of windows updates need to install, thanks.will update it soonscan using ESET today.found 13 threats.. name MSA.exe,VIE.exe (Win32 Adware) suspect my pc is not full clean.. what should i do? are them cause any serious problem?Yes those are bad. MSA.exe is s worm. This scan will take a while but the log from it will be very important. Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the REPORT. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report** in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.ok.will post the report later. the database update is very slow. scanning cannot run right now. The scan will take a while as well. But it is very thorough and should find anything that may be left. It won't have an option to clean what's found but we will be able to do that manually once we have the file locations. We will run another diagnostic scan once Kaspersky is done. It will contain a huge amount of information and not take long to run. I will be sure to leave no stone unturned this time

2212.

Solve : serious virus?

Answer»

I'm not sure,maybe i could try to remove them.
O4 - HKCU\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
We can remove them if you don't know what they are. There are so many I would think it is a leftover from the virus.

Let me work up a fix real quick while you are doing the other steps.i notice that the porn SIGN and ms antivirus icon always at my desktop.
but i couldn't find the program at add/remove program
and the html balck scrren window always pop upok.after remove all VIE and QQ related key
it seems ok after reboot.
here is the updated:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:19 PM, on 25-Aug-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [MSCalsClocks] C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
O4 - Startup: eCentral.lnk = C:\Program Files\Eshasoft\Calendar and Day Planner (USA Edition)\eCentral.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.sheepshow.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.ges.com.sg/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207181156285
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207185880443
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows_IE7.0 - Unknown owner - C:\WINDOWS\IE7.0.exe (file missing)

--
End of file - 9373 bytes
OK I found another one.

Name IE7.0.exe http://isc.sans.org/diary.html?storyid=2537

----------

Go to Start > Run, and copy/paste the following blue text into the Open box:

sc stop Windows_IE7.0

Now click OK then enter the next line:

sc DELETE Windows_IE7.0

Now click OK

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

Download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. You can close it, you won't need to post it.
Delete the JavaRa .zip .exe and .html files from the Desktop

.
Follow this link to download and install Java Runtime Environment (JRE) 6 Update 7

----------

What problems still remain?

ya,update the java.
everthings is fine now.
thank you so much.
luckly i met you,else i will reinstall my OS.
thanks a lotsJust a few more things.

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the RADIO button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Let us know if anything else comes up.alots of windows updates need to install,
thanks.will update it soonscan using ESET today.found 13 threats..
name MSA.exe,VIE.exe (Win32 Adware)
suspect my pc is not full clean..
what should i do?
are them cause any serious problem?Yes those are bad. MSA.exe is s worm.

This scan will take a while but the log from it will be very important.

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the REPORT.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.ok.will post the report later.
the database update is very slow.
scanning cannot run right now.
The scan will take a while as well. But it is very thorough and should find anything that may be left. It won't have an option to clean what's found but we will be able to do that manually once we have the file locations.

We will run another diagnostic scan once Kaspersky is done. It will contain a huge amount of information and not take long to run. I will be sure to leave no stone unturned this time

Discussion

2213.	Solve : AntiVirus 2009?
Answer» I've been noticing a lot of people online getting caught up in this program, so I thought I would post some links about it... http://blog.trendmicro.com/fake-antivirus-trojans-ramping-up http://sunbeltblog.blogspot.com/2008/08/new-rogue-power-antivirus-2009-uses.html If you TAKE a LOOK at the screenshots, you'll see that it looks a lot like a cross between AVG and Comodo.I'm glad those pictures don't look familiar.I was curious this AFTERNOON and installed ONE in Sandboxie. It started to immediately "find" all sorts of weird files. It's so thorough that it can even detect infections that don't exist!

Discussion

2214.	Solve : Avast or AVG?
Answer» I've heard good things about both. Please help me choose between them, with your own list of opinions thank you. I just need a good solid Anti Virus program, and my computer will be set : )Well, I've always been partial to AVG. The newest version has been having a lot of issues, though. I still use it as my primary anti-virus, but I don't recommend it nearly as often. I think your best bet is to try out each program for a few days (don't have them installed at the same time) and see which one you like better. Either way, you should have a decent amount of protection.Sorry Chris we were posting at the same time. My views.... AVG It's been around for a long time and is trusted to do a good job but with the recent version 8.0 there have been, for some users, multiple problems that aren't easily fixed. It can be HEAVY on resources for some and does use more than Avast. Avast! Light weight and does a good job in detecting and cleaning malware. The argument goes both ways for which is best. It ALSO has the option of doing a memory scan which is very good. On a personal level I like that it has skins. http://www.avast.com/eng/skins.html You also can't count out Avira. I've seen a few people whos opinions matter say that it is now the best. But the TABLES always turn when it comes to AV's. One month one is better and the next it is RUNNING in second or third place. Below is a list of the few free AV's that are trustworthy. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Comodo Antivirus 5) PC Tools AntiVirus Free Edition While you are at it you may as well install a good free firewall as well. 1) Comodo (Uncheck during INSTALLATION "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus

Discussion

2215.	Solve : Hijackthis 2?
Answer» And here we have... --Computer 2-- [recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM) Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest VERSION. Once the program has loaded, SELECT Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by CLICKING the Logs tab in MBAM. Copy and Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Now run a new HJT scan and post the log.Here we go, MalwareBytes' Anti Malware. [recovering disk space -- attachment deleted by admin]I forgot to request a new HJT log also.Oh Darn, you did put it up there.....I just didn't see it. Now I'm going to have to wait till tomorrow to run it again. (door to the computer room is locked) No problem. I'm pretty sure the MyWebSearch was the only problems showing and MBAM took care of that quite well.Indeed. My brother claims to know nothing about it....Here we go. [recovering disk space -- attachment deleted by admin]Are you running Kaspersky firewall and Symantec AV? ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Download JavaRa to your Desktop and unzip it to its own folder. Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Quote Are you running Kaspersky firewall and Symantec AV? I don't think so..... Norton 360 was on here before Kaspersky. Also, when running JavaRa, it CRASHED part of the way through the removal process. I ran it again and it seemed fine. Log attached. [recovering disk space -- attachment deleted by admin]There are about 5 or 6 instances of Norton running in the log, mostly Services. To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name. Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC and run the tool again to ensure everything has been removed. Thanks Evil. Norton is a SNEAKY little thing....I know you don't need it but you still get the closing speech Well a condensed version anyway. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. Will do Unfortunately my bro is on the computer again.....

2215.

Solve : Hijackthis 2?

Answer»

And here we have...

--Computer 2--

[recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest VERSION.
Once the program has loaded, SELECT Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by CLICKING the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Now run a new HJT scan and post the log.Here we go, MalwareBytes' Anti Malware.

[recovering disk space -- attachment deleted by admin]I forgot to request a new HJT log also.Oh Darn, you did put it up there.....I just didn't see it.

Now I'm going to have to wait till tomorrow to run it again. (door to the computer room is locked) No problem. I'm pretty sure the MyWebSearch was the only problems showing and MBAM took care of that quite well.Indeed. My brother claims to know nothing about it....Here we go.

[recovering disk space -- attachment deleted by admin]Are you running Kaspersky firewall and Symantec AV?

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

Download JavaRa to your Desktop and unzip it to its own folder.

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Quote

Are you running Kaspersky firewall and Symantec AV?

I don't think so..... Norton 360 was on here before Kaspersky.

Also, when running JavaRa, it CRASHED part of the way through the removal process. I ran it again and it seemed fine.
Log attached.

[recovering disk space -- attachment deleted by admin]There are about 5 or 6 instances of Norton running in the log, mostly Services.

To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.

Thanks Evil.

Norton is a SNEAKY little thing....I know you don't need it but you still get the closing speech Well a condensed version anyway.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

Will do

Unfortunately my bro is on the computer again.....

Discussion

2216.	Solve : Pls help me with my logs...?
Answer» Can someone pls help me with my logs. Thanks! [recovering disk SPACE -- attachment deleted by admin]You should remove this entry with HJT... O3 - TOOLBAR: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no FILE) Other than that, you look clean to me. Are you EXPERIENCING any problems? The only thing I see is that you need a firewall. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, DISABLE Windows Firewall, and install your new firewall.

Discussion

2217.	Solve : So this computer.....?
Answer» I ran superantispyware and malwarebytes in it, and just gave me cookies i needed to remove. Here is HJT log.....does it look clean? also, what do i need to update and what can i remove to make this puppy run faster? This is my aunt's computer... Logfile of Trend Micro HIJACKTHIS v2.0.2 Scan saved at 10:09:59 AM, on 8/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\WEBROOT\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\QuickSet\QuickSet.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\cidaemon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search PAGE = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll F3 - REG:win.ini: load= C:\PROGRAMS\ALDUS\PIPELINE\remind.exe O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe" O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\MESSENGER\msmsgs.exe" /background O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114350035926 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212803914825 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6410 bytes THANKS! ~Iamtonsoffun247O yea also I dont even see java on this computer. She uses Netzero as her internet connection, so Im not sure If i need that or not....Looks fine. You might want to run this. http://www.malwarebytes.org/startuplite.phpWill that pretty much let me remove most of those 04 files? I just dont know which ones I can remove StartUpLite will tell you which ones are not needed.I know i keep askin dumb questions lol but does the comp need java? It doesnt have any on it at all.... Depends on what all the PC is used for. It never hurts to have it just in case. http://www.java.com/en/download/index.jsp

Discussion

2218.	Solve : LOGS - SuperAntispyware ,Malwarebytes , and HijackThis?
Answer» anti virus 2008 there are 3 files in (C:\documents and settings\joe\local settings\teporary internet files\ )that i cant find or get to to delete. trend and Avg keep showing they are there but are unable to get them off my computer. thank you for any help your able to give me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:16:07 AM, on 8/19/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msn.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191105959644 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218041048750 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 6319 bytes Malwarebytes' Anti-Malware 1.25 Database version: 1070 Windows 5.1.2600 Service Pack 3 9:08:31 AM 8/19/2008 mbam-log-08-19-2008 (09-08-31).txt Scan type: Quick Scan Objects scanned: 44892 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data ITEMS Infected: 0 Folders Infected: 12 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\rhclr0j0en9c (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\joe\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\joe\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/19/2008 at 08:42 AM Application Version : 4.15.1000 Core Rules Database Version : 3540 Trace Rules Database Version: 1529 Scan type : Complete Scan Total Scan Time : 00:51:54 Memory items scanned : 421 Memory threats detected : 0 Registry items scanned : 6515 Registry threats detected : 1 File items scanned : 69330 File threats detected : 2 Rogue.AntiVirus 2008 Pro HKU\S-1-5-21-57989841-261478967-725345543-1003\Software\antivirus 2008 pro C:\Documents and Settings\joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk sorry i fixed the post Welcome to CH. I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time. The real-time protection of two antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up DUE to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. I strongly SUGGEST you either configure only one antivirus program to enable automatic real-time scanning, and leave the rest disabled, using them for on-demand scanners or go to Start > Control Panel > Add or Remove Programs and uninstall all but one antivirus program. Now run a new HijackThis scan and post the log.If I were you, I would ditch Antivirus 2008... http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009ok new logs and droped AVG think its all clean. i still got avg hits in my restore files befor i droped down to one virus program. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/20/2008 at 10:01 AM Application Version : 4.15.1000 Core Rules Database Version : 3541 Trace Rules Database Version: 1530 Scan type : Complete Scan Total Scan Time : 00:42:45 Memory items scanned : 345 Memory threats detected : 0 Registry items scanned : 6516 Registry threats detected : 0 File items scanned : 68834 File threats detected : 0 Malwarebytes' Anti-Malware 1.25 Database version: 1072 Windows 5.1.2600 Service Pack 3 10:08:37 AM 8/20/2008 mbam-log-08-20-2008 (10-08-37).txt Scan type: Quick Scan Objects scanned: 45085 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:29 AM, on 8/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msn.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191105959644 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218041048750 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 5587 bytesLooks good now. Next: Set a New Restore Point to prevent possible reinfection from an old one. Please go to: Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings Click to add a check mark beside Turn off System Restore and click Apply When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear. Uncheck "Turn off System Restore" Click "Apply," and then click "OK". You can find more detailed instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. How is EVERYTHING now?

2218.

Solve : LOGS - SuperAntispyware ,Malwarebytes , and HijackThis?

Answer»

anti virus 2008 there are 3 files in (C:\documents and settings\joe\local settings\teporary internet files\ )that i cant find or get to to delete. trend and Avg keep showing they are there but are unable to get them off my computer.

thank you for any help your able to give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:07 AM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191105959644
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218041048750
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6319 bytes

Malwarebytes' Anti-Malware 1.25
Database version: 1070
Windows 5.1.2600 Service Pack 3

9:08:31 AM 8/19/2008
mbam-log-08-19-2008 (09-08-31).txt

Scan type: Quick Scan
Objects scanned: 44892
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data ITEMS Infected: 0
Folders Infected: 12
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhclr0j0en9c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\joe\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\rhclr0j0en9c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\joe\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2008 at 08:42 AM

Application Version : 4.15.1000

Core Rules Database Version : 3540
Trace Rules Database Version: 1529

Scan type : Complete Scan
Total Scan Time : 00:51:54

Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 6515
Registry threats detected : 1
File items scanned : 69330
File threats detected : 2

Rogue.AntiVirus 2008 Pro
HKU\S-1-5-21-57989841-261478967-725345543-1003\Software\antivirus 2008 pro
C:\Documents and Settings\joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
sorry i fixed the post
Welcome to CH.

I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up DUE to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

I strongly SUGGEST you either configure only one antivirus program to enable automatic real-time scanning, and leave the rest disabled, using them for on-demand scanners or go to Start > Control Panel > Add or Remove Programs and uninstall all but one antivirus program.

Now run a new HijackThis scan and post the log.If I were you, I would ditch Antivirus 2008...
http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009ok new logs and droped AVG

think its all clean. i still got avg hits in my restore files befor i droped down to one virus program.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2008 at 10:01 AM

Application Version : 4.15.1000

Core Rules Database Version : 3541
Trace Rules Database Version: 1530

Scan type : Complete Scan
Total Scan Time : 00:42:45

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 6516
Registry threats detected : 0
File items scanned : 68834
File threats detected : 0

Malwarebytes' Anti-Malware 1.25
Database version: 1072
Windows 5.1.2600 Service Pack 3

10:08:37 AM 8/20/2008
mbam-log-08-20-2008 (10-08-37).txt

Scan type: Quick Scan
Objects scanned: 45085
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:29 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191105959644
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218041048750
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5587 bytesLooks good now.

Next: Set a New Restore Point to prevent possible reinfection from an old one.

Please go to: Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings
Click to add a check mark beside Turn off System Restore and click Apply
When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear.
Uncheck "Turn off System Restore"
Click "Apply," and then click "OK".

You can find more detailed instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

Discussion

2219.	Solve : Microsoft Updates Failed......?
Answer» Hi, i can't download updates from Microsoft Update. I don't know what happened. Below are the results and problems: Review Your Installation Results The software upgrade is complete You can now use the website to find and install the latest updates for your computer. Continue More high-priority updates are available Your computer might be at risk until you install them. Check for the remaining updates and install them now. Express Restart now to finish installing updates Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now. Installation Summary Successful: 0 Failed: 1 Remaining: 19 -------------------------------------------------------------------------------- Successful Updates -------------------------------------------------------------------------------- Failed Updates For help installing an update successfully, see the solution under each problem description. Problem: End User License Agreement (EULA) Not Accepted Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed. Problem: Not Enough Disk Space Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer. Problem: Automatic Updates is currently installing updates Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website. Note: To view Automatic Updates progress, click the updating icon in your System Tray. Problem: Please check your update history for a description. Problem: A problem on your computer is preventing updates from being downloaded or installed Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem. Microsoft Windows XP Windows XP Service PACK 3 (KB936929) -------------------------------------------------------------------------------- Remaining High-Priority Updates Your computer might be at risk until you install all high-priority updates. These updates help protect against security threats and performance problems. Microsoft Windows XP Critical Update for Office XP on Windows XP Service Pack 2 (KB885884) Security Update for Windows XP (KB901190) Security Update for Internet Explorer 7 for Windows XP (KB938127) Security Update for Windows XP (KB950749) Update for Windows XP (KB932823) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Cumulative Security Update for ActiveX Killbits for Windows XP (KB953839) Windows Malicious Software Removal Tool - August 2008 (KB890830) Security Update for Outlook Express for Windows XP (KB951066) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB952954) Cumulative Security Update for Internet Explorer 7 for Windows XP (KB953838) Security Update for Windows XP (KB950974) Update for Windows XP (KB951072) Update for Windows XP (KB952287) Microsoft Office 2002/XP Office XP Service Pack 3 Please go HERE<< and do Step 4: Malwarebytes' Anti-Malware (MBAM) and Step 6: HijackThis. Post the two LOGS when complete.Hi. the logs are as attached. Thanks! [recovering disk space -- attachment deleted by admin]Open HijackThis and SELECT Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When FINISHED ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixAttached are the logs. [recovering disk space -- attachment deleted by admin]Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. Click Start , then Run Type notepad.exe in the Run Box. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O20 - AppInit_DLLs: bqsyze.dll Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. How is everything now?Here is the ComboFix logs. [recovering disk space -- attachment deleted by admin]I'm still having problems performing updates. Below is the problem: Review Your Installation Results The software upgrade is complete You can now use the website to find and install the latest updates for your computer. Continue More high-priority updates are available Your computer might be at risk until you install them. Check for the remaining updates and install them now. Restart now to finish installing updates Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now. Installation Summary Successful: 0 Failed: 1 Remaining: 0 -------------------------------------------------------------------------------- Successful Updates -------------------------------------------------------------------------------- Failed Updates For help installing an update successfully, see the solution under each problem description. Problem: End User License Agreement (EULA) Not Accepted Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed. Problem: Not Enough Disk Space Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer. Problem: Automatic Updates is currently installing updates Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website. Note: To view Automatic Updates progress, click the updating icon in your System Tray. Problem: Please check your update history for a description. Microsoft Office 2002/XP Office XP Service Pack 3 I also having this problem. [recovering disk space -- attachment deleted by admin]Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: Text file [.txt]* Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

2219.

Solve : Microsoft Updates Failed......?

Answer»

Hi, i can't download updates from Microsoft Update. I don't know what happened. Below are the results and problems:

Review Your Installation Results

The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.

Continue

More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.

Express

Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.

Installation Summary

Successful: 0
Failed: 1
Remaining: 19

--------------------------------------------------------------------------------

Successful Updates

--------------------------------------------------------------------------------

Failed Updates
For help installing an update successfully, see the solution under each problem description.

Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.

Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.

Problem: Please check your update history for a description.

Problem: A problem on your computer is preventing updates from being downloaded or installed
Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem.

Microsoft Windows XP
Windows XP Service PACK 3 (KB936929)

--------------------------------------------------------------------------------

Remaining High-Priority Updates
Your computer might be at risk until you install all high-priority updates. These updates help protect against security threats and performance problems.

Microsoft Windows XP
Critical Update for Office XP on Windows XP Service Pack 2 (KB885884)
Security Update for Windows XP (KB901190)
Security Update for Internet Explorer 7 for Windows XP (KB938127)
Security Update for Windows XP (KB950749)
Update for Windows XP (KB932823)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Cumulative Security Update for ActiveX Killbits for Windows XP (KB953839)
Windows Malicious Software Removal Tool - August 2008 (KB890830)
Security Update for Outlook Express for Windows XP (KB951066)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952954)
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB953838)
Security Update for Windows XP (KB950974)
Update for Windows XP (KB951072)
Update for Windows XP (KB952287)

Microsoft Office 2002/XP
Office XP Service Pack 3

Please go HERE<< and do Step 4: Malwarebytes' Anti-Malware (MBAM) and Step 6: HijackThis.

Post the two LOGS when complete.Hi. the logs are as attached. Thanks!

[recovering disk space -- attachment deleted by admin]Open HijackThis and SELECT Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis and restart the computer.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When FINISHED ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixAttached are the logs.

[recovering disk space -- attachment deleted by admin]Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O20 - AppInit_DLLs: bqsyze.dll

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

How is everything now?Here is the ComboFix logs.

[recovering disk space -- attachment deleted by admin]I'm still having problems performing updates. Below is the problem:

Review Your Installation Results

The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.

Continue

More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.

Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.

Installation Summary

Successful: 0
Failed: 1
Remaining: 0

--------------------------------------------------------------------------------

Successful Updates

--------------------------------------------------------------------------------

Failed Updates
For help installing an update successfully, see the solution under each problem description.

Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.

Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.

Problem: Please check your update history for a description.

Microsoft Office 2002/XP
Office XP Service Pack 3

I also having this problem.

[recovering disk space -- attachment deleted by admin]Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Discussion

2220.	Solve : In-session Phishing. Really??
Answer» Quote New bug found in Browsers - Berth of In-session PHISHING Don't ask for the source. Just Google "In-session Phishing" and GET lots of hits. But, Really? So what are we suppose to do now? Hide under a rock? What do you say? You could READ the news FIRST, but don't let that stop you from making a post. Post now, research later. That's what we say.

2220.

Solve : In-session Phishing. Really??

Answer»

Quote

New bug found in Browsers - Berth of In-session PHISHING

Don't ask for the source. Just Google "In-session Phishing" and GET lots of hits.

But, Really?

So what are we suppose to do now? Hide under a rock?
What do you say?
You could READ the news FIRST, but don't let that stop you from making a post. Post now, research later. That's what we say.

Discussion

2221.	Solve : Analysis of HijackThis Log? System keeps shutting down.?
Answer» Am having problems with computer. We know there's a hardware problem (whatever "senses" the CPU and system temperature is very nutty...one second it says the system is 200 degrees (F) and shuts off the computer; the next it says it's 32 degrees (F) and shuts down again). Sometimes it works fine; other times not. Am looking to see if there are any software issues which aren't causing a problem with the system, too. (Like, why does this darn thing SHUT down almost every time I look at myspace?) Can anyone analyze the HijackThis log and make any suggestions? I'm on Win XP with Service Pack 3. (Computer is a Compaq PRESARIO desktop, if that makes a difference.) Many thanks to everyone... AmbrosiaSigh...I guess it helps if I actually post the log here? LOL! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:34:18 PM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: NormalRunning processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\IPOD\bin\iPodService.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SETTINGS,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231711913437 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Discussion

2222.	Solve : Compuer Is acting up. Report logs inside...?
Answer» Hello, My computer is acting up and i have run my Malwarebytes and Superantispy and the reports are as follows but still acting up... The report logs were run in safemode... Any thoughts? Malwarebytes' Anti-Malware 1.20 Database version: 957 Windows 5.1.2600 Service Pack 3 11:54:52 AM 1/9/2009 mbam-log-1-9-2009 (11-54-52).txt Scan type: Full Scan (C:\\|) OBJECTS scanned: 90725 Time elapsed: 20 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And the other SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/09/2009 at 12:30 PM Application Version : 4.15.1000 Core RULES Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:33:58 Memory items scanned : 229 Memory threats detected : 0 Registry items scanned : 5899 Registry threats detected : 0 File items scanned : 19228 File threats detected : 10 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt my compter goes to the blue screen and white writing sayin gi need to reload software... Any ideas on how to fix? thanks for your time...not in safe mode: Hijack this report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:58:22 PM, on 1/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRAM Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IBM ThinkVantage\Client SECURITY Solution\cssauth.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561896640 O18 - Filter hijack: text/html - {1438f0e7-f9aa-4e1d-9189-cffc7e8e63b8} - (no file) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate NOTICE - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe -- End of file - 13470 bytes anyone?help please?As you can tell, the reason people aren't responding is because if you bump your own thread, it takes LONGER for them to come and help you.Quote from: BatchRocks on January 13, 2009, 12:44:02 PM As you can tell, the reason people aren't responding is because if you bump your own thread, it takes LONGER for them to come and help you. Exactly. Also, malware removal specialists are at a shortage at the moment, so just hang in there.

2222.

Solve : Compuer Is acting up. Report logs inside...?

Answer»

Hello,

My computer is acting up and i have run my Malwarebytes and Superantispy and the reports are as follows but still acting up... The report logs were run in safemode... Any thoughts?

Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 5.1.2600 Service Pack 3

11:54:52 AM 1/9/2009
mbam-log-1-9-2009 (11-54-52).txt

Scan type: Full Scan (C:\|)
OBJECTS scanned: 90725
Time elapsed: 20 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And the other

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/09/2009 at 12:30 PM

Application Version : 4.15.1000

Core RULES Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 00:33:58

Memory items scanned : 229
Memory threats detected : 0
Registry items scanned : 5899
Registry threats detected : 0
File items scanned : 19228
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt

my compter goes to the blue screen and white writing sayin gi need to reload software... Any ideas on how to fix?

thanks for your time...not in safe mode:

Hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:22 PM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRAM Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client SECURITY Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561896640
O18 - Filter hijack: text/html - {1438f0e7-f9aa-4e1d-9189-cffc7e8e63b8} - (no file)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate NOTICE - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 13470 bytes
anyone?help please?As you can tell, the reason people aren't responding is because if you bump your own thread, it takes LONGER for them to come and help you.Quote from: BatchRocks on January 13, 2009, 12:44:02 PM

As you can tell, the reason people aren't responding is because if you bump your own thread, it takes LONGER for them to come and help you.

Exactly. Also, malware removal specialists are at a shortage at the moment, so just hang in there.

Discussion

2223.	Solve : bgsvcgen.exe WHAT IS IT? A VIRUS??
Answer» Hi, I see a process called bgsvcgen.exe in the task manager and it's labelled as a system process. It's supposedly B's Recorder GOLD LIBRARY General Service file associated with B.H.A. Corporation, which seems to be a legitimate program, but the fact is, I have NEVER installed anything by B.H.A. Corporation and this process can be terminated manually but appears on normal reboot. And I have seen reports of a virus of same name. What should I do? I can post HJT log if needed. I have Sophos Antivirus, Windows Defender and PC Tools Spyware Doctor Starter Edition actively checking my computer and so far, they're not picking up anything serious. Any input? Thanks!!B's Recorder GOLD Library General Service (bgsvcgen) http://www.systemlookup.com/O23/377-bgsvcgen_exe.html Program FAQ page. http://www.bha.co.jp/en/support/index.htmlI read bgsvcgen.exe is installed in conjunction with TMPGEnc DVD Author 3 with DivX Authoring. I have that program installed and I use it. So hpefully that's the case and not a virus It looks to be safe. I couldn't find anything bad on it.thanks!When you find suspicious files you can easily check them to see if they are malicious or not. How to scan suspicious filesThanks. Well, I got virustotal to use. They've got the program that you can send file to so they can do the scanning. It's like their website but straight from wndows. Anyhow, I have sophos antivirus provided by school and school network is protected by it and I trust it's good.VirusTotal is an excellent resource! Besides being informative if you scan a file that isn't yet been identified then they will alert all of the VENDORS who participate. Therefore getting the bad files included in the next updates to the antivirus software. Good stuff!the thing I like about virustotal is that it gives multiple opinions so if majority opinions say it's a virus, it's most likely a virus and not a false positive. so that's GOOD!!

Discussion

2224.	Solve : AntiVirus CONFUSED!!!!?
Answer» Ok, about a week ago my laptop was running like crap and then I posted on here about it. I followed the malware thread and did this and taht and my laptop boots up a little FASTER than before. Now my problem is when I try and do the start and shut down my laptop just sits there thinking about shuting down, so I get to the point of doin a hard boot which I hate to do. Now about the antivirus, I have symantic and it is updated and then when doing malware removal I got the superantispyware, but now I am reading a froum talking about Dr. Webb CURE IT. I am hopeless AROUND the whole thing and need to find out the best way and the best antivirus avaliable so that I dont have diffrent programs fighting each other to TAKE over. Thanks for the help in advance.Dr. Webb CURE IT is a stand alone antivirus scanner. It does not offer real-time protection. You can update and run it any time with no problems. Superantispyware will work fine alongside any antivirus. Quote from: CBMatt on January 05, 2009, 04:59:38 PM I don't see anymore infections. How are things running now? You never resopnded to CBMatts last question...Well they seem to running some what better. I can open and close programs faster than before and booting up doesnt take as long. So, all in all it is pretty good. Now all I have problems with now is rebooting.....takes a VERY long time to shut down, so it can reboot. I sat here the other day for around 3 mins or so till it got to me and I did a hard boot. For me my time is precious while being here in Iraq, so EVERY second counts for my system to run smooth as possible. I want to thank you and everyone tat has help me this far and hope to learn more from everyone that posts.There may be a lot of fragmented sections on the drive after cleaning the malware. You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp FILES and restart the computer just before using this.

2224.

Solve : AntiVirus CONFUSED!!!!?

Answer»

Ok, about a week ago my laptop was running like crap and then I posted on here about it. I followed the malware thread and did this and taht and my laptop boots up a little FASTER than before.

Now my problem is when I try and do the start and shut down my laptop just sits there thinking about shuting down, so I get to the point of doin a hard boot which I hate to do.

Now about the antivirus, I have symantic and it is updated and then when doing malware removal I got the superantispyware, but now I am reading a froum talking about Dr. Webb CURE IT. I am hopeless AROUND the whole thing and need to find out the best way and the best antivirus avaliable so that I dont have diffrent programs fighting each other to TAKE over.

Thanks for the help in advance.Dr. Webb CURE IT is a stand alone antivirus scanner. It does not offer real-time protection. You can update and run it any time with no problems.

Superantispyware will work fine alongside any antivirus.

Quote from: CBMatt on January 05, 2009, 04:59:38 PM

I don't see anymore infections. How are things running now?

You never resopnded to CBMatts last question...Well they seem to running some what better. I can open and close programs faster than before and booting up doesnt take as long. So, all in all it is pretty good.

Now all I have problems with now is rebooting.....takes a VERY long time to shut down, so it can reboot. I sat here the other day for around 3 mins or so till it got to me and I did a hard boot.

For me my time is precious while being here in Iraq, so EVERY second counts for my system to run smooth as possible.

I want to thank you and everyone tat has help me this far and hope to learn more from everyone that posts.There may be a lot of fragmented sections on the drive after cleaning the malware.

You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp FILES and restart the computer just before using this.

Discussion

2225.	Solve : Need helpwith malware removal?
Answer» The COMPUTER is STILL running good. I want to thank you for the help you given me to CLEAN everything off. How do I go about getting McAfee off my computer? I didn't SEE anything to uninstall it.You're welcome. If you would like to remove McAfee, they have a removal tool that works pretty well. Try following the steps on this page and see if it helps you... HTTP://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033

Discussion

2226.	Solve : Need some help, I'm guessing Virus?
Answer» My computer was acting very SLOW, so I tried to RUN some adaware/registry cleaner programs. Halfway through, I got bluescreened. I ran the computer again, and attempted to run anti-virus. Again, it crashed. I then tried to run the computer in SAFE mode, and ran adaware, anti-virus, etc.. before any of them completed, it crashed again. I am not sure what to do more than STARTING it in safe mode. It's a laptop, I don't know if it's still connecting to the internet wirelessly, or if that has anything to do with it even. It's running Windows Vista, and I don't know what to do short of reinstalling it, which I really don't have TIME for right now with work. Any help would be greatly appreciated! You should never use any registry cleaners! Go to Safe Mode (F8 method), and try and system restore to a week.

Discussion

2227.	Solve : Desktop malware and MORE Please help!...?
Answer» My Norton Anti-Virus EXPIRED a few weeks ago and since then I've acquired new friends. I have installed a new Norton 360 but still have all this great company. A few of my symptoms are: -Slow system/freezing -black desktop with malware alert -When my browser goes to open a computer file such as uploading a PHOTO or attaching a fie IE completely SHUTS down. -malware pop up and scan -after scanning with the recommended programs and reboot my computer freezes upon reboot so I have to shut it down more than a few times to get it going, THUS reinstalling all the malware I just deleted. -oddly enough my keyboard response just got really slow and I'm having to retype a lot of words. I know there isn't much hope for my computer but I'd like to do what I can before I gut it. Here are my logs, I actually have to attach them from another computer. [attachment deleted by admin]try throwing norton and getting avg through a jump drive like mcafee norton is junk get these too 1 malware bytes 2 hijack this download links avg http://www.download.com/3001-2239_4-10320142.html?spi=c6a00dc2c57e3d03813c92c940088fcb malware bytes http://www.download.com/3001-8022_4-10804572.html?spi=b1b548b4e61bf3eb026e7756c93f9f6f hijack http://www.download.com/3001-8022_4-10227353.html?spi=ae764de1cc0c51494aac9139b3fca9d3 ps LET one of the experts take care of hijack by posting a log

Discussion

2228.	Solve : Computer only starts in safe mode?
Answer» Hi all, I am new to this site and appreciate all the help you can give me. I was attempting to remove some malware from my computer. I restarted to safe mode, but when PROMPTED for password, the correct password was not accepted. I tried "administrator" with a blank password, but that did not work either. What are my alternatives to logging back in to the computer. Also, the computer only boots up in safe mode, so I am essentially locked out for the time being. I have also tried to START windows normally through the F8 key to no avail. Thanks in advance!well ATLEAST you can get into safe mode ok you need to get malware bytes and hijackthis then run a scan and such and such also post logs p.s. they work in safe modeSorry I MAY have typed incorrectly. The computer only boots up in safe mode, but when it does not the correct password. I type in the CURRENT password only to get an error message. I have also tried the "Administrator" account to no avail.CH rules don't allow us to help with passwords.

Discussion

2229.	Solve : spam address from CH?
Answer» i got an e-mail from a member ( as i thought ) of CH but it was a spam letter looking for money and to help him him with his families money how was it possible for him to know i was a member and get my e-mail address , unless he to has joined CH HARRYQuote from: harry 48 on January 11, 2009, 02:05:03 PM unless he to has joined CH could he have joined to get ADDRESSES i'm only asking , should i remove my address from my profileQuote from: harry 48 on January 11, 2009, 02:31:44 PM could he have joined to get addresses i'm only asking , should i remove my address from my profile depends; I honestly just ignore spam. Besides; I don't believe there is a way for spambots to AUTOMATICALLY register, since there are methods in place to make sure it's a person. So although people can register just to get access to the member list and their E-mail addresses, it will not be something that will cause a HUGE load of spam to hit your inbox. Just a few drops in the pond so to speak. If you feel it necessary, you could remove your address from your profile- that would prevent it altogether i understand what your saying i thought i would just mention it i'll leave my address thanks for your help, harryWill you post the email address it came from please.Also go into your profile and hide your email address. That will stop people from being able to do this.FROM THE DESK OF MR.BEN ZONGO. DIRECTOR IN CHARGE OF AUDITING AND ACCOUNTING SECTION BANK OF AFRICA (B.O.A) OUAGADOUGOU, BURKINA FASO, WEST AFRICA. REPLY VIA: [emailprotected] Flag this messageFROM THE DESK OF MR.BEN ZONGO.Sunday, 11 January, 2009 12:08 PM From: "ben zongo" <[emailprotected]>Add sender to Contacts To: [emailprotected]

2229.

Solve : spam address from CH?

Answer»

i got an e-mail from a member ( as i thought ) of CH but it was a spam letter looking for money and to help him him with his families money

how was it possible for him to know i was a member and get my e-mail address , unless he to has joined CH

HARRYQuote from: harry 48 on January 11, 2009, 02:05:03 PM

unless he to has joined CH

could he have joined to get ADDRESSES

i'm only asking , should i remove my address from my profileQuote from: harry 48 on January 11, 2009, 02:31:44 PM

could he have joined to get addresses

i'm only asking , should i remove my address from my profile

depends; I honestly just ignore spam.

Besides; I don't believe there is a way for spambots to AUTOMATICALLY register, since there are methods in place to make sure it's a person.

So although people can register just to get access to the member list and their E-mail addresses, it will not be something that will cause a HUGE load of spam to hit your inbox. Just a few drops in the pond so to speak.

If you feel it necessary, you could remove your address from your profile- that would prevent it altogether i understand what your saying i thought i would just mention it

i'll leave my address thanks for your help, harryWill you post the email address it came from please.Also go into your profile and hide your email address. That will stop people from being able to do this.FROM THE DESK OF MR.BEN ZONGO.
DIRECTOR IN CHARGE OF AUDITING
AND ACCOUNTING SECTION
BANK OF AFRICA (B.O.A)
OUAGADOUGOU, BURKINA FASO,
WEST AFRICA.
REPLY VIA: [emailprotected]

Flag this messageFROM THE DESK OF MR.BEN ZONGO.Sunday, 11 January, 2009 12:08 PM
From: "ben zongo" <[emailprotected]>Add sender to Contacts To: [emailprotected]

Discussion

2230.	Solve : Replaced HHD with SSD. Still have this !@#$%^&Malware!!?
Answer» Something is weird. You did a fresh install and immediately you have 15 pups? What AV are you using. This sounds more like a problem with the SSD. Do you have the proper drivers? Can you motherboard support the SSD?And those pups appeared immediately after I turned the internet on. Av is Bit Defender. I've had this problem for some time, changed hard drive for a ssd, reinstalled win7 from original CD, installed drivers from CD from Dell. Everything SEEMED fine until I connected the modem Which was the only device on line. The start button was greyed out, Security center, updates and Now the keyboard won't work. I'm on a tablet again. There are more problems on this computer that I can repair remotely. Someone with a LOT of computer experience will have to take a hands on approach to repair this problem. I still believe it's a hardware problem. Did you check your Device Manager to see if there are any yellow warning icons?Morning, Dave; I finally removed the DSS and CMOS battery, cleaned the drive with factory software and reflashed the BIOS. Reinstalled everything, OS from factory disks and nothing else, no usb drives or SD cards. So far, all looks good. Scanners that detected IAT HOOKS, no longer find anything. We may have , finally cleaned this machine! Thanks for all your time and effort, Dave. I'll let you know how it GOES. That is good news. I'll leave this thread open and you can let me know how it goes.

Discussion

2231.	Solve : Please help with cleaning up my computer?
Answer» You can check the spec. on that computer but it looks like it's running hot. Can you tell if the fan is running? You may be able to test your hard drive with Speedfan. Just click the SMART button.Hi. I was able to do the smart button on speedfan. I don't see how to get this info to you so I will type what I see. It shows 38C on the HD 0 with a blue downward arrow. The next box shows 40C Temp1 with a green check. The next box shows 50C CORE ) with the flame. The next box is HD 0 97%..The next 2 boxes show CPU at 15% Then it jumps to 25% then31% then 8%. That changes really fast. The fan does run alot. In fact most of the time. I did some work on the services but I need to go back and do more there. ThanksDid you try cleaning the notepad?I am sorry but I don't understand what you mean Something is causing you NOTEBOOK to overheat. Did you try cleaning the vents?Yes, i have USED canned air on it. Nothing came out and I don't think it has helped anything. I click on the program speed fan to automatic run the fan. It now shuts off and then later comes on. It doesn't run when I am not using the netbook. But the temp has not changed. Or should I not keep it on auto? Would adding more memory HELP? Thanks You should have this heating problem looked at by a computer tech. Installing more RAM won't help with this problem.ok. I will do that. Thanks so much for helping me. The computer is running better than when i FIRST came here so you helped me a bunch. Thanks again. I will take this netbook and have it looked at. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Discussion

2232.	Solve : System wont log on.?
Answer» Ill start by letting you know im a super-beginer, so please bear with me. My PC froze and shutdown on its own. Upon restart, it got to the part where the green bar moves across and says MICROSOFT, on a black screen background, but never goes any further. I can (and am doing this) in safe mode with networking. This issue has OCCURED before, but the pc usually just starts normally if i reboot enough times. And it wont happen again for many months. This time, many reboots has not fixed the problem. Here are the 4 files requested: Please note, that the eventviewer has around 6000 entries in it since 2009, around 20 errors from this recent reboot. Thanks! Mike. ------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.14.03 Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Administrator :: MIKE-PC [administrator] 3/14/2013 12:15:35 AM mbam-log-2013-03-14 (00-15-35).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 232588 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/8/2009 5:25:39 PM System Uptime: 3/14/2013 7:46:42 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. \| \| P6T Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz \| LGA1366 \| 2672/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 223.639 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 437.876 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . µTorrent Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Adobe Shockwave Player 11.6 AMD APP SDK Runtime AMD Catalyst Install Manager Apple Software Update ATI AVIVO64 Codecs ATI Catalyst Registration avast! Free Antivirus Batman: Arkham City™ Battlefield: Bad Company 2 BearShare BioShock 2 BitTorrent Borderlands Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Compatibility Pack for the 2007 Office system Counter-Strike Creative Audio Control Panel Creative Software AutoUpdate Creative Sound BLASTER Properties x64 Edition CrossLoop 2.60 D3DX10 Day of Defeat Dual-Core Optimizer EA Download Manager F.E.A.R. 2: Project Origin Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Half-Life 2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HydraVision Java Auto Updater Java(TM) 6 Update 37 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 Media Player Codec Pack 4.0.0 Mesh Runtime Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Easy Assist v2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 4.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NirSoft BlueScreenView NVIDIA PhysX PhotoScape PMB PMB Updater QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Segoe UI Sound Blaster Audigy SpywareBlaster 4.2 Steam swMSM System Requirements Lab CYRI Team Fortress 2 Team Fortress Classic Trillian Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.0.3 Windows 7 Upgrade Advisor Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wise Registry Cleaner 5.9.4 WMI Tools Wolfenstein(TM) 1.1 Patch Wolfenstein(TM) 1.1 Patch Xvid 1.1.3 final uninstall YTD YouTube Downloader & Converter 3.6 . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37 Run by Administrator at 20:15:06 on 2013-03-14 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5068 [GMT -4:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\mmc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.live.com/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r mRun: [UpdReg] C:\Windows\UpdReg.EXE mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{205CC84C-1B7D-41F6-984D-FBA196BAF95E} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 178624] R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-5-19 39424] S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1025808] S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-15 377920] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544] S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-15 33400] S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-15 80816] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-20 45248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] S2 gupdate1c9d65375957529;Google Update Service (gupdate1c9d65375957529);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360] S3 PerfHost;Performance Counter DLL HOST;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-03-14 01:46:1173432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 01:46:11693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-06 22:33:2168920----a-w-C:\Windows\System32\drivers\aswTdi.sys 2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 22:33:21377920----a-w-C:\Windows\System32\drivers\aswSP.sys 2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 22:33:2059144----a-w-C:\Windows\System32\drivers\aswRdr.sys 2013-03-06 22:33:2033400----a-w-C:\Windows\System32\drivers\aswFsBlk.sys 2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr 2013-03-06 22:32:22287840----a-w-C:\Windows\System32\aswBoot.exe 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.exe 2013-02-21 05:40:5470004024----a-w-C:\Windows\System32\mrt.exe 2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe 2013-01-09 01:48:5517812992----a-w-C:\Windows\System32\mshtml.dll 2013-01-09 01:22:2610925568----a-w-C:\Windows\System32\ieframe.dll 2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll 2013-01-09 01:12:291346048----a-w-C:\Windows\System32\urlmon.dll 2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll 2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl 2013-01-09 01:10:26237056----a-w-C:\Windows\System32\url.dll 2013-01-09 01:09:1085504----a-w-C:\Windows\System32\jsproxy.dll 2013-01-09 01:07:51173056----a-w-C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:50816640----a-w-C:\Windows\System32\jscript.dll 2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll 2013-01-09 01:06:39729088----a-w-C:\Windows\System32\msfeeds.dll 2013-01-09 01:05:452147840----a-w-C:\Windows\System32\iertutil.dll 2013-01-09 01:04:5896768----a-w-C:\Windows\System32\mshtmled.dll 2013-01-09 01:04:422382848----a-w-C:\Windows\System32\mshtml.tlb 2013-01-09 01:00:48248320----a-w-C:\Windows\System32\ieui.dll 2013-01-08 22:23:2512321280----a-w-C:\Windows\SysWow64\mshtml.dll 2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:09:189738240----a-w-C:\Windows\SysWow64\ieframe.dll 2013-01-08 22:03:571103872----a-w-C:\Windows\SysWow64\urlmon.dll 2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 22:01:48231936----a-w-C:\Windows\SysWow64\url.dll 2013-01-08 22:00:1465024----a-w-C:\Windows\SysWow64\jsproxy.dll 2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:43717824----a-w-C:\Windows\SysWow64\jscript.dll 2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:57:49607744----a-w-C:\Windows\SysWow64\msfeeds.dll 2013-01-08 21:56:511796096----a-w-C:\Windows\SysWow64\iertutil.dll 2013-01-08 21:56:3773216----a-w-C:\Windows\SysWow64\mshtmled.dll 2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb 2013-01-08 21:53:13176640----a-w-C:\Windows\SysWow64\ieui.dll 2013-01-05 05:37:504695400----a-w-C:\Windows\System32\ntoskrnl.exe 2013-01-04 11:31:101423720----a-w-C:\Windows\System32\drivers\tcpip.sys 2013-01-04 01:59:242773504----a-w-C:\Windows\System32\win32k.sys 2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll 2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll . ============= FINISH: 20:17:05.29 =============== # AdwCleaner v2.114 - Logfile created 03/14/2013 at 20:10:53 # Updated 05/03/2013 by Xplode # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # User : Administrator - MIKE-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM7UNEPR\adwcleaner.exe # Option [Search] *** [Services] * * [Files / Folders] * Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com * [Registry] * Key Found : HKCU\Software\GreenTree Applications Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v4.0.1 (en-US) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vwh8u60q.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.172 File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ********************* AdwCleaner[R1].txt - [5833 octets] - [14/03/2013 20:10:54] ########## EOF - C:\AdwCleaner[R1].txt - [5893 octets] ########## Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine. 2. The fixes are specific to your problem and should only be used for this issue on this machine. 3. If you don't know or understand something, please don't hesitate to ask. 4. Please DO NOT run any other tools or scans while I am helping you. 5. It is important that you reply to this thread. Do not start a new topic. 6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. 7. Absence of symptoms does not mean that everything is clear. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. ************************************************************* Remove the Adware: Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with OK Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number. ************************************************ This sounds like a software or hardware problem, not an infection. Please try this even if you don't have the OS disk and tell me what happens. 1/ Click the Start button. 2/ From the Start Menu, Click All programs followed by Accessories. 3/ In the Accessories menu, Right Click on the Command Prompt option. 4/ From the drop down menu that appears, Click on the Run as administrator option. 5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc. 6/ In the Command Prompt window, type: sfc /scannow and then press Enter. 7/ A message will appear stating that the system scan will begin. 8/ Be patient because the scan may take some time. 9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. 10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations. 11/ After the scan has completed, Close the command prompt window. Hi dave, I had the adwcleaner.txt file saved already so i can send you that. I remembered that in the past, when this happened, the only thing that worked was a 'system restore', so i just did one. I rolled back to 3-10-13, 3 days before the crash on 3-13-13. It worked and my pc looks fine. I had to update, avast, AMD, and windows. However, i know something is wrong, as this happens every 2-4 months (last time this happened was longer,,maybe 6 months). I suspect i have some conflict between the video card and the pc, but im guessing. So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot". Any thoughts are welcome. Mike here is the contents of the file that ran during the problem: # AdwCleaner v2.114 - Logfile created 03/14/2013 at 20:10:53 # Updated 05/03/2013 by Xplode # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # User : Administrator - MIKE-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM7UNEPR\adwcleaner.exe # Option [Search] * [Services] * * [Files / Folders] * Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com * [Registry] * Key Found : HKCU\Software\GreenTree Applications Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v4.0.1 (en-US) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vwh8u60q.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.172 File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ********************* AdwCleaner[R1].txt - [5833 octets] - [14/03/2013 20:10:54] ########## EOF - C:\AdwCleaner[R1].txt - [5893 octets] ##########Quote So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot". It would appear that somehow some files are being corrupted. Do you want to run some more scans just to make sure that the computer is clean?sure, if you think it could find the problem. I should say ive run quite a few already. The eventviewer collects info chronologically. I would think its errors/warnings would reveal the issue, but i just dont understand the codes. Anyway...let me know which scans to run? Mike.Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator** (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by COPYING and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) ******************************************* Download Combofix from any of the links below, and save it to your DESKTOP. If your version of Windows defaults to you download folder you will need to copy it to your desktop. Link 1 Link 2 Link 3 To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure. Close any open windows and double click ComboFix.exe to run it. You will see the following image: Click I Agree to start the program. ComboFix will then extract the necessary files and you will see this: As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7 It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt). Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Hi Dave, I already had the DDS and attach files on my desktop from a suggestion i read on line. The combofix didnt look like what you described above...but it ran quickly and left a .txt file unsaved...which i saved to my desktop. All 3 files contents are as follows: ------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37 Run by Administrator at 20:15:06 on 2013-03-14 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5068 [GMT -4:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\mmc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.live.com/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r mRun: [UpdReg] C:\Windows\UpdReg.EXE mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{205CC84C-1B7D-41F6-984D-FBA196BAF95E} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 178624] R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-5-19 39424] S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1025808] S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-15 377920] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544] S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-15 33400] S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-15 80816] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-20 45248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] S2 gupdate1c9d65375957529;Google Update Service (gupdate1c9d65375957529);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-03-14 01:46:1173432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 01:46:11693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-06 22:33:2168920----a-w-C:\Windows\System32\drivers\aswTdi.sys 2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 22:33:21377920----a-w-C:\Windows\System32\drivers\aswSP.sys 2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 22:33:2059144----a-w-C:\Windows\System32\drivers\aswRdr.sys 2013-03-06 22:33:2033400----a-w-C:\Windows\System32\drivers\aswFsBlk.sys 2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr 2013-03-06 22:32:22287840----a-w-C:\Windows\System32\aswBoot.exe 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.exe 2013-02-21 05:40:5470004024----a-w-C:\Windows\System32\mrt.exe 2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe 2013-01-09 01:48:5517812992----a-w-C:\Windows\System32\mshtml.dll 2013-01-09 01:22:2610925568----a-w-C:\Windows\System32\ieframe.dll 2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll 2013-01-09 01:12:291346048----a-w-C:\Windows\System32\urlmon.dll 2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll 2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl 2013-01-09 01:10:26237056----a-w-C:\Windows\System32\url.dll 2013-01-09 01:09:1085504----a-w-C:\Windows\System32\jsproxy.dll 2013-01-09 01:07:51173056----a-w-C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:50816640----a-w-C:\Windows\System32\jscript.dll 2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll 2013-01-09 01:06:39729088----a-w-C:\Windows\System32\msfeeds.dll 2013-01-09 01:05:452147840----a-w-C:\Windows\System32\iertutil.dll 2013-01-09 01:04:5896768----a-w-C:\Windows\System32\mshtmled.dll 2013-01-09 01:04:422382848----a-w-C:\Windows\System32\mshtml.tlb 2013-01-09 01:00:48248320----a-w-C:\Windows\System32\ieui.dll 2013-01-08 22:23:2512321280----a-w-C:\Windows\SysWow64\mshtml.dll 2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:09:189738240----a-w-C:\Windows\SysWow64\ieframe.dll 2013-01-08 22:03:571103872----a-w-C:\Windows\SysWow64\urlmon.dll 2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 22:01:48231936----a-w-C:\Windows\SysWow64\url.dll 2013-01-08 22:00:1465024----a-w-C:\Windows\SysWow64\jsproxy.dll 2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:43717824----a-w-C:\Windows\SysWow64\jscript.dll 2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:57:49607744----a-w-C:\Windows\SysWow64\msfeeds.dll 2013-01-08 21:56:511796096----a-w-C:\Windows\SysWow64\iertutil.dll 2013-01-08 21:56:3773216----a-w-C:\Windows\SysWow64\mshtmled.dll 2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb 2013-01-08 21:53:13176640----a-w-C:\Windows\SysWow64\ieui.dll 2013-01-05 05:37:504695400----a-w-C:\Windows\System32\ntoskrnl.exe 2013-01-04 11:31:101423720----a-w-C:\Windows\System32\drivers\tcpip.sys 2013-01-04 01:59:242773504----a-w-C:\Windows\System32\win32k.sys 2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll 2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll . ============= FINISH: 20:17:05.29 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/8/2009 5:25:39 PM System Uptime: 3/14/2013 7:46:42 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. \| \| P6T Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz \| LGA1366 \| 2672/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 223.639 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 437.876 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . µTorrent Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Adobe Shockwave Player 11.6 AMD APP SDK Runtime AMD Catalyst Install Manager Apple Software Update ATI AVIVO64 Codecs ATI Catalyst Registration avast! Free Antivirus Batman: Arkham City™ Battlefield: Bad Company 2 BearShare BioShock 2 BitTorrent Borderlands Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Compatibility Pack for the 2007 Office system Counter-Strike Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition CrossLoop 2.60 D3DX10 Day of Defeat Dual-Core Optimizer EA Download Manager F.E.A.R. 2: Project Origin Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Half-Life 2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HydraVision Java Auto Updater Java(TM) 6 Update 37 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 Media Player Codec Pack 4.0.0 Mesh Runtime Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Easy Assist v2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 4.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NirSoft BlueScreenView NVIDIA PhysX PhotoScape PMB PMB Updater QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Segoe UI Sound Blaster Audigy SpywareBlaster 4.2 Steam swMSM System Requirements Lab CYRI Team Fortress 2 Team Fortress Classic Trillian Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.0.3 Windows 7 Upgrade Advisor Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wise Registry Cleaner 5.9.4 WMI Tools Wolfenstein(TM) 1.1 Patch Wolfenstein(TM) 1.1 Patch Xvid 1.1.3 final uninstall YTD YouTube Downloader & Converter 3.6 . ==== End Of File =========================== ComboFix 13-03-16.02 - Administrator 03/16/2013 21:30:08.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4119 [GMT -4:00] Running from: c:\users\Administrator\Downloads\ComboFix.exe AV: avast! Antivirus Disabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Disabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\Favorites\bookmarks.html c:\windows\SysWow64\tmp1FCF.tmp . . ((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 ))))))))))))))))))))))))))))))) . . 2013-03-17 01:36 . 2013-03-17 01:37--------d-----w-c:\users\Administrator\AppData\Local\temp 2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Mike\AppData\Local\temp 2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Default\AppData\Local\temp 2013-03-16 00:11 . 2013-03-16 00:11--------d-----w-c:\programdata\ATI 2013-03-15 23:48 . 2013-02-08 00:289162192----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8309AEA8-3945-4888-ACAF-C555BEE24269}\mpengine.dll 2013-02-21 05:42 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-21 05:42 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-21 00:47 . 2013-01-04 11:311423720----a-w-c:\windows\system32\drivers\tcpip.sys 2013-02-21 00:47 . 2013-01-04 01:592773504----a-w-c:\windows\system32\win32k.sys 2013-02-21 00:47 . 2012-11-08 04:261570816----a-w-c:\windows\system32\quartz.dll 2013-02-21 00:47 . 2012-11-08 03:481314816----a-w-c:\windows\SysWow64\quartz.dll 2013-02-21 00:46 . 2013-01-05 05:374695400----a-w-c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-16 00:46 . 2012-03-31 00:39693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-16 00:46 . 2011-05-21 00:2373432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 23:38 . 2006-11-02 12:3572013344----a-w-c:\windows\system32\mrt.exe 2013-03-02 20:42 . 2012-08-29 02:07215128----a-w-c:\windows\SysWow64\PnkBstrB.xtr 2013-03-02 20:42 . 2009-10-26 01:39215128----a-w-c:\windows\SysWow64\PnkBstrB.exe 2013-01-17 06:28 . 2009-10-05 01:16273840------w-c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-03-04 380928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-03-01 180224] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelperREG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-16 16:561629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:47] . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23] . 2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50133400----a-w-c:\program files\Alwil Software\Avast5\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mail.live.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . . ------- File Associations ------- . JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,02, 3e,52,19,bd,5a,80,13,4b,d0,24,e6,8c,57 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,1a, 2f,9e,14,8e,08,9f,e2,cb,c8,3b,c3,d4,01 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,42, b7,ea,51,f8,06,98,38,84,50,54,37,32,ef "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c1,73, b2,6f,2d,51,0d,ad,f1,85,26,b6,ee,61,45 . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:3b,d2,ce,b4,06,13,cc,01 . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,04,41,8b,1e,17,84,42,b1,25,f3,\ . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.avi" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\vlc.exe" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="QuickTime.mp4" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.mts" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice] @Denied: (2) (Administrator) "Progid"="rar_auto_file" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] @Allowed: (Read) (RestrictedCode) "??"=hex:57,44,b7,b8,5f,da,2c,3d,49,61,00,ac,1b,51,fc,10,95,e7,e5,9b,9b,13,13, 0b,a6,35,f0,c4,eb,40,ca,69,40,f1,51,36,ff,9e,a3,b6,93,97,f6,b5,42,49,4e,bb,\ "??"=hex:46,08,b3,cc,5f,7e,4a,5c,f1,45,c4,c4,77,b7,9f,db . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\License information] "datasecu"=hex:cd,03,d0,87,fa,b4,4e,8a,43,cc,97,55,85,a8,6c,ec,3a,4a,6a,70,57, 8a,3e,e9,a1,4c,dd,26,03,46,35,6c,c2,36,e5,f9,58,0f,62,3e,43,96,eb,0f,f7,fa,\ "rkeysecu"=hex:34,b5,d6,38,b4,87,aa,18,39,c6,c2,94,be,92,8c,ee . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2013-03-16 21:40:53 ComboFix-quarantined-files.txt 2013-03-17 01:40 . Pre-Run: 237,102,080,000 bytes free Post-Run: 237,574,098,944 bytes free . - - End Of File - - 1FAA75E06EA2529044CC6305B7FCA802 P2P - I see you have P2P software installed on your machine. µTorrent and BitTorrent We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. ************************************************ There should be another DDS log named Attach.txt Could you please find it and post that log? Just do a search by that name. Download RogueKiller on the desktop Close all the running programs Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop) If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again The attach.txt file that i have was included above. It is the one begining with UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT and includes the alphabetized list of programs on the pc. Is that the one you meant?RogueKiller V8.5.3 [Mar 16 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 03/17/2013 20:35:05 \| ARK \|\| FAK \|\| MBR \| ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++ --- User --- [MBR] 0725f318b95ef5a1b98cc965924f0ba3 [BSP] d317bbe8fe49ef8d36b11c659caec922 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 \| Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDP725050GLA360 ATA Device +++++ --- User --- [MBR] e37173bb3efb321b3049df9a9b6f118f [BSP] f3f4d122083aea733fb462b050acb01c : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 \| Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03172013_02d2035.txt >> RKreport[1]_S_03172013_02d2035.txt The DDS attach log usually shows errors on your machine but I don't see any. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt It ran and it came with 2 threats which it said it removed. These are the only contents of the txt file C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\200e0bc3-6ead4773a variant of Java/Exploit.Agent.NMN trojancleaned by deleting - quarantined C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-6fac2329multiple threatscleaned by deleting - quarantined I checked the Uninstall box on the main window. So These are the things ive done so far: AdwCleaner Malwarebytes' Anti-Malware DDS logs (DDS.txt & Attach.txt) sfc /scannow COMBOFIX ROGUEKILLER (rkreport) F8 (advanced options) repair your computer minidump.dmp bluescreenview (nirsoft) (BSOD.txt) CHKDSK ESET online scanner Probably safe to say, my issue is not virus related but some conflict, that caused the system to to hang upon startup. I still have errors in EVENTVIEWER, i get them every time i login - without problems..its my guess that the solution lies in deciphering that. Luckily my pc is running smoothly now, and i may not have a problem for months.Quote Luckily my pc is running smoothly now, and i may not have a problem for months. I have to agree with your assessment of the situation. Let's do some cleanup and if the problem comes back you could try doing a repair from the Recovery Console or start a post in one of the Software forums. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you. *************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ************************************************* Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!will do. You can go ahead and close this thread. Thanks for the time spent. One last question...should i uninstall Java? I have a request for an update i've been ignoring for weeks...because ive heard java could be trouble. Thanks.Quote One last question...should i uninstall Java? I have a request for an update i've been ignoring for weeks...because ive heard java could be trouble. It's up to you. Some people don't use Java. There was some security problems with Java a few months ago but that's been cleared up.

2232.

Solve : System wont log on.?

Answer»

Ill start by letting you know im a super-beginer, so please bear with me.

My PC froze and shutdown on its own. Upon restart, it got to the part where the green bar moves across and says MICROSOFT, on a black screen background, but never goes any further. I can (and am doing this) in safe mode with networking. This issue has OCCURED before, but the pc usually just starts normally if i reboot enough times. And it wont happen again for many months. This time, many reboots has not fixed the problem.

Here are the 4 files requested:
Please note, that the eventviewer has around 6000 entries in it since 2009, around 20 errors from this recent reboot.

Thanks!

Mike.

-------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.03

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Administrator :: MIKE-PC [administrator]

3/14/2013 12:15:35 AM
mbam-log-2013-03-14 (00-15-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232588
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2009 5:25:39 PM
System Uptime: 3/14/2013 7:46:42 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 223.639 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 437.876 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Registration
avast! Free Antivirus
Batman: Arkham City™
Battlefield: Bad Company 2
BearShare
BioShock 2
BitTorrent
Borderlands
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Counter-Strike
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound BLASTER Properties x64 Edition
CrossLoop 2.60
D3DX10
Day of Defeat
Dual-Core Optimizer
EA Download Manager
F.E.A.R. 2: Project Origin
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Media Player Codec Pack 4.0.0
Mesh Runtime
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NirSoft BlueScreenView
NVIDIA PhysX
PhotoScape
PMB
PMB Updater
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Segoe UI
Sound Blaster Audigy
SpywareBlaster 4.2
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
Team Fortress Classic
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.0.3
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Registry Cleaner 5.9.4
WMI Tools
Wolfenstein(TM) 1.1 Patch
Wolfenstein(TM) 1.1 Patch
Xvid 1.1.3 final uninstall
YTD YouTube Downloader & Converter 3.6
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37
Run by Administrator at 20:15:06 on 2013-03-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5068 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.live.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{205CC84C-1B7D-41F6-984D-FBA196BAF95E} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 178624]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-5-19 39424]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1025808]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-15 377920]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-15 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-15 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-20 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 gupdate1c9d65375957529;Google Update Service (gupdate1c9d65375957529);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360]
S3 PerfHost;Performance Counter DLL HOST;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-14 01:46:1173432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 01:46:11693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 22:33:2168920----a-w-C:\Windows\System32\drivers\aswTdi.sys
2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21377920----a-w-C:\Windows\System32\drivers\aswSP.sys
2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:33:2059144----a-w-C:\Windows\System32\drivers\aswRdr.sys
2013-03-06 22:33:2033400----a-w-C:\Windows\System32\drivers\aswFsBlk.sys
2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr
2013-03-06 22:32:22287840----a-w-C:\Windows\System32\aswBoot.exe
2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-02-21 05:40:5470004024----a-w-C:\Windows\System32\mrt.exe
2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-09 01:48:5517812992----a-w-C:\Windows\System32\mshtml.dll
2013-01-09 01:22:2610925568----a-w-C:\Windows\System32\ieframe.dll
2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll
2013-01-09 01:12:291346048----a-w-C:\Windows\System32\urlmon.dll
2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll
2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-01-09 01:10:26237056----a-w-C:\Windows\System32\url.dll
2013-01-09 01:09:1085504----a-w-C:\Windows\System32\jsproxy.dll
2013-01-09 01:07:51173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:50816640----a-w-C:\Windows\System32\jscript.dll
2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll
2013-01-09 01:06:39729088----a-w-C:\Windows\System32\msfeeds.dll
2013-01-09 01:05:452147840----a-w-C:\Windows\System32\iertutil.dll
2013-01-09 01:04:5896768----a-w-C:\Windows\System32\mshtmled.dll
2013-01-09 01:04:422382848----a-w-C:\Windows\System32\mshtml.tlb
2013-01-09 01:00:48248320----a-w-C:\Windows\System32\ieui.dll
2013-01-08 22:23:2512321280----a-w-C:\Windows\SysWow64\mshtml.dll
2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:09:189738240----a-w-C:\Windows\SysWow64\ieframe.dll
2013-01-08 22:03:571103872----a-w-C:\Windows\SysWow64\urlmon.dll
2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 22:01:48231936----a-w-C:\Windows\SysWow64\url.dll
2013-01-08 22:00:1465024----a-w-C:\Windows\SysWow64\jsproxy.dll
2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:43717824----a-w-C:\Windows\SysWow64\jscript.dll
2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:57:49607744----a-w-C:\Windows\SysWow64\msfeeds.dll
2013-01-08 21:56:511796096----a-w-C:\Windows\SysWow64\iertutil.dll
2013-01-08 21:56:3773216----a-w-C:\Windows\SysWow64\mshtmled.dll
2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-01-08 21:53:13176640----a-w-C:\Windows\SysWow64\ieui.dll
2013-01-05 05:37:504695400----a-w-C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:101423720----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-01-04 01:59:242773504----a-w-C:\Windows\System32\win32k.sys
2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 20:17:05.29 ===============
# AdwCleaner v2.114 - Logfile created 03/14/2013 at 20:10:53
# Updated 05/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Administrator - MIKE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM7UNEPR\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

***** [Registry] *****

Key Found : HKCU\Software\GreenTree Applications
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-US)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vwh8u60q.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5833 octets] - [14/03/2013 20:10:54]

########## EOF - C:\AdwCleaner[R1].txt - [5893 octets] ##########
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

****************************************************
This sounds like a software or hardware problem, not an infection. Please try this even if you don't have the OS disk and tell me what happens.

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.
Hi dave,

I had the adwcleaner.txt file saved already so i can send you that.
I remembered that in the past, when this happened, the only thing that worked was a 'system restore', so i just did one.
I rolled back to 3-10-13, 3 days before the crash on 3-13-13.
It worked and my pc looks fine. I had to update, avast, AMD, and windows.
However, i know something is wrong, as this happens every 2-4 months (last time this happened was longer,,maybe 6 months).
I suspect i have some conflict between the video card and the pc, but im guessing.

So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot".

Any thoughts are welcome.

Mike

here is the contents of the file that ran during the problem:

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 20:10:53
# Updated 05/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Administrator - MIKE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM7UNEPR\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

***** [Registry] *****

Key Found : HKCU\Software\GreenTree Applications
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-US)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vwh8u60q.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5833 octets] - [14/03/2013 20:10:54]

########## EOF - C:\AdwCleaner[R1].txt - [5893 octets] ##########Quote

So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot".

It would appear that somehow some files are being corrupted.
Do you want to run some more scans just to make sure that the computer is clean?sure, if you think it could find the problem. I should say ive run quite a few already.
The eventviewer collects info chronologically. I would think its errors/warnings would reveal the issue, but i
just dont understand the codes.

Anyway...let me know which scans to run?

Mike.Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by COPYING and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
*********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Hi Dave,

I already had the DDS and attach files on my desktop from a suggestion i read on line.
The combofix didnt look like what you described above...but it ran quickly and left a .txt file unsaved...which i saved to my desktop.
All 3 files contents are as follows:

-------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37
Run by Administrator at 20:15:06 on 2013-03-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5068 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.live.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{205CC84C-1B7D-41F6-984D-FBA196BAF95E} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 178624]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-5-19 39424]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1025808]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-15 377920]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-15 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-15 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-20 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 gupdate1c9d65375957529;Google Update Service (gupdate1c9d65375957529);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-14 01:46:1173432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 01:46:11693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 22:33:2168920----a-w-C:\Windows\System32\drivers\aswTdi.sys
2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21377920----a-w-C:\Windows\System32\drivers\aswSP.sys
2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:33:2059144----a-w-C:\Windows\System32\drivers\aswRdr.sys
2013-03-06 22:33:2033400----a-w-C:\Windows\System32\drivers\aswFsBlk.sys
2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr
2013-03-06 22:32:22287840----a-w-C:\Windows\System32\aswBoot.exe
2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-02-21 05:40:5470004024----a-w-C:\Windows\System32\mrt.exe
2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-09 01:48:5517812992----a-w-C:\Windows\System32\mshtml.dll
2013-01-09 01:22:2610925568----a-w-C:\Windows\System32\ieframe.dll
2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll
2013-01-09 01:12:291346048----a-w-C:\Windows\System32\urlmon.dll
2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll
2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-01-09 01:10:26237056----a-w-C:\Windows\System32\url.dll
2013-01-09 01:09:1085504----a-w-C:\Windows\System32\jsproxy.dll
2013-01-09 01:07:51173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:50816640----a-w-C:\Windows\System32\jscript.dll
2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll
2013-01-09 01:06:39729088----a-w-C:\Windows\System32\msfeeds.dll
2013-01-09 01:05:452147840----a-w-C:\Windows\System32\iertutil.dll
2013-01-09 01:04:5896768----a-w-C:\Windows\System32\mshtmled.dll
2013-01-09 01:04:422382848----a-w-C:\Windows\System32\mshtml.tlb
2013-01-09 01:00:48248320----a-w-C:\Windows\System32\ieui.dll
2013-01-08 22:23:2512321280----a-w-C:\Windows\SysWow64\mshtml.dll
2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:09:189738240----a-w-C:\Windows\SysWow64\ieframe.dll
2013-01-08 22:03:571103872----a-w-C:\Windows\SysWow64\urlmon.dll
2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 22:01:48231936----a-w-C:\Windows\SysWow64\url.dll
2013-01-08 22:00:1465024----a-w-C:\Windows\SysWow64\jsproxy.dll
2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:43717824----a-w-C:\Windows\SysWow64\jscript.dll
2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:57:49607744----a-w-C:\Windows\SysWow64\msfeeds.dll
2013-01-08 21:56:511796096----a-w-C:\Windows\SysWow64\iertutil.dll
2013-01-08 21:56:3773216----a-w-C:\Windows\SysWow64\mshtmled.dll
2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-01-08 21:53:13176640----a-w-C:\Windows\SysWow64\ieui.dll
2013-01-05 05:37:504695400----a-w-C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:101423720----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-01-04 01:59:242773504----a-w-C:\Windows\System32\win32k.sys
2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 20:17:05.29 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2009 5:25:39 PM
System Uptime: 3/14/2013 7:46:42 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 223.639 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 437.876 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Registration
avast! Free Antivirus
Batman: Arkham City™
Battlefield: Bad Company 2
BearShare
BioShock 2
BitTorrent
Borderlands
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Counter-Strike
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CrossLoop 2.60
D3DX10
Day of Defeat
Dual-Core Optimizer
EA Download Manager
F.E.A.R. 2: Project Origin
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Media Player Codec Pack 4.0.0
Mesh Runtime
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NirSoft BlueScreenView
NVIDIA PhysX
PhotoScape
PMB
PMB Updater
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Segoe UI
Sound Blaster Audigy
SpywareBlaster 4.2
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
Team Fortress Classic
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.0.3
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Registry Cleaner 5.9.4
WMI Tools
Wolfenstein(TM) 1.1 Patch
Wolfenstein(TM) 1.1 Patch
Xvid 1.1.3 final uninstall
YTD YouTube Downloader & Converter 3.6
.
==== End Of File ===========================
ComboFix 13-03-16.02 - Administrator 03/16/2013 21:30:08.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4119 [GMT -4:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\Favorites\bookmarks.html
c:\windows\SysWow64\tmp1FCF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-17 01:36 . 2013-03-17 01:37--------d-----w-c:\users\Administrator\AppData\Local\temp
2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Mike\AppData\Local\temp
2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Default\AppData\Local\temp
2013-03-16 00:11 . 2013-03-16 00:11--------d-----w-c:\programdata\ATI
2013-03-15 23:48 . 2013-02-08 00:289162192----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8309AEA8-3945-4888-ACAF-C555BEE24269}\mpengine.dll
2013-02-21 05:42 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-21 05:42 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-21 00:47 . 2013-01-04 11:311423720----a-w-c:\windows\system32\drivers\tcpip.sys
2013-02-21 00:47 . 2013-01-04 01:592773504----a-w-c:\windows\system32\win32k.sys
2013-02-21 00:47 . 2012-11-08 04:261570816----a-w-c:\windows\system32\quartz.dll
2013-02-21 00:47 . 2012-11-08 03:481314816----a-w-c:\windows\SysWow64\quartz.dll
2013-02-21 00:46 . 2013-01-05 05:374695400----a-w-c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 00:46 . 2012-03-31 00:39693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-16 00:46 . 2011-05-21 00:2373432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 23:38 . 2006-11-02 12:3572013344----a-w-c:\windows\system32\mrt.exe
2013-03-02 20:42 . 2012-08-29 02:07215128----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2013-03-02 20:42 . 2009-10-26 01:39215128----a-w-c:\windows\SysWow64\PnkBstrB.exe
2013-01-17 06:28 . 2009-10-05 01:16273840------w-c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-03-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelperREG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-16 16:561629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:47]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50133400----a-w-c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.live.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,02,
3e,52,19,bd,5a,80,13,4b,d0,24,e6,8c,57
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,1a,
2f,9e,14,8e,08,9f,e2,cb,c8,3b,c3,d4,01
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,42,
b7,ea,51,f8,06,98,38,84,50,54,37,32,ef
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c1,73,
b2,6f,2d,51,0d,ad,f1,85,26,b6,ee,61,45
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:3b,d2,ce,b4,06,13,cc,01
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,04,41,8b,1e,17,84,42,b1,25,f3,\
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mp4"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mts"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="rar_auto_file"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:57,44,b7,b8,5f,da,2c,3d,49,61,00,ac,1b,51,fc,10,95,e7,e5,9b,9b,13,13,
0b,a6,35,f0,c4,eb,40,ca,69,40,f1,51,36,ff,9e,a3,b6,93,97,f6,b5,42,49,4e,bb,\
"??"=hex:46,08,b3,cc,5f,7e,4a,5c,f1,45,c4,c4,77,b7,9f,db
.
[HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\License information*]
"datasecu"=hex:cd,03,d0,87,fa,b4,4e,8a,43,cc,97,55,85,a8,6c,ec,3a,4a,6a,70,57,
8a,3e,e9,a1,4c,dd,26,03,46,35,6c,c2,36,e5,f9,58,0f,62,3e,43,96,eb,0f,f7,fa,\
"rkeysecu"=hex:34,b5,d6,38,b4,87,aa,18,39,c6,c2,94,be,92,8c,ee
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-03-16 21:40:53
ComboFix-quarantined-files.txt 2013-03-17 01:40
.
Pre-Run: 237,102,080,000 bytes free
Post-Run: 237,574,098,944 bytes free
.
- - End Of File - - 1FAA75E06EA2529044CC6305B7FCA802
P2P - I see you have P2P software installed on your machine. µTorrent and BitTorrent We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
There should be another DDS log named Attach.txt Could you please find it and post that log? Just do a search by that name.

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

The attach.txt file that i have was included above. It is the one begining with

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

and includes the alphabetized list of programs on the pc.

Is that the one you meant?RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 03/17/2013 20:35:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 0725f318b95ef5a1b98cc965924f0ba3
[BSP] d317bbe8fe49ef8d36b11c659caec922 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] e37173bb3efb321b3049df9a9b6f118f
[BSP] f3f4d122083aea733fb462b050acb01c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03172013_02d2035.txt >>
RKreport[1]_S_03172013_02d2035.txt

The DDS attach log usually shows errors on your machine but I don't see any.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

Luckily my pc is running smoothly now, and i may not have a problem for months.

I have to agree with your assessment of the situation. Let's do some cleanup and if the problem comes back you could try doing a repair from the Recovery Console or start a post in one of the Software forums.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.
*******************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*****************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!will do. You can go ahead and close this thread. Thanks for the time spent.
One last question...should i uninstall Java?
I have a request for an update i've been ignoring for weeks...because ive heard java could be trouble.

Thanks.Quote

One last question...should i uninstall Java?
I have a request for an update i've been ignoring for weeks...because ive heard java could be trouble.

It's up to you. Some people don't use Java. There was some security problems with Java a few months ago but that's been cleared up.

Discussion

2233.	Solve : scam email and yahoo mail disruption?
Answer» A scam email was sent to all my contacts in Yahoo Mail. It requested money. I was advised of this by some of my contacts. I sent an email to some contacts saying the email was bogus. I later learned it had been sent to all my contacts. I found the bogus email in my Send box. I the TRIED to send a message to all my contacts, only to learn that the contacts file had been emptied. I also found my draft file had been emptied. T have been trying to change my Yahoo password and use their help services to restore the Draft and Contacts files, with any success. No emails have COME into my Inbox since yesterday. It appears that my Yahoo Mail has been corrupted. Can it be restored?I would say that you should be dealing with Yahoo about this problem.I have now been able to change my Yahoo Mail password. Yahoo Customer Care restored my Contacts list but not the Drafts. I have been able to restore the version of Yahoo Mail that I was using before the NIGERIAN gremlin sent the bogus message and changed the version of Yahoo Mail. "Should I Change My Password" site found that hackers had divulged my Yahoo Mail in December 11 so the gremlin has used that. I have RESUMED normal emailing but with a new password.The problem has occurred again with my Inbox going back two years and Contact, Sent, Draft folders emptied and old version of Yahoo Mail installed. Yahoo Customer Service has been asked to restore the Yahoo Mail that was operating some DAYS ago. I have tried to change my Yahoo Mail password again but that does not work.

Discussion

2234.	Solve : Vista closing programs randomly!?
Answer» Quote I was using Avast free edition to fight off viruses. HOWEVER, I had nothing installed to fight off malwares. I'm sorry to hear that you had to re-install your OS. You should turn on Windows Defender. Just open the Control Panel and click on the Windows Defender icon. Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.Hey Dave! Nah, don't be sorry. No important data was lost. I've taken it all off before I started fixing it. Nevertheless, I think you gonna facepalm after I tell you to what conclusion I just came. No seriously, hear me out! Right, I thought those problems were gone after complete clean reinstall of OS. But that wasn't the case! Shortly after SAME issues started poping up. Not as much as before I came here and asked for help, but surely it's annoying, if it shuts down your browser while you're reading an article or, if you watch a video, etc., etc., etc. And I was like: "WHAT THE EFF?!" So I've googled symptoms of my problems once again and I came to the conclusion that in the first place I would NEVER thought of, because I've never had a problem with that. It's RAM problem! Everything that's been happening to this PC I'm CURRENTLY on suggests a bad RAM. Of course I thought it was a malware, so I've came here. Of course it seems like we found some malware, which were removed, but I don't think those were the problem in the first place. Surely sooner or later those would screw up my system as well. But nevertheless, almost every single issues that poped up, such as programs closing, random blue screens, etc. were/are the same problems I was/am having. And I've READ through a lot of sources on what happens, if RAM isn't working PROPERLY or, if it goes bad. I've got 2 RAM sticks, 1GB and 2GB, still don't know which one is lacking its abilities. I'm about to run RAM diagnostic tool so I'll be certain that it's one of these 2 RAM sticks, or even both, which would be unlikely, since PC wouldn't even turn on, or it would, I don't know, I'm not an expert. I guess there was a hardware problem since beginning. But oh well, who would ever thought of that? Surely not me, since I've never had a problem with RAM before. Seems like it's done its job and now's time for a replacement. It will cost me some, but oh well. Better fully functional system than functional system with random crashes. Alright, thanks Dave for everything you've done for me. I'll be reporting back how things will turn out and of course will follow suggestions of you guys about malware/viruses protection in the future. You never know. King Regards, Klemen

2234.

Solve : Vista closing programs randomly!?

Answer»

Quote

I was using Avast free edition to fight off viruses. HOWEVER, I had nothing installed to fight off malwares.

I'm sorry to hear that you had to re-install your OS. You should turn on Windows Defender. Just open the Control Panel and click on the Windows Defender icon.

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.Hey Dave!

Nah, don't be sorry. No important data was lost. I've taken it all off before I started fixing it. Nevertheless, I think you gonna facepalm after I tell you to what conclusion I just came. No seriously, hear me out!

Right, I thought those problems were gone after complete clean reinstall of OS. But that wasn't the case! Shortly after SAME issues started poping up. Not as much as before I came here and asked for help, but surely it's annoying, if it shuts down your browser while you're reading an article or, if you watch a video, etc., etc., etc.

And I was like: "WHAT THE EFF?!" So I've googled symptoms of my problems once again and I came to the conclusion that in the first place I would NEVER thought of, because I've never had a problem with that.

It's RAM problem! Everything that's been happening to this PC I'm CURRENTLY on suggests a bad RAM. Of course I thought it was a malware, so I've came here. Of course it seems like we found some malware, which were removed, but I don't think those were the problem in the first place. Surely sooner or later those would screw up my system as well. But nevertheless, almost every single issues that poped up, such as programs closing, random blue screens, etc. were/are the same problems I was/am having. And I've READ through a lot of sources on what happens, if RAM isn't working PROPERLY or, if it goes bad. I've got 2 RAM sticks, 1GB and 2GB, still don't know which one is lacking its abilities. I'm about to run RAM diagnostic tool so I'll be certain that it's one of these 2 RAM sticks, or even both, which would be unlikely, since PC wouldn't even turn on, or it would, I don't know, I'm not an expert.

I guess there was a hardware problem since beginning. But oh well, who would ever thought of that? Surely not me, since I've never had a problem with RAM before. Seems like it's done its job and now's time for a replacement. It will cost me some, but oh well. Better fully functional system than functional system with random crashes.

Alright, thanks Dave for everything you've done for me. I'll be reporting back how things will turn out and of course will follow suggestions of you guys about malware/viruses protection in the future. You never know.

King Regards,
Klemen

Discussion

2235.	Solve : Help! I have lost control of my computer.?
Answer» Good, let's do some cleanup. Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup UTILITY along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ******************************************** This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll MAKE some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following items are checked: Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create Registry backup Purge System Restore Points Re-set system settings Now click "Run" and wait patiently. Once finished a logfile will be CREATED. You don't have to attach it to your next reply. ****************************************** I suggest using WOT - Web of Trust. WOT is a free INTERNET security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

2235.

Solve : Help! I have lost control of my computer.?

Answer»

Good, let's do some cleanup.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup UTILITY along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**********************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll MAKE some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create Registry backup
Purge System Restore Points
Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be CREATED. You don't have to attach it to your next reply.
********************************************
I suggest using WOT - Web of Trust. WOT is a free INTERNET security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Discussion

2236.	Solve : AVAsoft Antivirus trojan?
Answer» I picked this up on my HP laptop at a hotrodding website. I may not have had any protection running but I assume I did. I think it's a phishing tool. It keeps popping up asking to get the full version of AVAsoft to remove the threats. You have to click on 'proceed unprotected' then your website will come up. One post at Microsoft said to boot in protected mode and search for AVAsoft. Then right click for file location and then delete all the items. I did this. It doesn't work. AVA blocks MalwareBytes and Ccleaner. I ran Malwarebytes in safe mode but this did nothing. It did find 10 threats that were removed but not the AVAsoft trojan.I'm not a MALWARE removal specialist. So, you may want to wait for advise from one of this forum's malware removal specialists. However, I will mention some info I found from a search on how to remove AVAsoft trojan. See http://www.slideshare.net/justinmabel/how-to-remove-ava-soft-antivirus-professional and http://malware-protection-steps.blogspot.com/2013/03/how-to-remove-avasoft-antivirus.htmlThanks I'll take a look but from my experience most of these don't work. They sound like they know what they're talking about but when you try it-zero!Save these instructions so you can have access to them while in Safe Mode. Please click here to download AVP Tool by Kaspersky. Save it to your desktop. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Double click the setup file to run it. Click Next to continue. Accept the License agreement and click on next. It will, by default, install it to your desktop folder. Click Next. It will then open a box There will be a tab that says Automatic scan. Under Automatic scan make sure these are checked. Hidden Startup Objects System Memory Disk Boot Sectors. My Computer. Also any other drives (Removable that you may have) Leave the rest of the settings as they appear as default. •Then click on Scan at the to right hand Corner. •It will automatically Neutralize any objects found. •If some objects are left un-neutralized then click the button that says Neutralize all •If it says it cannot be neutralized then choose the delete option when prompted. •After that is done click on the reports button at the bottom and save it to file name it KAS. •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply. Note: This tool will self uninstall when you close it so please save the log before CLOSING it.I ran the AVP tool. Kaverski or what's the name. But-I forgot to go safe mode when I started the scan and-even before I started the scan I noticed the AVAsoft trojan wasn't appearing. The Kaver. program found four threats and removed them. I saved the log but now it won't open for some reason and I haven't SEEN the AVAsoft since then. Quote I saved the log but now it won't open for some reason and I haven't seen the AVAsoft since then. AVP removed itself so that's probably why you can't open the log. Can you run MBAM and cCleaner now?Yes I can. I don't see how the trojan was removed. Like I said it seemed to be gone even before I ran the Kasperski. Could you please run MBAM and post the log along with these scanners? Please download AdwCleaner by Xplode onto your Desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number. ********************************************* I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •CHECK •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.05.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Guest :: CHEETAH [limited] 4/7/2013 8:46:08 AM MBAM-log-2013-04-09 (12-02-29).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 158545 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|clippand (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace.dll",CreateProcessNotify -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|cmmogman (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace64.dll",CreateProcessNotify -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken. Files Detected: 2 C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken. C:\Users\Guest\AppData\Local\Temp\complace64.dll (Trojan.RedirRdll4.Gen) -> No action taken. (end) Please download AdwCleaner by Xplode onto your Desktop. No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. I have to reboot to get rid of the wheel. I'd like to scan your machine with ESET OnlineScan. Can't do this either. I just get the little yellow icon with the red exclamation mark/dead link isn't it? Looked at tools internet options and all that but I don't know enough about it. I put eset in the trusted sites but no results.Please run MBAM again and remove the infections. Quote No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. Please download and run MS Fix-it from here. Click on Internet Explorer** and see if that helps you with your downloads.

2236.

Solve : AVAsoft Antivirus trojan?

Answer»

I picked this up on my HP laptop at a hotrodding website. I may not have had any protection running but I assume I did. I think it's a phishing tool. It keeps popping up asking to get the full version of AVAsoft to remove the threats. You have to click on 'proceed unprotected' then your website will come up. One post at Microsoft said to boot in protected mode and search for AVAsoft. Then right click for file location and then delete all the items. I did this. It doesn't work. AVA blocks MalwareBytes and Ccleaner. I ran Malwarebytes in safe mode but this did nothing. It did find 10 threats that were removed but not the AVAsoft trojan.I'm not a MALWARE removal specialist. So, you may want to wait for advise from one of this forum's malware removal specialists. However, I will mention some info I found from a search on how to remove AVAsoft trojan. See http://www.slideshare.net/justinmabel/how-to-remove-ava-soft-antivirus-professional and http://malware-protection-steps.blogspot.com/2013/03/how-to-remove-avasoft-antivirus.htmlThanks I'll take a look but from my experience most of these don't work. They sound like they know what they're talking about but when you try it-zero!Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it KAS.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before CLOSING it.I ran the AVP tool. Kaverski or what's the name. But-I forgot to go safe mode when I started the scan and-even before I started the scan I noticed the AVAsoft trojan wasn't appearing. The Kaver. program found four threats and removed them. I saved the log but now it won't open for some reason and I haven't SEEN the AVAsoft since then. Quote

I saved the log but now it won't open for some reason and I haven't seen the AVAsoft since then.

AVP removed itself so that's probably why you can't open the log.

Can you run MBAM and cCleaner now?Yes I can. I don't see how the trojan was removed. Like I said it seemed to be gone even before I ran the Kasperski. Could you please run MBAM and post the log along with these scanners?

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

***********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•CHECK
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.05.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Guest :: CHEETAH [limited]

4/7/2013 8:46:08 AM
MBAM-log-2013-04-09 (12-02-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 158545
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|clippand (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace.dll",CreateProcessNotify -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmmogman (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace64.dll",CreateProcessNotify -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken.

Files Detected: 2
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken.
C:\Users\Guest\AppData\Local\Temp\complace64.dll (Trojan.RedirRdll4.Gen) -> No action taken.

(end)

Please download AdwCleaner by Xplode onto your Desktop.

No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. I have to reboot to get rid of the wheel. I'd like to scan your machine with ESET OnlineScan.

Can't do this either. I just get the little yellow icon with the red exclamation mark/dead link isn't it? Looked at tools internet options and all that but I don't know enough about it. I put eset in the trusted sites but no results.Please run MBAM again and remove the infections.
Quote

No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result.

Please download and run MS Fix-it from here. Click on Internet Explorer and see if that helps you with your downloads.

Discussion

2237.	Solve : Can't remove RCMP Ukash virus?
Answer» I've been trying to remove this virus with no avail. The problem: RCMP Ukash virus. When XP (32BIT) attempts to start up, the desktop background appears and nothing else except this fake page telling me to send money to have my PC unlocked (looks like this http://tinyurl.com/cdyb567). There is a SHORT period in which the taskbar and icons do load (during this time I can open up task manager, my computer, etc., this is for about half a minute and then the virus takes over and locks the PC). I am not able to start safe mode. What I've tried: I've ran the bootable Windows Defender Offline which found a LOT of things and apparently removed them. I've removed the HDD and scanned it with Malwarebytes and Avast which didn't help either. I used the Kaspersky Rescue Disc 10 (bootable) to run a scan (still didn't fix the problem). I used the AVG rescue disc, didn't fix the problem. I used the Anvi Rescue disc and ran a scan... virus still starts up. All of these scans have detected problems and reported FIXING them but the virus still starts up every-time on reboot (how, I don't know). Any help would be APPRECIATED!Edit: I've removed the virusQuote from: ARK on April 10, 2013, 08:43:42 PM Edit: I've removed the virus Are you sure?

2237.

Solve : Can't remove RCMP Ukash virus?

Answer»

I've been trying to remove this virus with no avail.

The problem: RCMP Ukash virus. When XP (32BIT) attempts to start up, the desktop background appears and nothing else except this fake page telling me to send money to have my PC unlocked (looks like this http://tinyurl.com/cdyb567). There is a SHORT period in which the taskbar and icons do load (during this time I can open up task manager, my computer, etc., this is for about half a minute and then the virus takes over and locks the PC). I am not able to start safe mode.

What I've tried: I've ran the bootable Windows Defender Offline which found a LOT of things and apparently removed them. I've removed the HDD and scanned it with Malwarebytes and Avast which didn't help either. I used the Kaspersky Rescue Disc 10 (bootable) to run a scan (still didn't fix the problem). I used the AVG rescue disc, didn't fix the problem. I used the Anvi Rescue disc and ran a scan... virus still starts up.

All of these scans have detected problems and reported FIXING them but the virus still starts up every-time on reboot (how, I don't know).

Any help would be APPRECIATED!Edit: I've removed the virusQuote from: ARK on April 10, 2013, 08:43:42 PM

Edit: I've removed the virus

Are you sure?

Discussion

2238.	Solve : Possible White Screen Virus?
Answer» Not sure where ELSE this should go, but its the most likely option.... My computer won't let me on any video streaming SITES or video CHATS that I tend to go on FREQUENTLY. (Specifically, watchcartoonsonline.com, gayforum.org, and tinychat), it either gives me a white screen where the page is supposed to be, or a white box where the video box is supposed to be. But it plays YouTube well enough. I've checked both my JAVA and Adobe systems - they're all up to date. any help appreciated. Never mind, I found the problem

Discussion

2239.	Solve : very slow on some sites?
Answer» I didn't do the cables but Firefox does work-if you OPEN the google search and type in whatever. I tried yahoo mail and youtube and it went right there. And with FF I can't use any desktop or toolbar icon as the result is the same lock up or partial page loading. I have to type in using a search box. I should add that once I type in yahoo and go there then it seems like the computer is working normally in that I can click on a LINK and it comes up normally. Please download and run MS Fix-it from here. Click on the Internet Explorer buttonIt seems normal now! A smart screen filter was turned off and other security settings were changed. Now however I get the WARNING that the protected mode for internet is off and the computer is at risk. I tried turning it on but then the same slow and partial page loading recurres. Also I don't get the Realplayer downloader tab pop up at youtube. I went to 'manage add ons' and enabled it but I'm still not seeing it. Maybe I need to restart?Quote Now however I get the warning that the protected mode for internet is off and the computer is at risk. That doesn't make sense. Could you give me a screenshot? How to post screenshots or images Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. I can't give a screen shot because I clicked the 'do not show this again',it was getting annoying but if I LOOK at int. options the protected mode box is not checked. Also the Realplayer Downloader pop up is working now. Could be I was watching some youtubes that block this Realdownloader. I know from exp. there are some. Bob Dylan has a few. Ok, please download and run MBAM and post the log.Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.10.10 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 gregleah :: GREGLEAH-PC [administrator] Protection: Enabled 4/10/2013 12:35:11 PM MBAM-log-2013-04-10 (21-48-57).txt Scan type: Full scan (C:\\|K:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 687367 Time elapsed: 4 hour(s), 35 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 K:\New Folder (4)\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe (Trojan.FakeAlert.NSIS) -> No action taken. (end) Please run MBAM again and "remove the infection."MB shows no infections so I must have deleted it previously however under security settings internet options 'protected mode' is unchecked and if I check it then it's back to the original problem-most sites are not accessable except this one. Also the task mgr. doesn't look right anyway you do it. Can you give me a screenshot of that task manager?I was TRYING to. You have to put it on another site somewhere? you can't just paste it from paint?Quote from: gord99 on April 14, 2013, 09:20:06 AM I was trying to. You have to put it on another site somewhere? you can't just paste it from paint? You have to paste it into Paint. Save it as a JPG and sent it to me.

2239.

Solve : very slow on some sites?

Answer»

I didn't do the cables but Firefox does work-if you OPEN the google search and type in whatever. I tried yahoo mail and youtube and it went right there. And with FF I can't use any desktop or toolbar icon as the result is the same lock up or partial page loading. I have to type in using a search box. I should add that once I type in yahoo and go there then it seems like the computer is working normally in that I can click on a LINK and it comes up normally. Please download and run MS Fix-it from here. Click on the Internet Explorer buttonIt seems normal now! A smart screen filter was turned off and other security settings were changed. Now however I get the WARNING that the protected mode for internet is off and the computer is at risk. I tried turning it on but then the same slow and partial page loading recurres. Also I don't get the Realplayer downloader tab pop up at youtube. I went to 'manage add ons' and enabled it but I'm still not seeing it. Maybe I need to restart?Quote

Now however I get the warning that the protected mode for internet is off and the computer is at risk.

That doesn't make sense. Could you give me a screenshot?

How to post screenshots or images

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I can't give a screen shot because I clicked the 'do not show this again',it was getting annoying but if I LOOK at int. options the protected mode box is not checked. Also the Realplayer Downloader pop up is working now. Could be I was watching some youtubes that block this Realdownloader. I know from exp. there are some. Bob Dylan has a few. Ok, please download and run MBAM and post the log.Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.10.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
gregleah :: GREGLEAH-PC [administrator]

Protection: Enabled

4/10/2013 12:35:11 PM
MBAM-log-2013-04-10 (21-48-57).txt

Scan type: Full scan (C:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 687367
Time elapsed: 4 hour(s), 35 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
K:\New Folder (4)\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe (Trojan.FakeAlert.NSIS) -> No action taken.

(end)
Please run MBAM again and "remove the infection."MB shows no infections so I must have deleted it previously however under security settings internet options 'protected mode' is unchecked and if I check it then it's back to the original problem-most sites are not accessable except this one. Also the task mgr. doesn't look right anyway you do it. Can you give me a screenshot of that task manager?I was TRYING to. You have to put it on another site somewhere? you can't just paste it from paint?Quote from: gord99 on April 14, 2013, 09:20:06 AM

I was trying to. You have to put it on another site somewhere? you can't just paste it from paint?

You have to paste it into Paint. Save it as a JPG and sent it to me.

Discussion

2240.	Solve : Cant Get AntiVirus to Scan?
Answer» Quote If not, who do you like for antivirus...? I use MSE on all my computers so I guess you could say I like it. Let's clean up. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following ITEMS are checked: Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create Registry backup Purge System Restore Points Re-set system settings Now click "Run" and wait patiently. Once finished a logfile will be created. You don't have to attach it to your next reply. **************************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a LOT System Restore points, you will see a significant change in the free space in C drive) ****************************************** I suggest using WOT - WEB of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer RUNNING smoothly. Safe Surfing! As always, you have been a great help. THANK YOU !You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

2240.

Solve : Cant Get AntiVirus to Scan?

Answer»

Quote

If not, who do you like for antivirus...?

I use MSE on all my computers so I guess you could say I like it.
Let's clean up.

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following ITEMS are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create Registry backup
Purge System Restore Points
Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
******************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a LOT System Restore points, you will see a significant change in the free space in C drive)
********************************************
I suggest using WOT - WEB of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer RUNNING smoothly.
Safe Surfing!
As always, you have been a great help. THANK YOU !You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Discussion

2241.	Solve : Windows 8 PC Runing Poorly?
Answer» Dave, which two AVs are running?Quote from: bluecountry on November 21, 2014, 03:26:26 PM Dave, which two AVs are running? McAfee Anti-Virus and Anti-Spyware and Windows Defender Quote from: SUPERDAVE on November 21, 2014, 04:05:08 PM McAfee Anti-Virus and Anti-Spyware and Windows Defender Dave, just did a search in Windows for security center; it did not say WD was active but seemed to say SAS was-even though SAS was deleted from the PC two days ago. I've attached the screenshot, let me know what this means. Thanks. [attachment deleted by admin to conserve space]Well...I tried to run combofix, link2 was in Spanish; links 1 and 3 would not let me; I got this pop up (see attached) [attachment deleted by admin to conserve space]Quote SAS was deleted from the PC two days ago Programs should not be deleted but un-installed. There are probably remnants of the program still on your computer but I don't see anything in your screenshot about SAS. You should start your Security Center. It was probably stopped when you installed McAfee. Right-click Computer and select Manage. Click on Services and Apps. Double-click on Services. Double-click on Security Center and select the start type to automatically. Next, Click on Start, All Programs and click on Windows System and select Windows Defender. Click on Settings in WD and uncheck the box to disable WD. Apparently, CF is not yet designed to run on Windows 8.1. Please open AdwCleaner and empty the quarantine box and run the scan again.1) Says the app (WD) is turned off, task manager has it as off to; so I guess it is ok? 2) For adware... -I download the program from the CH link each time; it is not to my knowledge saved on my PC like CCleaner. Therefore, I could not find history to delete. Here is the latest scan log Quote # AdwCleaner v4.102 - Report created 24/11/2014 at 20:32:57 # Updated 23/11/2014 by Xplode # Database : 2014-11-24.1 [Live] # Operating System : Windows 8.1 (64 BITS) # Username : trent_000 - BERGER-FAMILYPC # Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102.exe # Option : Clean *** [ Services ] * * [ Files / Folders ] * Folder Deleted : C:\Program Files (x86)\AnyProtectEx Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Users\Sally\AppData\Local\globalUpdate Folder Deleted : C:\Users\Sally\AppData\Roaming\AnyProtectEx Folder Deleted : C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup FILE Deleted : C:\END File Deleted : C:\windows\System32\drivers\netfilter64.sys File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js * [ SCHEDULED TASKS ] * Task Deleted : APSnotifierPP1 Task Deleted : APSnotifierPP2 Task Deleted : Optimum_Daily Task Deleted : Optimum_LogOn * [ Shortcuts ] * * [ Registry ] * Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKCU\Software\Vosteran Browser Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\ORBTR Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus * [ Browsers ] * -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1.1 (x86 en-US) [hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneF irst", 2); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141676 8734279.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141676 8736600.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141676 8729745.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278762192_141676 8751493.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363280845986_141676 8767900.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363281565569_141676 8730682.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363282786485_141676 8784760.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141676 8795279.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286610777_141676 8875910.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286755271_141676 8887541.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363287094576_141676 8840188.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363289304926_141676 8817972.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363375926821_141676 8826738.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037435872_141676 8744187.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141676 8796803.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141676 8795785.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671574068_141676 8782032.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141676 8810394.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141676 8809304.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376673250405_141676 8872890.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141676 8804564.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674230239_141676 8775563.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141676 8727920.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1392234206091_141676 8728731.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.view", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768907947_141676 8908911.view", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.view", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.aol_bookmark_button_ 1416683739010.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1363279015922_1416768971815;1416768935075_1416768936242;1416768907947_1416768908911;1363286755271_1416768887541;1363286610777_1416768875910;1376673250405_14167[...] [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416859110992"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=74C7E95B4EDB41A226C273A79D645826"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=74C7E95B4EDB41A226C273A79D645826"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{74C7E95B-4EDB-41A2-26C2-73A79D645826}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.set", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "24"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "22"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "branding"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "about:newtab"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416859110968"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416773179013"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.flag", "2"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.style", "A"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Sun Nov 23 2014 15:30:47 GMT-0500 (Eastern Standard Time)"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.delay", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "5"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "22-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.focusnewtab", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "74C7E95B4EDB41A226C273A79D645826"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.newtab", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "22-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "22"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "72"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416773184479"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014"); [v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); -\\ Google Chrome v [C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} ********************* AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35] AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17] AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11] AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32] AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50] AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56] AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58] AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44] AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00] AdwCleaner[S4].txt - [23121 octets] - [24/11/2014 20:32:57] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [23182 octets] ########## 3) Few additional things: -The pop up I get in firefox referenced and attached in post ______ still is popping up. Should I follow the prompts; or is this an error? -When I login to my windows account I am prompted that CCleaner wants to make changes; is this an error? -I also get this pop up telling me to update WE; should I? (see attached) [attachment deleted by admin to conserve space]Please run AdwCleaner again. I can't understand why it's coming up with all that stuff.OK Dave, I have posted the log below I just ran. Let me know what you think in regards to my previous post about the CCleaner and IE pop ups. I'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared? Quote # AdwCleaner v4.102 - Report created 25/11/2014 at 15:27:43 # Updated 23/11/2014 by Xplode # Database : 2014-11-23.7 [Local] # Operating System : Windows 8.1 (64 bits) # Username : trent_000 - BERGER-FAMILYPC # Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(1).exe # Option : Clean * [ Services ] * * [ Files / Folders ] * * [ Scheduled Tasks ] * * [ Shortcuts ] * * [ Registry ] * * [ Browsers ] * -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1.1 (x86 en-US) [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141694 0021763.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141694 0025728.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141694 0020029.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141694 0022787.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141694 0025063.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141694 0027112.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141694 0042820.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283376537_141694 0046830.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283394411_141694 0044281.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141694 0053643.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141694 0050580.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368561776583_141694 0043623.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141694 0059188.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141694 0060137.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141694 0045527.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1382540936208_141694 0032873.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1376672884370_1416940060137;1376672727443_1416940059188;1368038170032_1416940053643;1368553686828_1416940050580;1363283376537_1416940046830;1376674154806_14169[...] [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416946207504"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{B88A84BC-399C-4AD7-BCCA-2C048E1C1982}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "25"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "25"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=921C1E4BA31E886176DC289D94DAD466"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416946207468"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416940003554"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "25-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "B88A84BC399C4AD7BCCA2C048E1C1982"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "25-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "13"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "55"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416940009247"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014"); -\\ Google Chrome v ********************* AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35] AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17] AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11] AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32] AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50] AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33] AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56] AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58] AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44] AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00] AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57] AdwCleaner[S5].txt - [14380 octets] - [25/11/2014 15:27:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [14441 octets] ########## Quote I'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared? I feel that a technician will reformat and re-install the OS. Please run MBAM again and post a new log.I've attached scans from the last several days. I just ran one now; another was run earlier this afternoon around 2:30. There is another from 11/23 and 11/22 I posted for reference. At this stage; do you think we can clear this without resorting to a technician/re-format? Latest scan Quote Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/25/2014 Scan Time: 7:58:03 PM Logfile: 11-25bMBAM.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.25.17 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: trent_000 Scan Type: Threat Scan Result: Completed Objects Scanned: 584340 Time Elapsed: 10 min, 55 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Earlier today (11/25) Quote Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/25/2014 Scan Time: 2:34:04 PM Logfile: 11-25aMBAM.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.25.12 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Sally Scan Type: Threat Scan Result: Completed Objects Scanned: 584472 Time Elapsed: 12 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) 11/23 Quote Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/23/2014 Scan Time: 3:41:43 PM Logfile: 11-23-MBAM.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.23.09 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Sally Scan Type: Threat Scan Result: Completed Objects Scanned: 584335 Time Elapsed: 12 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 4 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1444, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75] PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, 5000, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 4968, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 5008, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f] Modules: 18 PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], Registry Keys: 75 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [40f5dc633844f5416a8d343c39c88b75], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}\INPROCSERVER32, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [b481c17e1d5fa591a29e9f1f19e9b44c], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [0530f748f686a88eb8dcbf9925de6799], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [8fa6a798a3d9270f197b7bddd52ed828], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [072e51ee106cfd39c9cbaaaef80ba060], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [c66fc07f7606e25451433127bf446e92], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [989daf907efedd59256f5503f2119c64], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [2a0b96a9205c6ec81a7a3d1b4db69868], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [fb3ad768adcf1b1bfc989abe14efc739], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bd78c47b7ffdfd391befd7c41fe59070], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [4de81c23483476c050841b2a010232ce], PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\Salus, Quarantined, [56dff44b7705e84e504f52f71ee53cc4], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [ad884bf4b7c58ea8666e6cdd3fc4926e], PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2, Quarantined, [3ff6fd428def3df94b7a82bd39ca58a8], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [bb7a9ea1710b67cf6a2afe5ad132de22], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [0332d16e7efe4aec3e5674e458abf40c], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [2015f649bdbf67cf7f15c5939c6733cd], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [52e374cb1b6171c53b59d28632d1a759], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [a194a49b097392a4fb99e375cd36b050], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [60d5b48b4636f244781c3820946f728e], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [40f5ba85cbb1ae88ddb75afe31d2d42c], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [df56ea55ea9257df9e7aea68b35025db], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [cd687ec14e2e9b9ba915005806fd9e62], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [1124c778037959dd3ad089129d67da26], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [84b1dd621a621c1a9bd8a111e0245ca4], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [84b10c33522a62d4e98ba60c2adabd43], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b], PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hp, Quarantined, [082dd8678eee1b1bf1a783f2aa59f30d], PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_2, Quarantined, [1223a798bbc1ce68547092ada95a7e82], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [50e5132c1d5f06307d5ffc427f84f60a], PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.4cV23.11, Quarantined, [1d18fb44e8940135490c82c357ac1ae6], PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, Quarantined, [7fb6cb747705d75f0a8df76142c1bb45], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [3df8251a67152313483c400bbb488a76], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [f54063dca3d90234386e1d958e767090], PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [b67f3c03b7c53ff7a655d6781de6b947], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [c273cf703844290dcbe3a20148bc6f91], PUP.Optional.Qone8, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [6bcaee51512ba6907b8e1a8163a1a858], PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [d4613f000a726ccaecf6093dbc477e82], PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POPAJAR\SWL, Quarantined, [2c0977c8c1bbed49aaec9eba5fa48a76], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], Registry Values: 13 PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76] PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76] PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [8ea787b896e63df945a2a94f729017e9], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [9d9873cc215b00366b7c4cac41c19868], PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [dc59bd82df9de1550a0f1742f70cf30d] PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [df56ea55ea9257df9e7aea68b35025db] PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [340178c7c4b8d165cc4d92c77291b050] PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\|ospd_us_370, Quarantined, [e74eca754f2dcf676e6849fc18ebba46], PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\|{d9a96531-b093-4d07-9e4c-9704a365c441}, C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}, Quarantined, [de57bd82d7a5da5c98562b108a7905fb] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\|[emailprotected], C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [f0458eb19fdd7db96f18ac02ac58dd23] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP\|dir, C:\Program Files (x86)\SupTab, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB\|ptid, pjr, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b] PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS\|appid, [emailprotected], Quarantined, [d4613f000a726ccaecf6093dbc477e82] Registry Data: 7 PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[88ad90af5923ea4cccd9b79158ad8977] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[58ddd46b057761d59e0688c0b451a65a] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[80b559e63844a096a5434909877ef30d] PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[43f2ac93374501351590bf89b451fe02] PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[fe37c679b9c3b086a20227211beac53b] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b1841b240775c1751bcda8aa7a8b8c74] PUP.Optional.V9.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[57de1c230b71d2643864a4a4050013ed] Folders: 42 PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64], Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [38fd1f204e2e8ea85066ed33937037c9], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [38fd1f204e2e8ea85066ed33937037c9], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected], Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{F553893C-AE99-4E9E-AA6C-E9EE4E1D2A54}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [f3422d12314bbd795acf2ffab94a619f], Files: 132 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75], PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33], PUP.Optional.ClientConnect, C:\ProgramData\Optimizer\program\windows_firefoxupdateperion.exe, Quarantined, [ea4bde61a2dad0664c083f7b1fe27a86], PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\PXBM.exe, Quarantined, [e253102f126a43f3e029e1a43fc657a9], PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\UU.exe, Quarantined, [3bfae45b7efea294ee1bfe87c63f05fb], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarantined, [73c278c76f0df24415b1425e0cf5bc44], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [ed487ac58def67cf04c2bfe1bf42926e], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [e15496a91468de58259c85fef20ffd03], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, [6dc87cc38eeede58f2d4b4ec5ca508f8], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [d95c73cc2a52c76f7155693741c09c64], PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, Quarantined, [003593acc2ba9d99ac4bdd93bd44c739], PUP.Optional.CrossRider.A, C:\Users\Sally\AppData\Local\Temp\setup_424.exe, Quarantined, [fa3b96a99be12610104d2bb0976a6799], PUP.Optional.SilentInstaller.A, C:\Users\Sally\AppData\Local\Temp\setup_ra.exe, Quarantined, [e550122ddf9df4425f71307348bada26], PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.exe, Quarantined, [092cdb642a5293a32bda2dba6f9250b0], PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\321D0B64-DA79-1F48-57D5-F28ACE24334D.exe, Quarantined, [5fd6ec53bebee056a46113d460a1827e], PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\FDMClient.dll, Quarantined, [75c0c877403c87af78dc9d1d17eaf808], PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\webapphost.dll, Quarantined, [4ee7231ccdafbf77b89c4a7053aea55b], PUP.Optional.WordProser.A, C:\Users\Sally\AppData\Local\Temp\ZOG\Setup.exe, Quarantined, [92a3310ee39959dd8b37fbdecd3446ba], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [5ed73f004c308da9700961f3bb48b749], PUP.Optional.V9.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [c66fff4019630432b9ddd99c0af9d030], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLove.ico, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.tlb, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.manifest, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\HtmlAgilityPack.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Interop.SHDocVw.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Microsoft.mshtml.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.InstallState, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLHelperLibrary.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe.config, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\System.Net.Json.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94], PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE\SmileysWeLove Settings for IE.lnk, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [b0855be4bbc1f541b968b3fd13f1867a], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [1322251a0b714ceae939d9d7739151af], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [df561d22720abf7746dd7838c14304fc], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [0c29a996ea927cba49db4a663dc7bc44], Rogue.Multiple, C:\ProgramData\2355320829\BIT908E.tmp, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [38fd1f204e2e8ea85066ed33937037c9], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage\store.json, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.pdb, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\channel_generic.json.old, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelove.xpi, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll, Quarantined, [fe3782bd26560630f7451a0755aeac54], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleCrashHandler.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdate.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateBroker.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateHelper.msi, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateOnDemand.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdate.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdateres_en.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\npGoogleUpdate4.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psmachine.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psuser.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f], PUP.Optional.V9.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.v9.com/newtab/?type=nt&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9"), Replaced,[6cc9aa95ec9086b05f35adddd82dfe02] Physical Sectors: 0 (No malicious items detected) (end) 11/22 Quote Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/22/2014 Scan Time: 3:10:07 PM Logfile: 11-22-MBAM.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.22.13 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Sally Scan Type: Threat Scan Result: Completed Objects Scanned: 580420 Time Elapsed: 12 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) This is not getting any better. The PC is still slow. Further sometimes, I hear ads playing in the background even without a webpage or the browser opened. I'm still getting these pop ups too (see attached). This is not working, at this stage, what appears to be the problem and how/why can't it be solved yet? [attachment deleted by admin to conserve space]Latest Logs Adw Quote # AdwCleaner v4.102 - Report created 27/11/2014 at 11:41:17 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : trent_000 - BERGER-FAMILYPC # Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(2).exe # Option : Clean * [ Services ] * * [ Files / Folders ] * Folder Deleted : C:\Users\trent_000\AppData\Roaming\WSE_Vosteran File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\user.js File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\user.js File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\user.js File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\user.js File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\user.js File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\searchplugins\Vosteran.xml File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\searchplugins\Vosteran.xml File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\searchplugins\Vosteran.xml File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\searchplugins\Vosteran.xml File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\searchplugins\Vosteran.xml File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\searchplugins\Vosteran.xml * [ Scheduled Tasks ] * * [ Shortcuts ] * * [ Registry ] * Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} * [ Browsers ] * -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1.1 (x86 en-US) [hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...] [1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...] [ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...] [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141702 0031512.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141702 0038037.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141702 0034409.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141702 0029764.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141702 0041385.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278712874_141702 0045023.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141702 0050191.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141702 0100566.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037499649_141702 0045964.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141702 0099906.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141702 0112881.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671520598_141702 0089279.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141702 0067919.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141702 0068899.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078884915_141702 0086153.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.click", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141702 0047107.view", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_bookmark_button_1417021404001;aol_bookmark_button_1417021030617;1368553686828_1417020112881;1363283356442_1417020100566;1368038170032_1417020099906;1376671[...] [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1417022611559"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=F124B47A38AF3527C50C3A39E148174E"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=F124B47A38AF3527C50C3A39E148174E"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{F124B47A-38AF-3527-C50C-3A39E148174E}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "26"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "26"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "AOL Search"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1417022556161"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1417020007559"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "26-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "F124B47A38AF3527C50C3A39E148174E"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "26-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "26"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "1"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "34"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1417020013089"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", ""); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...] [v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran"); [v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...] [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1[...] [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDy[...] [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); [e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzyt[...] -\\ Google Chrome v ********************* AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35] AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17] AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11] AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32] AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50] AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33] AdwCleaner[R6].txt - [18398 octets] - [27/11/2014 11:39:58] AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56] AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58] AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44] AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00] AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57] AdwCleaner[S5].txt - [14522 octets] - [25/11/2014 15:27:43] AdwCleaner[S6].txt - [19639 octets] - [27/11/2014 11:41:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [19700 octets] ########## MBAM Quote Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/27/2014 Scan Time: 11:45:25 AM Logfile: 11 27.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.27.06 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: trent_000 Scan Type: Threat Scan Result: Completed Objects Scanned: 584832 Time Elapsed: 12 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Vosteran.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [dae83d03a2da1e185dfe2f8ede2644bc], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 13 Rogue.Multiple, C:\ProgramData\600440862, Quarantined, [11b165db28549e983009e9169d65ee12], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], Files: 56 PUP.Optional.InstallCore, C:\Users\trent_000\Downloads\FileExtractorSetup.exe, Quarantined, [c4fefe4290ec72c44a45d8f1867e56aa], Rogue.Multiple, C:\ProgramData\600440862\BITFC82.tmp, Quarantined, [11b165db28549e983009e9169d65ee12], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e], Physical Sectors: 0 (No malicious items detected) (end) Please stop using FireFox for a few days. Use IE instead. I really can't believe that so many infections are re-occurring in such a short period of time. Also, please run DDS below and make sure you include both logs. They are essential. Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator** (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

2241.

Solve : Windows 8 PC Runing Poorly?

Answer»

Dave, which two AVs are running?Quote from: bluecountry on November 21, 2014, 03:26:26 PM

Dave, which two AVs are running?

McAfee Anti-Virus and Anti-Spyware and Windows Defender Quote from: SUPERDAVE on November 21, 2014, 04:05:08 PM

McAfee Anti-Virus and Anti-Spyware and Windows Defender

Dave, just did a search in Windows for security center; it did not say WD was active but seemed to say SAS was-even though SAS was deleted from the PC two days ago. I've attached the screenshot, let me know what this means. Thanks.

[attachment deleted by admin to conserve space]Well...I tried to run combofix, link2 was in Spanish; links 1 and 3 would not let me; I got this pop up (see attached)

[attachment deleted by admin to conserve space]Quote

SAS was deleted from the PC two days ago

Programs should not be deleted but un-installed. There are probably remnants of the program still on your computer but I don't see anything in your screenshot about SAS. You should start your Security Center. It was probably stopped when you installed McAfee. Right-click Computer and select Manage. Click on Services and Apps. Double-click on Services. Double-click on Security Center and select the start type to automatically. Next, Click on Start, All Programs and click on Windows System and select Windows Defender. Click on Settings in WD and uncheck the box to disable WD.
Apparently, CF is not yet designed to run on Windows 8.1. Please open AdwCleaner and empty the quarantine box and run the scan again.1) Says the app (WD) is turned off, task manager has it as off to; so I guess it is ok?

2) For adware...
-I download the program from the CH link each time; it is not to my knowledge saved on my PC like CCleaner.
Therefore, I could not find history to delete.
Here is the latest scan log

Quote

# AdwCleaner v4.102 - Report created 24/11/2014 at 20:32:57
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 8.1 (64 BITS)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Sally\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Sally\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
FILE Deleted : C:\END
File Deleted : C:\windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js

***** [ SCHEDULED TASKS ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : Optimum_Daily
Task Deleted : Optimum_LogOn

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneF irst", 2);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141676 8734279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141676 8736600.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141676 8729745.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278762192_141676 8751493.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363280845986_141676 8767900.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363281565569_141676 8730682.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363282786485_141676 8784760.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141676 8795279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286610777_141676 8875910.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286755271_141676 8887541.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363287094576_141676 8840188.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363289304926_141676 8817972.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363375926821_141676 8826738.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037435872_141676 8744187.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141676 8796803.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141676 8795785.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671574068_141676 8782032.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141676 8810394.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141676 8809304.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376673250405_141676 8872890.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141676 8804564.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674230239_141676 8775563.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141676 8727920.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1392234206091_141676 8728731.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768907947_141676 8908911.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.aol_bookmark_button_ 1416683739010.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1363279015922_1416768971815;1416768935075_1416768936242;1416768907947_1416768908911;1363286755271_1416768887541;1363286610777_1416768875910;1376673250405_14167[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416859110992");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{74C7E95B-4EDB-41A2-26C2-73A79D645826}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.set", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "24");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "22");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "branding");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "about:newtab");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416859110968");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416773179013");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.flag", "2");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.style", "A");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Sun Nov 23 2014 15:30:47 GMT-0500 (Eastern Standard Time)");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.delay", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.newtab", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "22");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "72");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416773184479");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014");
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");

-\\ Google Chrome v

[C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23121 octets] - [24/11/2014 20:32:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [23182 octets] ##########

3) Few additional things:
-The pop up I get in firefox referenced and attached in post ______ still is popping up. Should I follow the prompts; or is this an error?

-When I login to my windows account I am prompted that CCleaner wants to make changes; is this an error?

-I also get this pop up telling me to update WE; should I? (see attached)

[attachment deleted by admin to conserve space]Please run AdwCleaner again. I can't understand why it's coming up with all that stuff.OK Dave, I have posted the log below I just ran.

Let me know what you think in regards to my previous post about the CCleaner and IE pop ups.

I'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared?

Quote

# AdwCleaner v4.102 - Report created 25/11/2014 at 15:27:43
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141694 0021763.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141694 0025728.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141694 0020029.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141694 0022787.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141694 0025063.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141694 0027112.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141694 0042820.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283376537_141694 0046830.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283394411_141694 0044281.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141694 0053643.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141694 0050580.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368561776583_141694 0043623.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141694 0059188.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141694 0060137.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141694 0045527.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1382540936208_141694 0032873.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1376672884370_1416940060137;1376672727443_1416940059188;1368038170032_1416940053643;1368553686828_1416940050580;1363283376537_1416940046830;1376674154806_14169[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416946207504");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{B88A84BC-399C-4AD7-BCCA-2C048E1C1982}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "25");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "25");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=921C1E4BA31E886176DC289D94DAD466");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416946207468");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416940003554");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "13");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "55");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416940009247");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57]
AdwCleaner[S5].txt - [14380 octets] - [25/11/2014 15:27:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [14441 octets] ##########

Quote

I'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared?

I feel that a technician will reformat and re-install the OS.
Please run MBAM again and post a new log.I've attached scans from the last several days.
I just ran one now; another was run earlier this afternoon around 2:30.
There is another from 11/23 and 11/22 I posted for reference.

At this stage; do you think we can clear this without resorting to a technician/re-format?

Latest scan
Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 7:58:03 PM
Logfile: 11-25bMBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.17
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: trent_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584340
Time Elapsed: 10 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Earlier today (11/25)
Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 2:34:04 PM
Logfile: 11-25aMBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.12
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584472
Time Elapsed: 12 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

11/23
Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/23/2014
Scan Time: 3:41:43 PM
Logfile: 11-23-MBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.23.09
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584335
Time Elapsed: 12 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1444, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75]
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, 5000, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 4968, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 5008, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f]

Modules: 18
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],

Registry Keys: 75
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [40f5dc633844f5416a8d343c39c88b75],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}\INPROCSERVER32, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [b481c17e1d5fa591a29e9f1f19e9b44c],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [0530f748f686a88eb8dcbf9925de6799],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [8fa6a798a3d9270f197b7bddd52ed828],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [072e51ee106cfd39c9cbaaaef80ba060],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [c66fc07f7606e25451433127bf446e92],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [989daf907efedd59256f5503f2119c64],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [2a0b96a9205c6ec81a7a3d1b4db69868],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [fb3ad768adcf1b1bfc989abe14efc739],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bd78c47b7ffdfd391befd7c41fe59070],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [4de81c23483476c050841b2a010232ce],
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\Salus, Quarantined, [56dff44b7705e84e504f52f71ee53cc4],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [ad884bf4b7c58ea8666e6cdd3fc4926e],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2, Quarantined, [3ff6fd428def3df94b7a82bd39ca58a8],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [bb7a9ea1710b67cf6a2afe5ad132de22],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [0332d16e7efe4aec3e5674e458abf40c],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [2015f649bdbf67cf7f15c5939c6733cd],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [52e374cb1b6171c53b59d28632d1a759],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [a194a49b097392a4fb99e375cd36b050],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [60d5b48b4636f244781c3820946f728e],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [40f5ba85cbb1ae88ddb75afe31d2d42c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [df56ea55ea9257df9e7aea68b35025db],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [cd687ec14e2e9b9ba915005806fd9e62],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [1124c778037959dd3ad089129d67da26],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [84b1dd621a621c1a9bd8a111e0245ca4],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [84b10c33522a62d4e98ba60c2adabd43],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b],
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hp, Quarantined, [082dd8678eee1b1bf1a783f2aa59f30d],
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_2, Quarantined, [1223a798bbc1ce68547092ada95a7e82],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [50e5132c1d5f06307d5ffc427f84f60a],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.4cV23.11, Quarantined, [1d18fb44e8940135490c82c357ac1ae6],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, Quarantined, [7fb6cb747705d75f0a8df76142c1bb45],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [3df8251a67152313483c400bbb488a76],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [f54063dca3d90234386e1d958e767090],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [b67f3c03b7c53ff7a655d6781de6b947],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [c273cf703844290dcbe3a20148bc6f91],
PUP.Optional.Qone8, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [6bcaee51512ba6907b8e1a8163a1a858],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [d4613f000a726ccaecf6093dbc477e82],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POPAJAR\SWL, Quarantined, [2c0977c8c1bbed49aaec9eba5fa48a76],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],

Registry Values: 13
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76]
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76]
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [8ea787b896e63df945a2a94f729017e9],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [9d9873cc215b00366b7c4cac41c19868],
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [dc59bd82df9de1550a0f1742f70cf30d]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [df56ea55ea9257df9e7aea68b35025db]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [340178c7c4b8d165cc4d92c77291b050]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_370, Quarantined, [e74eca754f2dcf676e6849fc18ebba46],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{d9a96531-b093-4d07-9e4c-9704a365c441}, C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}, Quarantined, [de57bd82d7a5da5c98562b108a7905fb]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[emailprotected], C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [f0458eb19fdd7db96f18ac02ac58dd23]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, pjr, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [emailprotected], Quarantined, [d4613f000a726ccaecf6093dbc477e82]

Registry Data: 7
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[88ad90af5923ea4cccd9b79158ad8977]
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[58ddd46b057761d59e0688c0b451a65a]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[80b559e63844a096a5434909877ef30d]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[43f2ac93374501351590bf89b451fe02]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[fe37c679b9c3b086a20227211beac53b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b1841b240775c1751bcda8aa7a8b8c74]
PUP.Optional.V9.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[57de1c230b71d2643864a4a4050013ed]

Folders: 42
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64],
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected], Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{F553893C-AE99-4E9E-AA6C-E9EE4E1D2A54}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [f3422d12314bbd795acf2ffab94a619f],

Files: 132
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75],
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.ClientConnect, C:\ProgramData\Optimizer\program\windows_firefoxupdateperion.exe, Quarantined, [ea4bde61a2dad0664c083f7b1fe27a86],
PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\PXBM.exe, Quarantined, [e253102f126a43f3e029e1a43fc657a9],
PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\UU.exe, Quarantined, [3bfae45b7efea294ee1bfe87c63f05fb],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarantined, [73c278c76f0df24415b1425e0cf5bc44],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [ed487ac58def67cf04c2bfe1bf42926e],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [e15496a91468de58259c85fef20ffd03],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, [6dc87cc38eeede58f2d4b4ec5ca508f8],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [d95c73cc2a52c76f7155693741c09c64],
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, Quarantined, [003593acc2ba9d99ac4bdd93bd44c739],
PUP.Optional.CrossRider.A, C:\Users\Sally\AppData\Local\Temp\setup_424.exe, Quarantined, [fa3b96a99be12610104d2bb0976a6799],
PUP.Optional.SilentInstaller.A, C:\Users\Sally\AppData\Local\Temp\setup_ra.exe, Quarantined, [e550122ddf9df4425f71307348bada26],
PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.exe, Quarantined, [092cdb642a5293a32bda2dba6f9250b0],
PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\321D0B64-DA79-1F48-57D5-F28ACE24334D.exe, Quarantined, [5fd6ec53bebee056a46113d460a1827e],
PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\FDMClient.dll, Quarantined, [75c0c877403c87af78dc9d1d17eaf808],
PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\webapphost.dll, Quarantined, [4ee7231ccdafbf77b89c4a7053aea55b],
PUP.Optional.WordProser.A, C:\Users\Sally\AppData\Local\Temp\ZOG\Setup.exe, Quarantined, [92a3310ee39959dd8b37fbdecd3446ba],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [5ed73f004c308da9700961f3bb48b749],
PUP.Optional.V9.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [c66fff4019630432b9ddd99c0af9d030],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLove.ico, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.tlb, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.manifest, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\HtmlAgilityPack.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Interop.SHDocVw.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Microsoft.mshtml.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.InstallState, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLHelperLibrary.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe.config, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\System.Net.Json.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE\SmileysWeLove Settings for IE.lnk, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [b0855be4bbc1f541b968b3fd13f1867a],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [1322251a0b714ceae939d9d7739151af],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [df561d22720abf7746dd7838c14304fc],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [0c29a996ea927cba49db4a663dc7bc44],
Rogue.Multiple, C:\ProgramData\2355320829\BIT908E.tmp, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage\store.json, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.pdb, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\channel_generic.json.old, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelove.xpi, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleCrashHandler.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdate.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateBroker.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateHelper.msi, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateOnDemand.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdate.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdateres_en.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\npGoogleUpdate4.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psmachine.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psuser.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.V9.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.v9.com/newtab/?type=nt&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9"), Replaced,[6cc9aa95ec9086b05f35adddd82dfe02]

Physical Sectors: 0
(No malicious items detected)

(end)

11/22

Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/22/2014
Scan Time: 3:10:07 PM
Logfile: 11-22-MBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.13
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 580420
Time Elapsed: 12 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

This is not getting any better.
The PC is still slow.
Further sometimes, I hear ads playing in the background even without a webpage or the browser opened.

I'm still getting these pop ups too (see attached).
This is not working, at this stage, what appears to be the problem and how/why can't it be solved yet?

[attachment deleted by admin to conserve space]Latest Logs

Adw
Quote

# AdwCleaner v4.102 - Report created 27/11/2014 at 11:41:17
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\trent_000\AppData\Roaming\WSE_Vosteran
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\user.js
File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\user.js
File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\user.js
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js
File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\user.js
File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\user.js
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\searchplugins\Vosteran.xml
File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\searchplugins\Vosteran.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141702 0031512.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141702 0038037.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141702 0034409.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141702 0029764.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141702 0041385.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278712874_141702 0045023.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141702 0050191.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141702 0100566.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037499649_141702 0045964.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141702 0099906.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141702 0112881.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671520598_141702 0089279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141702 0067919.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141702 0068899.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078884915_141702 0086153.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141702 0047107.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_bookmark_button_1417021404001;aol_bookmark_button_1417021030617;1368553686828_1417020112881;1363283356442_1417020100566;1368038170032_1417020099906;1376671[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1417022611559");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{F124B47A-38AF-3527-C50C-3A39E148174E}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1417022556161");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1417020007559");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1417020013089");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDy[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzyt[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33]
AdwCleaner[R6].txt - [18398 octets] - [27/11/2014 11:39:58]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57]
AdwCleaner[S5].txt - [14522 octets] - [25/11/2014 15:27:43]
AdwCleaner[S6].txt - [19639 octets] - [27/11/2014 11:41:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [19700 octets] ##########

MBAM
Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/27/2014
Scan Time: 11:45:25 AM
Logfile: 11 27.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.27.06
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: trent_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584832
Time Elapsed: 12 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [dae83d03a2da1e185dfe2f8ede2644bc],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 13
Rogue.Multiple, C:\ProgramData\600440862, Quarantined, [11b165db28549e983009e9169d65ee12],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],

Files: 56
PUP.Optional.InstallCore, C:\Users\trent_000\Downloads\FileExtractorSetup.exe, Quarantined, [c4fefe4290ec72c44a45d8f1867e56aa],
Rogue.Multiple, C:\ProgramData\600440862\BITFC82.tmp, Quarantined, [11b165db28549e983009e9169d65ee12],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],

Physical Sectors: 0
(No malicious items detected)

(end)

Please stop using FireFox for a few days. Use IE instead. I really can't believe that so many infections are re-occurring in such a short period of time. Also, please run DDS below and make sure you include both logs. They are essential.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Discussion

2242.	Solve : Can't open files on flash drive?
Answer» I just added to established files saved on my flash drive. I now WANT to modify them and they won't open. I'm using Libra Office 4.1. I have an HP ProBook 4540s using windows 7 professional. My husband who is much more computer KNOWLEDGEABLE than I am, just sent one of the files from the flash drive to his computer. He was able to open the FILE. He sent it back to my computer and I could not open it. He thinks that Libra Office is the problem. It can't open the file (even though it did about an hour ago). He thinks that I should down load a new version of Libra Office. I'm now doing a complete virus SCAN of my computer. Next will be down loading Libra Office.All fixed. Nothing showed up in the virus scan. I uninstalled my old version of Libre Office and installed the latest version. EVERYTHING is working now. Some how the old version must have gotten corrupted.I'm glad you were able to fix this problem. Computers are strange creatures.

Discussion

2243.	Solve : 501 errors and outgoing ip addresses?
Answer» How's the computer working now? Is this a legal version of Windows?It's still really slow. And yes Windows is legal. My local temp FOLDER is over 9 GB. Is that normal? last file date is on the 3rd.It seems that the windows genuine advantage file was created the same day I posted this. I have no system restore points. I ran the Eset scan in safe mode and it took out 9 of 16 infected files. I manually deleted the others that I could find. I ran adaware and malwarbytes in safe mode, and had no problems and then reran eset but the log was closed out this morning before I got to it so I reran it in regular mode and it found no infected files. My computer seems to be running much better. Thank you for your help. It was appreciated.Good job. Now LET's do some clean up. This step will remove all cleaning tools we USED, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following items are checked: Activate UAC (optional; some users PREFER to keep it off) Remove disinfection tools Create Registry backup Purge System Restore Points Re-set system settings Now click "Run" and wait patiently. Once finished a logfile will be created. You don't have to attach it to your next reply. *************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) *************************************** I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

2243.

Solve : 501 errors and outgoing ip addresses?

Answer»

How's the computer working now? Is this a legal version of Windows?It's still really slow. And yes Windows is legal. My local temp FOLDER is over 9 GB. Is that normal? last file date is on the 3rd.It seems that the windows genuine advantage file was created the same day I posted this. I have no system restore points. I ran the Eset scan in safe mode and it took out 9 of 16 infected files. I manually deleted the others that I could find. I ran adaware and malwarbytes in safe mode, and had no problems and then reran eset but the log was closed out this morning before I got to it so I reran it in regular mode and it found no infected files. My computer seems to be running much better. Thank you for your help. It was appreciated.Good job. Now LET's do some clean up.

This step will remove all cleaning tools we USED, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users PREFER to keep it off)
Remove disinfection tools
Create Registry backup
Purge System Restore Points
Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
*****************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Discussion

2244.	Solve : STEAM Issues with McAfee??
Answer» I have been unable to access BNW CIV5 since the 10/27 update on my Windows 8 PC. Each time I try to access the game, a receive a message from STEAM Stating: Quote: error occured while updating (content server unreachable). I have re-started the PC, I even disabled McAfee real time scanning, scheduled scanning, and firewall. Nothing changes. Oddly, on my Windows 7 Laptop with AVG, I can access it ok. Has anybody else had this problem or is familiar with it? If so, do you know how to resolve? If not, is there anyway or place I can go to get some service? STEAM has no live technical support, I've posted this on numerous message boards, and this is not the first time I've had STEAM cause unresolved issues. I find the whole customer service model very frustrating, as the burden is on the user it appears to be the IT Tech.I changed the download region from DC to Atlanta, same result. I uninstalled McAfee on my Windows 8 user account, re-started the PC. The SAME exact problem happened! Now what!? http://www.makeuseof.com/tag/completely-remove-norton-mcafee-computer/This will work. I had Mcafee, what a joke, never worked all the time. I uninstalled it completely. My antivirus is Windows Defender but I got windows 8. A lot of people don't like it because it was terrible in windows 7. Now with Windows 8 its also got with it Security Essentials. You wont uninstall all of Mcafee without this program. Theres Mcafee files everywhere. Thanks, ChuckAHAHAHAHA...I got it! OK, so I uninstalled CIV5, tried to re-install, would not work. I uninstalled STEAM and tried to re-install, would not work. I then, took a break, downloaded google earth for desktop and guess what...that too WOULD NOT CONNECT to the internet. So THEY unlike STEAM had clear directions, one of which was PROXY SETTINGS! I went to a) Under "Tools" in the browser tool bar select "Internet Options". b) In the "Internet Options" Window that pops up, click the "Connections" tab at the top. c) Click "LAN Settings" near the bottom of the "Connections" section. d) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it. It now works! Amazing...so it was as I figured a WINDOWS problem. Once again I am reminded of why I will never ever buy a Windows OS product. This whole thing COULD have been solved quicker if STEAM actually had a live person I could talk to.... Moral? 1) Windows sucks 2) STEAM sucksQuote from: Chuck racer on November 04, 2014, 12:47:45 PM This will work. I had Mcafee, what a joke, never worked all the time. I uninstalled it completely. My antivirus is Windows Defender but I got windows 8. First, I agree that McAfee MAKES AWFUL PRODUCTS and they should be replaced with pretty much anything else. Second, Windows Defender is not an anti virus app. If you like Defender that's fine, but you need to supplement it with a full blown anti virus app.Quote Second, Windows Defender is not an anti virus app. If you like Defender that's fine, but you need to supplement it with a full blown anti virus app. In Windows 8 and 8.1 it is an AV. I believe he said he was running Windows 8

2244.

Solve : STEAM Issues with McAfee??

Answer»

I have been unable to access BNW CIV5 since the 10/27 update on my Windows 8 PC.
Each time I try to access the game, a receive a message from STEAM Stating:

Quote:
error occured while updating (content server unreachable).
I have re-started the PC, I even disabled McAfee real time scanning, scheduled scanning, and firewall. Nothing changes.

Oddly, on my Windows 7 Laptop with AVG, I can access it ok.

Has anybody else had this problem or is familiar with it?
If so, do you know how to resolve?

If not, is there anyway or place I can go to get some service?
STEAM has no live technical support, I've posted this on numerous message boards, and this is not the first time I've had STEAM cause unresolved issues.
I find the whole customer service model very frustrating, as the burden is on the user it appears to be the IT Tech.I changed the download region from DC to Atlanta, same result.

I uninstalled McAfee on my Windows 8 user account, re-started the PC.
The SAME exact problem happened!
Now what!? http://www.makeuseof.com/tag/completely-remove-norton-mcafee-computer/This will work. I had Mcafee, what a joke, never worked all the time. I uninstalled it completely. My antivirus is Windows Defender but I got windows 8. A lot of people don't like it because it was terrible in windows 7. Now with Windows 8 its also got with it Security Essentials. You wont uninstall all of Mcafee without this program. Theres Mcafee files everywhere. Thanks, ChuckAHAHAHAHA...I got it!

OK, so I uninstalled CIV5, tried to re-install, would not work.
I uninstalled STEAM and tried to re-install, would not work.

I then, took a break, downloaded google earth for desktop and guess what...that too WOULD NOT CONNECT to the internet.
So THEY unlike STEAM had clear directions, one of which was PROXY SETTINGS!

I went to
a) Under "Tools" in the browser tool bar select "Internet Options".

b) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.

c) Click "LAN Settings" near the bottom of the "Connections" section.

d) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.

It now works!
Amazing...so it was as I figured a WINDOWS problem.
Once again I am reminded of why I will never ever buy a Windows OS product.

This whole thing COULD have been solved quicker if STEAM actually had a live person I could talk to....

Moral?

1) Windows sucks
2) STEAM sucksQuote from: Chuck racer on November 04, 2014, 12:47:45 PM

This will work. I had Mcafee, what a joke, never worked all the time. I uninstalled it completely. My antivirus is Windows Defender but I got windows 8.

First, I agree that McAfee MAKES AWFUL PRODUCTS and they should be replaced with pretty much anything else.

Second, Windows Defender is not an anti virus app. If you like Defender that's fine, but you need to supplement it with a full blown anti virus app.Quote

Second, Windows Defender is not an anti virus app. If you like Defender that's fine, but you need to supplement it with a full blown anti virus app.

In Windows 8 and 8.1 it is an AV. I believe he said he was running Windows 8

Discussion

2245.	Solve : Suspicious Rivals, Sent Enormous File for Document, Worried?
Answer» HI, am total beginner here, may be worrying about nothing, but may I ask - Very Suspicious Doc came by email, 25 pages double spaced text PDF, looked normal but then realised was far too big (3.5MB) to be just text text - computer straight afterwards behaved a bit strangely - would like to know, is the 3.5MB for a text only PDF of 25 pages double space (say 13 pages normal) something to worry about? Is there any way I can scan it? I have Kaspersky security but I worry these GUYS may be more advanced than that. Thanks, PhilipHello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine. 2. The fixes are specific to your problem and should only be used for this issue on this machine. 3. If you don't know or understand something, please don't hesitate to ask. 4. Please DO NOT run any other tools or scans while I am helping you. 5. It is important that you reply to this thread. Do not start a new topic. 6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. 7. Absence of symptoms does not mean that everything is clear. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage DEVICE. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive BACK to the good computer using the same method until we can get the computer back on-line. ************************************************************************* Did you try to open the document? If you didn't and you don't know where it came from, I would suggest that you dump it. If your computer is acting strangely, we can run some scans just to make sure it's clean. That document is rather large to just contain text.

Discussion

2246.	Solve : Random pop-ups, slow boot up?
Answer» Update: SpyHunter4 immediately detected a proxy problem and found a bunch of threats. But fixed nothing. Trial version again... Is eDeals indestructible?Update 2: Tried resetting IE, Firefox and Chrome in safe mode and ran mbam. Now mbam blocks C:\Users\\AppData\Local\JREMotionSDK\CopyCronSprite.exe. This doesn't solve the problem. But these are the ungoogleable files I've found suspicious. Tried disabling JREMotionSDK in msconfig services. The network icon on my taskbar acted normally for once. But failed proxy connections disabled IE and Chrome. Strangely, Google searches worked on Firefox. But nothing else. Same thing when I move JREMotionSDK to the recycle bin. What is going on?Please download Farbar Service Scanner* to the desktop and run it on the computer with the issue. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Make sure FRST is run under administrator privileges. Make sure that the Whitelist section is checked.Otherwise, the log will be very long. You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Quote from: rachella_13 on October 21, 2014, 02:20:28 AM By default, pop-up blocking is enabled in your browser. If it has been disabled, go to the option menu where you can access the pop-up blocker settings Click on the firefox button and select options. Press the content tab. Checkout the “Block pop-up windows” box. Press the exceptions button. Make sure that only trusted sites are on the list. I mentioned disabling active scripting removes the annoyances. But that blocks features I do want, so it's only a temporary solution. FRST log: Farbar Service Scanner Version: 21-07-2014 Ran by dhalsim (administrator) on 21-10-2014 at 20:24:07 Running from "C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FN65Z54" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal ************************************************************* Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. IE proxy is enabled. ProxyServer: http=127.0.0.1:32137 Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed End of log I'm at a loss. What happens in Safe Mode?Quote from: SuperDave on October 21, 2014, 04:04:46 PM I'm at a loss. What happens in Safe Mode? FRST safe mode log:** Farbar Service Scanner Version: 21-07-2014 Ran by * (administrator) on 22-10-2014 at 21:24:18 Running from "C:\Users\\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Minimal ************************************************************* Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Nsi Service is not running. Checking service configuration: The start type of Nsi service is OK. The ImagePath of Nsi service is OK. The ServiceDll of Nsi service is OK. nsiproxy Service is not running. Checking service configuration: The start type of nsiproxy service is OK. The ImagePath of nsiproxy service is OK. tdx Service is not running. Checking service configuration: The start type of tdx service is OK. The ImagePath of tdx service is OK. afd Service is not running. Checking service configuration: The start type of afd service is OK. The ImagePath of afd service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors There is no connection to network. Attempt to access Google IP returned error. Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors IE proxy is enabled. ProxyServer: http=127.0.0.1:31729 Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed End of log *Quote C:\Users\\AppData\Local\JREMotionSDK\CopyCronSprite.exe. I can't find any information about this file. Did you delete the .exe file? Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ******************************************** Please download MiniToolBox to Desktop and run it. Checkmark the following boxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings List content of Hosts List IP Configuration Lst Last 10 Event Viewer Errors List Users, Partitions and Memory Size [/b] Click Go and copy/paste the log (Result.txt*) into your next post.JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 7 Home Premium x64 Ran by on 23.10.2014 at 3:35:55,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.10.2014 at 3:38:18,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JRT safe mode log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 7 Home Premium x64 Ran by * on 23.10.2014 at 3:35:55,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.10.2014 at 3:38:18,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Though I had tried that already. If I end CopyCronSprite in task manager processes, I can't browse the internet. I get the same proxy error I get at startup until CopyCronSprite returns. I read that the only way to remove eDeals is to reinstall Windows... is my computer doomed? Quote from: SuperDave on October 22, 2014, 07:00:34 PM ******************************************** Please download MiniToolBox to Desktop and run it. Checkmark the following boxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings List content of Hosts List IP Configuration Lst Last 10 Event Viewer Errors List Users, Partitions and Memory Size [/b] Click Go and copy/paste the log (Result.txt) into your next post. Sorry, I had overlooked this. MTB log:** MiniToolBox by Farbar Version: 21-07-2014 Ran by * (administrator) on 23-10-2014 at 03:56:43 Running from "C:\Users\\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal ************************************************************************ ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is enabled. ProxyServer: http=127.0.0.1:19478 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= ::1 localhost 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe FE Family Controller = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled dhcpmediasense=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Primary Dns Suffix . . . . . . . : NODE Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Speedport_W_723V_1_36_000 Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000 Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 00-25-64-DC-D7-30 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2003:45:ee32:fd00:1c0e:8af9:2434:6674(Preferred) Temporary IPv6 Address. . . . . . : 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc(Preferred) Link-local IPv6 Address . . . . . : fe80::1c0e:8af9:2434:6674%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Donnerstag, 23. Oktober 2014 03:39:10 Lease Expires . . . . . . . . . . : Donnerstag, 13. NOVEMBER 2014 03:39:10 Default Gateway . . . . . . . . . : fe80::1%10 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 234890596 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A8-F0-57-00-25-64-DC-D7-30 DNS Servers . . . . . . . . . . . : fe80::1%10 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.Speedport_W_723V_1_36_000: Media State . . . . . . . . . . . : Media DISCONNECTED Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000 Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2814:1f84:3f57:fd99(Preferred) Link-local IPv6 Address . . . . . : fe80::2814:1f84:3f57:fd99%11(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Server: UnKnown Address: fe80::1 Name: google.com Addresses: 2a00:1450:4001:80c::1009 173.194.116.97 Pinging google.com [2a00:1450:4001:80c::1009] with 32 bytes of data: Destination net unreachable. Reply from 2a00:1450:4001:80c::1009: time=29ms Ping statistics for 2a00:1450:4001:80c::1009: Packets: Sent = 2, Received = 1, LOST = 1 (50% loss), Approximate round trip times in milli-seconds: Minimum = 29ms, MAXIMUM = 29ms, Average = 29ms Server: UnKnown Address: fe80::1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=150ms TTL=51 Reply from 98.138.253.109: bytes=32 time=153ms TTL=51 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 150ms, Maximum = 153ms, Average = 151ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 10...00 25 64 dc d7 30 ......Realtek PCIe FE Family Controller 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.102 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.0 255.255.255.0 On-link 192.168.2.102 276 192.168.2.102 255.255.255.255 On-link 192.168.2.102 276 192.168.2.255 255.255.255.255 On-link 192.168.2.102 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.102 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.102 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 10 276 ::/0 fe80::1 1 306 ::1/128 On-link 11 58 2001::/32 On-link 11 306 2001:0:5ef5:79fb:2814:1f84:3f57:fd99/128 On-link 10 28 2003:45:ee32:fd00::/64 On-link 10 276 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc/128 On-link 10 276 2003:45:ee32:fd00:1c0e:8af9:2434:6674/128 On-link 10 276 fe80::/64 On-link 11 306 fe80::/64 On-link 10 276 fe80::1c0e:8af9:2434:6674/128 On-link 11 306 fe80::2814:1f84:3f57:fd99/128 On-link 1 306 ff00::/8 On-link 11 306 ff00::/8 On-link 10 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== System errors: ============= Error: (10/23/2014 03:42:01 AM) (Source: Service Control Manager) (: ) Error: (10/23/2014 03:39:12 AM) (Source: Service Control Manager) (: ) Description: The CursorDOSIcon.exe service failed to start due to the following error: %%2 Error: (10/23/2014 03:39:08 AM) (Source: Service Control Manager) (: ) Description: The sbapifs service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-10-16 17:54:02.314 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-16 17:54:01.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 6142.18 MB Available physical RAM: 4387.42 MB Total Pagefile: 12282.53 MB Available Pagefile: 10042.64 MB Total Virtual: 4095.88 MB Available Virtual: 3973.54 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:922.31 GB) (Free:772.49 GB) NTFS ========================= Users: ======================================== accounts for \\** Administrator Guest * ** End of log Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator** (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2 Run by dhalsim at 22:27:50 on 2014-10-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.6142.3850 [GMT 2:00] . AV: Avira Desktop Enabled/Updated {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop Enabled/Updated {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Common Files\AOL\1264205368\ee\aolsoftware.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\AOL Desktop 9.6\waol.exe C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ncr uSearch Bar = Preserve mStart Page = about:blank mDefault_Page_URL = hxxp://www.google.com uProxyServer = hxxp=127.0.0.1:22643 uProxyOverride = ;origin.com;ea.com;akamaihd.net uSearchAssistant = hxxp://www.google.com mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - mWinlogon: Userinit = userinit.exe, BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1264205368\ee\AOLSoftware.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe StartupFolder: C:\Users\dhalsim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} : DHCPNameServer = 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dhalsim\AppData\Roaming\Mozilla\Firefox\Profiles\h6vv95hb.default-1392679946077\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\dhalsim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\System32\C2MP\npdivx32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-2 55856] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-7 28600] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-3 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-3 203264] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-7 431920] R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-7 431920] R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-7 994552] R2 APICursorUtility;APICursorUtility;C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe [2014-10-16 68096] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-7 119272] R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-9-23 160560] R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176] R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 GUIInteractiveRuntime;GUIInteractiveRuntime;C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe [2014-10-14 68096] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-16 1871160] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-16 968504] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 656624] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-3-18 74320] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-3-18 13392] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-16 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-16 129752] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-16 63704] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 CursorDOSIcon.exe;CursorDOSIcon.exe;C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe --> C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136] S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992] S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-7 1255736] . =============== Created Last 30 ================ . 2014-10-18 22:00:19--------d-----w-C:\Program Files (x86)\ESET 2014-10-17 23:28:21--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-10-17 23:13:1898216----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-10-17 11:25:1111578928----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{644E2CED-B6F4-4BE7-BA34-BF4A49016B30}\mpengine.dll 2014-10-16 19:34:04129752----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-10-16 19:33:4492888----a-w-C:\Windows\System32\drivers\mbamchameleon.sys 2014-10-16 19:33:4463704----a-w-C:\Windows\System32\drivers\mwac.sys 2014-10-16 19:33:4425816----a-w-C:\Windows\System32\drivers\mbam.sys 2014-10-16 19:33:44--------d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-16 17:28:26--------d-----w-C:\ProgramData\HitmanPro 2014-10-16 15:57:48--------d-sh--w-C:\$RECYCLE.BIN 2014-10-16 15:43:4398816----a-w-C:\Windows\sed.exe 2014-10-16 15:43:43256000----a-w-C:\Windows\PEV.exe 2014-10-16 15:43:43208896----a-w-C:\Windows\MBR.exe 2014-10-16 15:43:26--------d-----w-C:\ComboFix 2014-10-16 11:55:09--------d-----w-C:\Users\dhalsim\AppData\Local\ESET 2014-10-16 11:35:50--------d-----w-C:\Windows\ERUNT 2014-10-16 11:26:50--------d-----w-C:\ProgramData\BoostSoftware 2014-10-16 02:18:493241472----a-w-C:\Windows\System32\msi.dll 2014-10-15 22:04:22--------d-----w-C:\Windows\SysWow64\APICursorUtility 2014-10-15 22:01:46--------d-----w-C:\AdwCleaner 2014-10-15 17:39:12--------d-----w-C:\Users\dhalsim\AppData\Roaming\QuickScan 2014-10-14 20:14:16--------d-----w-C:\Users\dhalsim\AppData\Roaming\LavasoftStatistics 2014-10-14 19:00:23--------d-----w-C:\Users\dhalsim\AppData\Local\CheckCode 2014-10-14 19:00:21--------d-----w-C:\Windows\SysWow64\GUIInteractiveRuntime 2014-10-07 13:12:19--------d-----w-C:\ProgramData\BlueStacksSetup 2014-10-07 13:12:18--------d-----w-C:\Users\dhalsim\AppData\Local\Bluestacks 2014-10-01 06:19:53519680----a-w-C:\Windows\SysWow64\qdvd.dll 2014-10-01 06:19:53371712----a-w-C:\Windows\System32\qdvd.dll 2014-09-24 10:23:132048----a-w-C:\Windows\System32\tzres.dll 2014-09-24 10:23:122048----a-w-C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2014-10-17 11:28:3171344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-10-17 11:28:31701104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2014-10-10 02:05:59276480----a-w-C:\Windows\System32\generaltel.dll 2014-10-10 02:05:42507392----a-w-C:\Windows\System32\aepdu.dll 2014-10-10 02:00:38424448----a-w-C:\Windows\System32\aeinv.dll 2014-10-07 08:18:2543064----a-w-C:\Windows\System32\drivers\avnetflt.sys 2014-10-07 08:18:24119272----a-w-C:\Windows\System32\drivers\avgntflt.sys 2014-09-29 00:58:483198976----a-w-C:\Windows\System32\win32k.sys 2014-09-25 22:32:042017280----a-w-C:\Windows\SysWow64\inetcpl.cpl 2014-09-25 22:31:022108416----a-w-C:\Windows\System32\inetcpl.cpl 2014-09-19 01:56:022724864----a-w-C:\Windows\System32\mshtml.tlb 2014-09-19 01:55:494096----a-w-C:\Windows\System32\ieetwcollectorres.dll 2014-09-19 01:40:4366048----a-w-C:\Windows\System32\iesetup.dll 2014-09-19 01:40:03547328----a-w-C:\Windows\System32\vbscript.dll 2014-09-19 01:39:5848640----a-w-C:\Windows\System32\ieetwproxystub.dll 2014-09-19 01:38:2783968----a-w-C:\Windows\System32\MshtmlDac.dll 2014-09-19 01:36:575829632----a-w-C:\Windows\System32\jscript9.dll 2014-09-19 01:26:00139264----a-w-C:\Windows\System32\ieUnatt.exe 2014-09-19 01:25:49111616----a-w-C:\Windows\System32\ieetwcollector.exe 2014-09-19 01:25:124201472----a-w-C:\Windows\SysWow64\jscript9.dll 2014-09-19 01:25:09758272----a-w-C:\Windows\System32\jscript9diag.dll 2014-09-19 01:18:02940032----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-19 01:14:572724864----a-w-C:\Windows\SysWow64\mshtml.tlb 2014-09-19 01:06:4772704----a-w-C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-09-19 01:02:07454656----a-w-C:\Windows\SysWow64\vbscript.dll 2014-09-19 01:01:4761952----a-w-C:\Windows\SysWow64\iesetup.dll 2014-09-19 01:01:0351200----a-w-C:\Windows\SysWow64\ieetwproxystub.dll 2014-09-19 00:59:4061952----a-w-C:\Windows\SysWow64\MshtmlDac.dll 2014-09-19 00:50:16112128----a-w-C:\Windows\SysWow64\ieUnatt.exe 2014-09-19 00:49:31597504----a-w-C:\Windows\SysWow64\jscript9diag.dll 2014-09-19 00:40:121249280----a-w-C:\Windows\System32\mshtmlmedia.dll 2014-09-19 00:36:2360416----a-w-C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-09-19 00:33:182309632----a-w-C:\Windows\System32\wininet.dll 2014-09-19 00:18:551068032----a-w-C:\Windows\SysWow64\mshtmlmedia.dll 2014-09-18 23:59:111810944----a-w-C:\Windows\SysWow64\wininet.dll 2014-09-18 01:32:522363904----a-w-C:\Windows\SysWow64\msi.dll 2014-09-15 07:06:02278152------w-C:\Windows\System32\MpSigStub.exe 2014-09-13 01:58:1877312----a-w-C:\Windows\System32\packager.dll 2014-09-13 01:40:0567072----a-w-C:\Windows\SysWow64\packager.dll 2014-09-04 05:23:20424448----a-w-C:\Windows\System32\rastls.dll 2014-09-04 05:04:15372736----a-w-C:\Windows\SysWow64\rastls.dll 2014-08-29 02:07:1344032----a-w-C:\Windows\System32\tsgqec.dll 2014-08-29 02:07:133179520----a-w-C:\Windows\System32\rdpcorets.dll 2014-08-29 02:07:125780480----a-w-C:\Windows\System32\mstscax.dll 2014-08-29 02:07:10322560----a-w-C:\Windows\System32\aaclient.dll 2014-08-29 02:06:471125888----a-w-C:\Windows\System32\mstsc.exe 2014-08-29 01:44:5237376----a-w-C:\Windows\SysWow64\tsgqec.dll 2014-08-29 01:44:514922368----a-w-C:\Windows\SysWow64\mstscax.dll 2014-08-29 01:44:49269312----a-w-C:\Windows\SysWow64\aaclient.dll 2014-08-29 01:44:191050112----a-w-C:\Windows\SysWow64\mstsc.exe 2014-08-23 02:07:00404480----a-w-C:\Windows\System32\gdi32.dll 2014-08-23 01:45:55311808----a-w-C:\Windows\SysWow64\gdi32.dll 2014-08-01 11:53:221031168----a-w-C:\Windows\System32\TSWorkspace.dll 2014-08-01 11:35:06793600----a-w-C:\Windows\SysWow64\TSWorkspace.dll 2014-07-25 00:35:46875688----a-w-C:\Windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47:06869544----a-w-C:\Windows\System32\msvcr120_clr0400.dll 2009-04-28 20:20:06236016----a-w-C:\Program Files (x86)\primosdk.DLL . ============= FINISH: 22:28:42,67 =============== Question:* Is there a method behind the programs you're having me use? I had tried most of them before. And my logs are almost always left uncommented. Like the files I find suspicious. I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one.Quote from: SuperDave on October 23, 2014, 11:08:21 AM I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one. Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 08.12.2009 19:40:58 System Uptime: 19.10.2014 22:08:18 (0 hours ago) . Motherboard: Dell Inc. \| \| 0N826N Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz \| Socket 775 \| 2498/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 922 GiB total, 771,931 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN Miniport (ATW) Device ID: ROOT\NET\0001 Manufacturer: America Online, Inc. Name: WAN Miniport (ATW) #2 PNP Device ID: ROOT\NET\0001 Service: wanatw . ==== System Restore Points =================== . RP483: 14.10.2014 11:54:47 - Windows Update RP484: 14.10.2014 22:09:34 - AA11 RP485: 15.10.2014 23:43:49 - AA11 RP486: 16.10.2014 04:12:19 - Windows Update RP487: 16.10.2014 16:44:49 - Windows Update RP488: 16.10.2014 19:34:30 - Checkpoint by HitmanPro RP489: 16.10.2014 19:34:59 - Checkpoint by HitmanPro RP490: 18.10.2014 01:12:05 - Removed Java 7 Update 67 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.09) AIM 7 Amazon MP3 Downloader 1.0.17 AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Software Update ATI Catalyst Control Center Audacity 2.0.2 Avira Avira Free Antivirus Avira SearchFree Toolbar CameraHelperMsi Canon MP Navigator EX 1.2 Canon MP190 series Benutzerregistrierung Canon MP190 series MP Drivers Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Turkish CuteFTP 8 Home D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide erLT ESET Online Scanner v3 FFmpeg v0.6.2 for Audacity FileZilla Client 3.6.0.2 FreeOCR 3.0 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Japanese Fonts Support For Adobe Reader X Java 8 Update 25 Java Auto Updater Junk Mail filter update LAME v3.99.3 (for Windows) Logitech SetPoint 6.1 Logitech Unifying Software 2.10 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 2.0.3.1025 Media Player Codec Pack 3.9.1 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 32.0.3 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 PowerDVD DX QuickTime 7 Realtek High Definition Audio Driver Roxio Burn Roxio Update Manager RTC Client API v1.2 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition Skins Skype Click to Call Skype™ 6.18 Uninstall AOL Emergency Connect Utility 1.0 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player Winamp Winamp Application Detect Winamp Essentials Pack Windows 7 Codec Pack 2.3.0 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 19.10.2014 22:22:25, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252. 19.10.2014 22:11:08, Error: Service Control Manager [7022] - The JREMotionSDK.exe service hung on starting. 19.10.2014 22:08:58, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} because another computer on the network has the same name. The server could not start. 19.10.2014 22:08:58, Error: NetBT [4321] - The name "-PC :20" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer. 19.10.2014 22:08:31, Error: Service Control Manager [7000] - The CursorDOSIcon.exe service failed to start due to the following error: The system cannot find the file specified. 19.10.2014 22:08:29, Error: NetBT [4321] - The name "-PC :0" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer. 19.10.2014 12:37:28, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [emailprotected] 19.10.2014 02:02:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 18.10.2014 14:25:41, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: After starting, the service hung in a start-pending state. 18.10.2014 14:25:37, Error: Service Control Manager [7022] - The Avira Real-Time Protection service hung on starting. 18.10.2014 14:25:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 18.10.2014 03:36:51, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully.. 18.10.2014 03:36:38, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 17.10.2014 01:33:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect. 16.10.2014 17:54:36, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 16.10.2014 17:54:02, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:42:45, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:00:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664). 16.10.2014 13:53:24, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== I ran a bunch of programs in safe mode again. When I started Windows CopyCronSprite was gone and browsers were working normally! I could connect to the internet, even though I still got that suspicious load symbol over my network. Thinking this was too good to be true, I restarted my computer. But all the old the problems returned immediately... proxy errors when trying to connect to the internet until CopyCronSprite activated itself, browsers covered in eDeals ads... Sigh.Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer.Quote from: SuperDave on October 23, 2014, 01:12:35 PM Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer. I'm going to thank you for your time and effort anyway I could delete JREMotionSDK\CopyCronSprite.exe, but I'm afraid I won't be able to connect to the internet. Disabling it in Services or just having it in the Recycle Bin blocks bin my connection. My network will say I'm connected, but the proxy will refuse until CopyCronSprite.exe comes up... Could you remove the logs I posted?

2246.

Solve : Random pop-ups, slow boot up?

Answer»

Update: SpyHunter4 immediately detected a proxy problem and found a bunch of threats. But fixed nothing. Trial version again...

Is eDeals indestructible?Update 2: Tried resetting IE, Firefox and Chrome in safe mode and ran mbam. Now mbam blocks C:\Users\*\AppData\Local\JREMotionSDK\CopyCronSprite.exe. This doesn't solve the problem. But these are the ungoogleable files I've found suspicious.

Tried disabling JREMotionSDK in msconfig services. The network icon on my taskbar acted normally for once. But failed proxy connections disabled IE and Chrome. Strangely, Google searches worked on Firefox. But nothing else.
Same thing when I move JREMotionSDK to the recycle bin.

What is going on?Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Make sure FRST is run under administrator privileges.
Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Quote from: rachella_13 on October 21, 2014, 02:20:28 AM

By default, pop-up blocking is enabled in your browser. If it has been disabled, go to the option menu where you can access the pop-up blocker settings
Click on the firefox button and select options.
Press the content tab.
Checkout the “Block pop-up windows” box.
Press the exceptions button. Make sure that only trusted sites are on the list.

I mentioned disabling active scripting removes the annoyances. But that blocks features I do want, so it's only a temporary solution.

FRST log:
Farbar Service Scanner Version: 21-07-2014
Ran by dhalsim (administrator) on 21-10-2014 at 20:24:07
Running from "C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FN65Z54"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:32137

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****I'm at a loss. What happens in Safe Mode?Quote from: SuperDave on October 21, 2014, 04:04:46 PM

I'm at a loss. What happens in Safe Mode?

FRST safe mode log:

Farbar Service Scanner Version: 21-07-2014
Ran by * (administrator) on 22-10-2014 at 21:24:18
Running from "C:\Users\*\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.
ProxyServer: http=127.0.0.1:31729

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****Quote

C:\Users\*\AppData\Local\JREMotionSDK\CopyCronSprite.exe.

I can't find any information about this file. Did you delete the .exe file?

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**********************************************
Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by * on 23.10.2014 at 3:35:55,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2014 at 3:38:18,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT safe mode log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by * on 23.10.2014 at 3:35:55,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2014 at 3:38:18,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Though I had tried that already.

If I end CopyCronSprite in task manager processes, I can't browse the internet. I get the same proxy error I get at startup until CopyCronSprite returns.

I read that the only way to remove eDeals is to reinstall Windows... is my computer doomed? Quote from: SuperDave on October 22, 2014, 07:00:34 PM

**********************************************
Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.

Sorry, I had overlooked this.

MTB log:
MiniToolBox by Farbar Version: 21-07-2014
Ran by * (administrator) on 23-10-2014 at 03:56:43
Running from "C:\Users\*\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:19478

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled dhcpmediasense=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : **
Primary Dns Suffix . . . . . . . :
NODE Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Speedport_W_723V_1_36_000

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-25-64-DC-D7-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2003:45:ee32:fd00:1c0e:8af9:2434:6674(Preferred)
Temporary IPv6 Address. . . . . . : 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c0e:8af9:2434:6674%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Donnerstag, 23. Oktober 2014 03:39:10
Lease Expires . . . . . . . . . . : Donnerstag, 13. NOVEMBER 2014 03:39:10
Default Gateway . . . . . . . . . : fe80::1%10
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A8-F0-57-00-25-64-DC-D7-30
DNS Servers . . . . . . . . . . . : fe80::1%10
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Speedport_W_723V_1_36_000:

Media State . . . . . . . . . . . : Media DISCONNECTED
Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2814:1f84:3f57:fd99(Preferred)
Link-local IPv6 Address . . . . . : fe80::2814:1f84:3f57:fd99%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: fe80::1

Name: google.com
Addresses: 2a00:1450:4001:80c::1009
173.194.116.97

Pinging google.com [2a00:1450:4001:80c::1009] with 32 bytes of data:
Destination net unreachable.
Reply from 2a00:1450:4001:80c::1009: time=29ms

Ping statistics for 2a00:1450:4001:80c::1009:
Packets: Sent = 2, Received = 1, LOST = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, MAXIMUM = 29ms, Average = 29ms
Server: UnKnown
Address: fe80::1

Name: yahoo.com
Addresses: 98.138.253.109
206.190.36.45
98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=150ms TTL=51
Reply from 98.138.253.109: bytes=32 time=153ms TTL=51

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 150ms, Maximum = 153ms, Average = 151ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 25 64 dc d7 30 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.102 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.102 276
192.168.2.102 255.255.255.255 On-link 192.168.2.102 276
192.168.2.255 255.255.255.255 On-link 192.168.2.102 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.102 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.102 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fb:2814:1f84:3f57:fd99/128
On-link
10 28 2003:45:ee32:fd00::/64 On-link
10 276 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc/128
On-link
10 276 2003:45:ee32:fd00:1c0e:8af9:2434:6674/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
10 276 fe80::1c0e:8af9:2434:6674/128
On-link
11 306 fe80::2814:1f84:3f57:fd99/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (10/23/2014 03:42:01 AM) (Source: Service Control Manager) (*: )

Error: (10/23/2014 03:39:12 AM) (Source: Service Control Manager) (*: )
Description: The CursorDOSIcon.exe service failed to start due to the following error:
%%2

Error: (10/23/2014 03:39:08 AM) (Source: Service Control Manager) (*: )
Description: The sbapifs service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-16 17:54:02.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-16 17:54:01.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 6142.18 MB
Available physical RAM: 4387.42 MB
Total Pagefile: 12282.53 MB
Available Pagefile: 10042.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.54 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:922.31 GB) (Free:772.49 GB) NTFS

========================= Users: ========================================

* accounts for \\**

Administrator Guest *

**** End of log ****

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2
Run by dhalsim at 22:27:50 on 2014-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.6142.3850 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Common Files\AOL\1264205368\ee\aolsoftware.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe
C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ncr
uSearch Bar = Preserve
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:22643
uProxyOverride = ;*origin.com;*ea.com;*akamaihd.net
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1264205368\ee\AOLSoftware.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
StartupFolder: C:\Users\dhalsim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dhalsim\AppData\Roaming\Mozilla\Firefox\Profiles\h6vv95hb.default-1392679946077\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\dhalsim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-2 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-7 28600]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-3 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-3 203264]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-7 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-7 431920]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-7 994552]
R2 APICursorUtility;APICursorUtility;C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe [2014-10-16 68096]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-7 119272]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-9-23 160560]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 GUIInteractiveRuntime;GUIInteractiveRuntime;C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe [2014-10-14 68096]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-16 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-16 968504]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 656624]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-3-18 74320]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-3-18 13392]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-16 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-16 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-16 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CursorDOSIcon.exe;CursorDOSIcon.exe;C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe --> C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992]
S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-7 1255736]
.
=============== Created Last 30 ================
.
2014-10-18 22:00:19--------d-----w-C:\Program Files (x86)\ESET
2014-10-17 23:28:21--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-17 23:13:1898216----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 11:25:1111578928----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{644E2CED-B6F4-4BE7-BA34-BF4A49016B30}\mpengine.dll
2014-10-16 19:34:04129752----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-16 19:33:4492888----a-w-C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-16 19:33:4463704----a-w-C:\Windows\System32\drivers\mwac.sys
2014-10-16 19:33:4425816----a-w-C:\Windows\System32\drivers\mbam.sys
2014-10-16 19:33:44--------d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 17:28:26--------d-----w-C:\ProgramData\HitmanPro
2014-10-16 15:57:48--------d-sh--w-C:\$RECYCLE.BIN
2014-10-16 15:43:4398816----a-w-C:\Windows\sed.exe
2014-10-16 15:43:43256000----a-w-C:\Windows\PEV.exe
2014-10-16 15:43:43208896----a-w-C:\Windows\MBR.exe
2014-10-16 15:43:26--------d-----w-C:\ComboFix
2014-10-16 11:55:09--------d-----w-C:\Users\dhalsim\AppData\Local\ESET
2014-10-16 11:35:50--------d-----w-C:\Windows\ERUNT
2014-10-16 11:26:50--------d-----w-C:\ProgramData\BoostSoftware
2014-10-16 02:18:493241472----a-w-C:\Windows\System32\msi.dll
2014-10-15 22:04:22--------d-----w-C:\Windows\SysWow64\APICursorUtility
2014-10-15 22:01:46--------d-----w-C:\AdwCleaner
2014-10-15 17:39:12--------d-----w-C:\Users\dhalsim\AppData\Roaming\QuickScan
2014-10-14 20:14:16--------d-----w-C:\Users\dhalsim\AppData\Roaming\LavasoftStatistics
2014-10-14 19:00:23--------d-----w-C:\Users\dhalsim\AppData\Local\CheckCode
2014-10-14 19:00:21--------d-----w-C:\Windows\SysWow64\GUIInteractiveRuntime
2014-10-07 13:12:19--------d-----w-C:\ProgramData\BlueStacksSetup
2014-10-07 13:12:18--------d-----w-C:\Users\dhalsim\AppData\Local\Bluestacks
2014-10-01 06:19:53519680----a-w-C:\Windows\SysWow64\qdvd.dll
2014-10-01 06:19:53371712----a-w-C:\Windows\System32\qdvd.dll
2014-09-24 10:23:132048----a-w-C:\Windows\System32\tzres.dll
2014-09-24 10:23:122048----a-w-C:\Windows\SysWow64\tzres.dll
.
==================== Find3M ====================
.
2014-10-17 11:28:3171344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 11:28:31701104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59276480----a-w-C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42507392----a-w-C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38424448----a-w-C:\Windows\System32\aeinv.dll
2014-10-07 08:18:2543064----a-w-C:\Windows\System32\drivers\avnetflt.sys
2014-10-07 08:18:24119272----a-w-C:\Windows\System32\drivers\avgntflt.sys
2014-09-29 00:58:483198976----a-w-C:\Windows\System32\win32k.sys
2014-09-25 22:32:042017280----a-w-C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:022108416----a-w-C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:022724864----a-w-C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:494096----a-w-C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:4366048----a-w-C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03547328----a-w-C:\Windows\System32\vbscript.dll
2014-09-19 01:39:5848640----a-w-C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:2783968----a-w-C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:575829632----a-w-C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00139264----a-w-C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49111616----a-w-C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:124201472----a-w-C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09758272----a-w-C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02940032----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:572724864----a-w-C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:4772704----a-w-C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07454656----a-w-C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:4761952----a-w-C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:0351200----a-w-C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:4061952----a-w-C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16112128----a-w-C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31597504----a-w-C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:121249280----a-w-C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:2360416----a-w-C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:182309632----a-w-C:\Windows\System32\wininet.dll
2014-09-19 00:18:551068032----a-w-C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:111810944----a-w-C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:522363904----a-w-C:\Windows\SysWow64\msi.dll
2014-09-15 07:06:02278152------w-C:\Windows\System32\MpSigStub.exe
2014-09-13 01:58:1877312----a-w-C:\Windows\System32\packager.dll
2014-09-13 01:40:0567072----a-w-C:\Windows\SysWow64\packager.dll
2014-09-04 05:23:20424448----a-w-C:\Windows\System32\rastls.dll
2014-09-04 05:04:15372736----a-w-C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:1344032----a-w-C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:133179520----a-w-C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:125780480----a-w-C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10322560----a-w-C:\Windows\System32\aaclient.dll
2014-08-29 02:06:471125888----a-w-C:\Windows\System32\mstsc.exe
2014-08-29 01:44:5237376----a-w-C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:514922368----a-w-C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49269312----a-w-C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:191050112----a-w-C:\Windows\SysWow64\mstsc.exe
2014-08-23 02:07:00404480----a-w-C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55311808----a-w-C:\Windows\SysWow64\gdi32.dll
2014-08-01 11:53:221031168----a-w-C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06793600----a-w-C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35:46875688----a-w-C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06869544----a-w-C:\Windows\System32\msvcr120_clr0400.dll
2009-04-28 20:20:06236016----a-w-C:\Program Files (x86)\primosdk.DLL
.
============= FINISH: 22:28:42,67 ===============

Question: Is there a method behind the programs you're having me use? I had tried most of them before. And my logs are almost always left uncommented. Like the files I find suspicious.
I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one.Quote from: SuperDave on October 23, 2014, 11:08:21 AM

I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one.

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08.12.2009 19:40:58
System Uptime: 19.10.2014 22:08:18 (0 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 771,931 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0001
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW) #2
PNP Device ID: ROOT\NET\0001
Service: wanatw
.
==== System Restore Points ===================
.
RP483: 14.10.2014 11:54:47 - Windows Update
RP484: 14.10.2014 22:09:34 - AA11
RP485: 15.10.2014 23:43:49 - AA11
RP486: 16.10.2014 04:12:19 - Windows Update
RP487: 16.10.2014 16:44:49 - Windows Update
RP488: 16.10.2014 19:34:30 - Checkpoint by HitmanPro
RP489: 16.10.2014 19:34:59 - Checkpoint by HitmanPro
RP490: 18.10.2014 01:12:05 - Removed Java 7 Update 67
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
AIM 7
Amazon MP3 Downloader 1.0.17
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Audacity 2.0.2
Avira
Avira Free Antivirus
Avira SearchFree Toolbar
CameraHelperMsi
Canon MP Navigator EX 1.2
Canon MP190 series Benutzerregistrierung
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CuteFTP 8 Home
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
erLT
ESET Online Scanner v3
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.6.0.2
FreeOCR 3.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Japanese Fonts Support For Adobe Reader X
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.1
Logitech Unifying Software 2.10
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.3.1025
Media Player Codec Pack 3.9.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
PowerDVD DX
QuickTime 7
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
RTC Client API v1.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 6.18
Uninstall AOL Emergency Connect Utility 1.0
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player
Winamp
Winamp Application Detect
Winamp Essentials Pack
Windows 7 Codec Pack 2.3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
19.10.2014 22:22:25, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
19.10.2014 22:11:08, Error: Service Control Manager [7022] - The JREMotionSDK.exe service hung on starting.
19.10.2014 22:08:58, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} because another computer on the network has the same name. The server could not start.
19.10.2014 22:08:58, Error: NetBT [4321] - The name "*-PC :20" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer.
19.10.2014 22:08:31, Error: Service Control Manager [7000] - The CursorDOSIcon.exe service failed to start due to the following error: The system cannot find the file specified.
19.10.2014 22:08:29, Error: NetBT [4321] - The name "*-PC :0" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer.
19.10.2014 12:37:28, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [emailprotected]
19.10.2014 02:02:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
18.10.2014 14:25:41, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: After starting, the service hung in a start-pending state.
18.10.2014 14:25:37, Error: Service Control Manager [7022] - The Avira Real-Time Protection service hung on starting.
18.10.2014 14:25:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
18.10.2014 03:36:51, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
18.10.2014 03:36:38, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
17.10.2014 01:33:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
16.10.2014 17:54:36, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16.10.2014 17:54:02, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
16.10.2014 17:52:54, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16.10.2014 17:52:54, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:52:54, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:51:16, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16.10.2014 17:51:16, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:51:16, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:48:30, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16.10.2014 17:48:30, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:48:30, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:45:48, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16.10.2014 17:45:48, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:45:48, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16.10.2014 17:42:45, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16.10.2014 17:00:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
16.10.2014 13:53:24, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

I ran a bunch of programs in safe mode again. When I started Windows CopyCronSprite was gone and browsers were working normally! I could connect to the internet, even though I still got that suspicious load symbol over my network. Thinking this was too good to be true, I restarted my computer. But all the old the problems returned immediately... proxy errors when trying to connect to the internet until CopyCronSprite activated itself, browsers covered in eDeals ads... Sigh.Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer.Quote from: SuperDave on October 23, 2014, 01:12:35 PM

Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer.

I'm going to thank you for your time and effort anyway

I could delete JREMotionSDK\CopyCronSprite.exe, but I'm afraid I won't be able to connect to the internet. Disabling it in Services or just having it in the Recycle Bin blocks bin my connection. My network will say I'm connected, but the proxy will refuse until CopyCronSprite.exe comes up...

Could you remove the logs I posted?

Discussion

2247.

Solve : A bunch of Trojans found all of a sudden?

Answer»

Quote

Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please defrag your C drive soon. If you need help with this, please let me know. (SSD means Solid State Drive.)

Please download MiniToolBox to Desktop and run it.

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
*******************************************************
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: farmers.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: postoffice.net
Trusted Zone: zurich.com

DDS::
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: farmers.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: postoffice.net
Trusted Zone: zurich.com
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

******************************************
Quote

Are there any other security toolbars you recommend?

I'm not really a supporter of toolbars. They just take up resources.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a FOLDER on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Here's ComboFix's log. It would have been much simpler to just explain how to get rid of the trusted sites list through the brower, especially since I never visit those sites..

ComboFix 13-04-09.01 - Michael 04/09/2013 15:44:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Authentium Antivirus *Enabled/Updated* {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: EarthLink Anti-virus *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: EarthLink Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))
.
.
2013-03-29 16:50 . 2013-03-29 17:57--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-03-29 16:45 . 2013-03-29 16:45--------d-----w-c:\documents and settings\Michael\Application Data\Windows Desktop Search
2013-03-29 16:43 . 2013-03-29 16:43--------d-----w-c:\program files\Windows Desktop Search
2013-03-18 16:34 . 2013-03-18 16:34--------d-----w-c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 04:37 . 2012-10-18 20:3333624----a-w-c:\windows\system32\drivers\avgtpx86.sys
2013-03-17 16:04 . 2012-04-03 02:52693976----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:04 . 2011-05-15 23:0373432----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 15:32 . 2012-09-21 08:4522328----a-w-c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 04:40 . 2012-09-13 08:11208184----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 08:52 . 2012-09-21 08:46182072----a-w-c:\windows\system32\drivers\avgtdix.sys
2013-02-08 09:37 . 2012-10-05 08:2696568----a-w-c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 09:37 . 2012-09-21 08:46245048----a-w-c:\windows\system32\drivers\avglogx.sys
2013-02-08 09:37 . 2012-09-21 08:4560216----a-w-c:\windows\system32\drivers\avgidshx.sys
2013-02-08 09:37 . 2012-10-02 08:30170808----a-w-c:\windows\system32\drivers\avgldx86.sys
2013-02-08 09:37 . 2012-09-14 08:0539224----a-w-c:\windows\system32\drivers\avgrkx86.sys
2013-02-04 22:17 . 2013-02-04 22:198192----a-w-c:\windows\system32\E_DCINST.DLL
2013-02-04 22:17 . 2013-02-04 22:1981408----a-w-c:\windows\system32\E_TD4BIUE.DLL
2013-02-04 22:17 . 2013-02-04 22:1995232----a-w-c:\windows\system32\E_TLBIUE.DLL
2013-02-03 14:37 . 2013-02-03 14:36249856------w-c:\windows\Setup1.exe
2013-02-03 14:37 . 2013-02-03 14:3673216----a-w-c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 19:514756880----a-w-c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 19:514756880----a-w-c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-10-29 25600]
"cdloader"="c:\documents and settings\Michael\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\AutorunsDisabled
Shortcut to TeaTimer.lnk - c:\program files\Spybot - Search & Destroy\TeaTimer.exe [2006-9-24 2260480]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-7-27 25214]
Adobe Acrobat Speed Launcher.lnk.disabled [2008-12-7 2335]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Office.lnk.disabled [2007-4-15 1725]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 02:08450646----a-w-c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-12-14 22:49824232----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Motive SmartBridge"=c:\recycler\S-1-5-21-1703037801-221494611-3155105034-1005\Dc1392\SmartBridge\MotiveSB.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"CTHelper"=CTHELPER.EXE
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SigmatelSysTrayApp"=stsystra.exe
"UpdReg"=c:\windows\UpdReg.EXE
"CTxfiHlp"=CTXFIHLP.EXE
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" /s
"SansaDispatch"=c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
"15182034"=c:\documents and settings\All Users\Application Data\15182034\15182034.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Logitech Utility"=Logi_MwX.Exe
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "c:\program files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Final DOOM for Windows 95\\Doom95.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Play65\\Play65.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 39224]
R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [7/11/2005 9:36 AM 15548]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/18/2012 3:33 PM 33624]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 3:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2/4/2013 5:23 PM 122000]
R2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [7/11/2005 9:38 AM 20480]
R2 NProtectService;Norton Unerase PROTECTION;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/31/2004 12:52 AM 95328]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/16/2006 2:46 PM 61526]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG SECURE Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/31/2013 11:38 PM 990896]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [12/2/2012 11:54 PM 283600]
S2 gupdate1c993a82f1ae125;Google Update Service (gupdate1c993a82f1ae125);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 5:11 PM 133104]
S3 gsplittm;gsplittm;\??\c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/20/2011 1:21 PM 39048]
S4 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S4 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 16:281642448----a-w-c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\p7x50nmm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [emailprotected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-09 16:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2320)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2013-04-09 16:25:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-09 21:25
ComboFix2.txt 2013-04-06 14:50
.
Pre-Run: 12,811,644,928 bytes free
Post-Run: 12,596,494,336 bytes free
.
- - End Of File - - 8671190CECF3A3D944374E3E693D863A

What things should I check on MiniToolBox? All of them?

As I said, I'm going to defrag once this gets cleared up.

I do not see anything mentioning WildTangent in the add/remove programs list.Quote

What things should I check on MiniToolBox? All of them?

Please disregard MiniToolBox. I don't know how that got in there. Perhaps, I was rushing too much.
Quote

I do not see anything mentioning WildTangent in the add/remove programs list.

Ok. It was installed with Program Files\\WildTangent\\Apps\\Dell Game Console

Were you able to run Sysprot Antirootkit?Here's Sysprot's log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 868
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 940
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1404
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1792
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PID: 1904
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 1932
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgidsagent.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PID: 168
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTSVCCDA.EXE
PID: 204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Command Software\dvpapi.exe
PID: 224
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 248
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 280
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PID: 304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\escsvc.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgnsx.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgemcx.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Program Files\MozyHome\mozybackup.exe
PID: 2184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2416
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
PID: 2440
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 2592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PRISMSVC.exe
PID: 2632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2880
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PID: 2960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\fxssvc.exe
PID: 3020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 3072
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3892
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgsrmax.exe
PID: 4056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 2876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PRISMSVR.exe
PID: 2896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3688
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PID: 3696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PID: 3740
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 3788
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgui.exe
PID: 4040
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PID: 3312
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
PID: 1564
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
PID: 2080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2312
Hidden: No
Window Visible: No

Name: C:\Program Files\MozyHome\mozystat.exe
PID: 1284
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTXFISPI.EXE
PID: 1880
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2556
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2100
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3796
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProt.exe
PID: 996
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B973D000
Module End: B9748000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F79D2000
Module End: F79D4000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78E2000
Module End: F78E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F73A3000
Module End: F73D1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F79D4000
Module End: F79D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7392000
Module End: F73A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F74D2000
Module End: F74DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A9A000
Module End: F7A9B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7752000
Module End: F7759000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74E2000
Module End: F74ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7373000
Module End: F7392000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F79D6000
Module End: F79D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F734D000
Module End: F7373000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F775A000
Module End: F775F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74F2000
Module End: F74FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7335000
Module End: F734D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7502000
Module End: F750B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7512000
Module End: F751F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7315000
Module End: F7335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7303000
Module End: F7315000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: F72ED000
Module End: F7303000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7522000
Module End: F752B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F72D6000
Module End: F72ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F72C3000
Module End: F72D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7236000
Module End: F72C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7209000
Module End: F7236000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F71EF000
Module End: F7209000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\GRFILTER.sys
Service Name: GRFILTER
Module Base: F78E6000
Module End: F78EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgrkx86.sys
Service Name: Avgrkx86
Module Base: F7532000
Module End: F753D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avglogx.sys
Service Name: Avglogx
Module Base: F71B0000
Module End: F71EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgmfx86.sys
Service Name: Avgmfx86
Module Base: F7196000
Module End: F71B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgidshx.sys
Service Name: AVGIDSHX
Module Base: F7185000
Module End: F7196000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7722000
Module End: F772B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6AF9000
Module End: F6DBF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6AE5000
Module End: F6AF9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6ABD000
Module End: F6AE5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F784A000
Module End: F7850000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6A99000
Module End: F6ABD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7852000
Module End: F785A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F6A65000
Module End: F6A99000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6A42000
Module End: F6A65000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6943000
Module End: F6A42000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F689C000
Module End: F6943000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F785A000
Module End: F7862000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F6876000
Module End: F689C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7732000
Module End: F773D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: F79FA000
Module End: F79FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7742000
Module End: F7752000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7552000
Module End: F7561000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BFD000
Module End: F7BFE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7562000
Module End: F756F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F79BE000
Module End: F79C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F685F000
Module End: F6876000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7572000
Module End: F757D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7582000
Module End: F758E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7862000
Module End: F7867000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F684E000
Module End: F685F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7592000
Module End: F759B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F786A000
Module End: F786F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7872000
Module End: F7877000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F681E000
Module End: F684E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75A2000
Module End: F75AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F787A000
Module End: F7880000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7882000
Module End: F7888000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79FC000
Module End: F79FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F67C0000
Module End: F681E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7148000
Module End: F714C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F75B2000
Module End: F75BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: EE749000
Module End: EE776000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: EE725000
Module End: EE749000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F75E2000
Module End: F75F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sigfilt.sys
Service Name: sigfilt
Module Base: EE53B000
Module End: EE685000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7602000
Module End: F7611000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A00000
Module End: F7A02000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F6DD3000
Module End: F6DD6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mozy.sys
Service Name: mozyFilter
Module Base: EE528000
Module End: EE53B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS
Service Name: cdrbsdrv
Module Base: F6DCB000
Module End: F6DCF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A02000
Module End: F7A04000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7ADA000
Module End: F7ADB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A06000
Module End: F7A08000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Service Name: DLARTL_N
Module Base: F789A000
Module End: F78A0000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Service Name: avgtp
Module Base: F7612000
Module End: F761E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F6DBF000
Module End: F6DC2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7632000
Module End: F763B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F78AA000
Module End: F78B1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F78B2000
Module End: F78B8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A08000
Module End: F7A0A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A0A000
Module End: F7A0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F78BA000
Module End: F78BF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F78C2000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F797A000
Module End: F797D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE489000
Module End: EE49C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE430000
Module End: EE489000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgtdix.sys
Service Name: Avgtdix
Module Base: EE401000
Module End: EE430000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE3DB000
Module End: EE401000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7682000
Module End: F768B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F78DA000
Module End: F78E2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE3B3000
Module End: EE3DB000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F799E000
Module End: F79A1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE391000
Module End: EE3B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7692000
Module End: F769B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\UimFIO.SYS
Service Name: ---
Module Base: EE2FF000
Module End: EE34D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\truecrypt.sys
Service Name: truecrypt
Module Base: EE2CF000
Module End: EE2FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE2A4000
Module End: EE2CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE234000
Module End: EE2A4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76B2000
Module End: F76BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgldx86.sys
Service Name: Avgldx86
Module Base: EE207000
Module End: EE234000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F79A6000
Module End: F79AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
Service Name: LHidFlt2
Module Base: F776A000
Module End: F7770000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F79AA000
Module End: F79AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
Service Name: LMouFlt2
Module Base: F76C2000
Module End: F76D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: F79AE000
Module End: F79B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F778A000
Module End: F7791000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F7792000
Module End: F7799000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
Service Name: AVGIDSShim
Module Base: F77FA000
Module End: F7802000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
Service Name: AVGIDSDriver
Module Base: EE1A7000
Module End: EE1DF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: EE715000
Module End: EE725000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE027000
Module End: EE03F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79EA000
Module End: F79EC000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EE0AF000
Module End: EE0B2000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F788A000
Module End: F788F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B21000
Module End: F7B22000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: EE6E5000
Module End: EE6EF000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS
Service Name: DLADResN
Module Base: F7BC3000
Module End: F7BC4000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: EBCD1000
Module End: EBCE7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: EBD57000
Module End: EBD5B000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: F7A0C000
Module End: F7A0E000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: F77B2000
Module End: F77B9000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: EBCB9000
Module End: EBCD1000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: EBCA3000
Module End: EBCB9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F77E2000
Module End: F77E7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GRTdiMon.sys
Service Name: GRTdiMon
Module Base: EE685000
Module End: EE68E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EBC73000
Module End: EBC77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EBA1E000
Module End: EBA4B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\css-dvp.sys
Service Name: CSS DVP
Module Base: EB83D000
Module End: EB906000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EB819000
Module End: EB83D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7A90000
Module End: F7A92000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EB508000
Module End: EB549000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: EB4BC000
Module End: EB4BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EB2B5000
Module End: EB30D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\pmemnt.sys
Service Name: PMEM
Module Base: F7A4E000
Module End: F7A50000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: EB5D9000
Module End: EB5E3000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Service Name: symlcbrd
Module Base: F781A000
Module End: F7820000
Hidden: No

Module Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Service Name: SymEvent
Module Base: BA501000
Module End: BA51A000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
Service Name: NPDriver
Module Base: EB5A9000
Module End: EB5B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: BA474000
Module End: BA489000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EB681000
Module End: EB690000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctusfsyn.sys
Service Name: CTUSFSYN
Module Base: BA3FF000
Module End: BA426000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Service Name: ossrv
Module Base: BA3CD000
Module End: BA3FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: BA3A6000
Module End: BA3CD000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: F77FB5D0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: F77FB700
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenProcess
Address: F77FB010
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwQueryValueKey
Address: F76131C4
Driver Base: F7612000
Driver End: F761E000
Driver Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

Function Name: ZwSuspendProcess
Address: F77FB300
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwSuspendThread
Address: F77FB3E0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateProcess
Address: F77FB120
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateThread
Address: F77FB210
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwWriteVirtualMemory
Address: F77FB4D0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwWriteFile
At Address: 8057CF10
Jump To: 86CC66CC
Module Name: _unknown_

Hooked Function: ZwSetSystemInformation
At Address: 8060FD24
Jump To: 86AFEE54
Module Name: _unknown_

Hooked Function: ZwSetInformationFile
At Address: 8057B02E
Jump To: 86CF86CC
Module Name: _unknown_

Hooked Function: ZwCreateSection
At Address: 805AB3D0
Jump To: 86A9C01C
Module Name: _unknown_

Hooked Function: ObCloseHandle
At Address: 805BC533
Jump To: 86CF8A8C
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Documents\Back up Sony for Jen\indio\http--rds.yahoo.com-_ylt=A0geupmWNU5ELWwAZ5BXNyoA;_ylu=X3oDMTE3aGc3ajFkBGNvbG8DZQRsA1dTMQRwb3MDMTYEc2VjA3NyBHZ0aWQDREZYNV8zMA---SIG=11n1sg7eu-EXP=1146062614-http--www.godalrighty.com
Status: Hidden

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.17
Status: Access denied

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.28
Status: Access denied

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\PSNData
Status: Access denied

Object: C:\Documents and Settings\Michael\Desktop\Temp\Documents and Settings\Mike\Application Data\Microsoft\Address Book\Mike.wab
Status: Access denied

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\(1988) Frank Zappa - 51 - You can't do that on stage anymore Vol. 1 [256]\disc1\Frank Zappa - 08 - Let's make the water turn black x Harry, you're a beast x The Orange County lum
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 01 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 02 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 03 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 04 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 05 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 06 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 07 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 20 ye
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 01
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 02
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 03
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 04
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 05
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 06
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 07
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 08
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 09
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 10
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 20
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 01
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 02
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 03
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 04
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 05
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 06
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 07
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 08
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 09
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 10
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 20
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 12 - Advanced study - World pop dominat
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(----) Frank Zappa - Cucamonga years - The early works of Frank Zappa (1962-1964) [128]\Frank Zappa - 03 - Baby Ray and the Ferns - World's greatest sinner (19
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Maynard Ferguson - The Complete Maynard Ferguson on Roulette\The Complete Maynard Ferguson on Roulette Vol. 08\Maynard Ferguson - 04 - My Sweetie Went Away, She Didn't Say Where, When, Or Wh
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\RECYCLER\S-1-5-21-1703037801-221494611-3155105034-1005\Dc4541\Mike\Application Data\3M\PDNotes\PSNData
Status: Access denied

So WildTangent's ok?
Quote

So WildTangent's ok?

I wouldn't have it on my computer but it's in a lot of reputable downloads so they may have cleaned up their act.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

Discussion

2248.	Solve : DDOS protection by Cloudfare?
Answer» ok. Lately on both my macbook and tower i get this PAGE that tells me its REDIRECTING CAUSE its CHECKING for DDosing. Whats that? and should i be worried?What do you MEAN with "macbook and tower"?

Discussion

2249.	Solve : Malwarebyts?
Answer» Hi, I was trying to get a copy of the free download. I am able to get it and scan my MACHINE but they have changed it. I no longer see ANYWAY to DELETE the stuff it finds. Am I missing something or is this a new sales pitch to make you buy the full program? Thanks Just quarantine everything that is found. Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. It should update automatically if the computer is connected to the internet. Click on Threat Scan and click on Scan Now. The scan may take some time to finish,so please be patient. When the scan is complete make sure all the INFECTIONS have "quarantine" selected in the Action box. Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections. When disinfection is completed you can click on "Copy to Clipboard". Paste the log in you next reply (CTRL+ V)

2249.

Solve : Malwarebyts?

Answer»

Hi,
I was trying to get a copy of the free download. I am able to get it and scan my MACHINE but they have changed it. I no longer see ANYWAY to DELETE the stuff it finds. Am I missing something or is this a new sales pitch to make you buy the full program?

Thanks

Just quarantine everything that is found.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

It should update automatically if the computer is connected to the internet.
Click on Threat Scan and click on Scan Now.
The scan may take some time to finish,so please be patient.
When the scan is complete make sure all the INFECTIONS have "quarantine" selected in the Action box.
Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
When disinfection is completed you can click on "Copy to Clipboard".
Paste the log in you next reply (CTRL+ V)

Discussion

2250.	Solve : SearchPage Clings to Firefox?
Answer» Dave; Remember me? I have not been bothered by anything I can identify as malware since you helped me. However: I have downloaded FIREFOX a number of times and always when I open Forefox, there is Searchpage. I have downloaded Firefox from the most reliable sites I can find. According to WOT and ESET. I did have to disable my pop up blocker for the downloads to proceed. When I unstall Firefox Searchpage goes away. Perhaps I don't understand and Searchpage is a part of Firefox (?) I posted about this matter on 'Computer Software' and somone suggested I ask your opinion. CopasHI, I ran the health check (link1) with these results. Results of screen317's Security Check version 0.99.87 Windows Vista x86 (UAC is disabled!) Out of date service pack!![/b] Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````[/u] CCleaner Adobe Flash PLAYER 10 Flash Player out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent````````[/u] Windows Defender MSASCui.exe ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Windows Defender MSASCui.exe `````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````[/u] Quote I have downloaded Firefox a number of times and always when I open Forefox, there is Searchpage. Check FF to see if it's not a add-on. I have FF and there is such item. Is this a legitimate version of Vista? If so, why is it not updating itself? Looking over your log it seems you don't have any antivirus software. Before we continue download and install a free antivirus. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) MicroSoft Security Essentials All versions and all languages. 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Also, please turn on your Firewall. Dave Thanks for looking into my situiation. I am happy the computer is doing so well. Of course as you can see I don't use it for much but pleasure. I like to write with WORD do my banking, shop and email. I have recently seen pop ups telling me some files are out of date(?) I was give this copy of Vista about ten years ago by a person that works with my Grandson (?) I have been thinking of getting a NEW operating system. Advice? Thanks again. CopasDon't you dare doing any banking with that computer without installing an AV.Dave: Your advice is well taken. I think I have been lucky; so far. If I constrain my banking to my "other copy of Windows"; would that protect me? I installed; AVG Free edition on this one. CopasQuote If I constrain my banking to my "other copy of Windows"; would that protect me? I will depend on what protection you have on that version of Windows. Most banks also offer added protection of which you should take advantage.

2250.

Solve : SearchPage Clings to Firefox?

Answer»

Dave; Remember me?

I have not been bothered by anything I can identify as malware since you helped me. However:

I have downloaded FIREFOX a number of times and always when I open Forefox, there is Searchpage.

I have downloaded Firefox from the most reliable sites I can find. According to WOT and ESET.

I did have to disable my pop up blocker for the downloads to proceed.

When I unstall Firefox Searchpage goes away.

Perhaps I don't understand and Searchpage is a part of Firefox (?)

I posted about this matter on 'Computer Software' and somone suggested I ask your opinion.

CopasHI, I ran the health check (link1) with these results.

Results of screen317's Security Check version 0.99.87
Windows Vista x86 (UAC is disabled!)
Out of date service pack!![/b]
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
CCleaner
Adobe Flash PLAYER 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSASCui.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````[/u]
Quote

I have downloaded Firefox a number of times and always when I open Forefox, there is Searchpage.

Check FF to see if it's not a add-on.
I have FF and there is such item.
Is this a legitimate version of Vista? If so, why is it not updating itself?

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Also, please turn on your Firewall. Dave
Thanks for looking into my situiation.
I am happy the computer is doing so well. Of course as you can see I don't use it for much but pleasure. I like to write with WORD do my banking, shop and email.

I have recently seen pop ups telling me some files are out of date(?)

I was give this copy of Vista about ten years ago by a person that works with my Grandson (?)

I have been thinking of getting a NEW operating system.

Advice?

Thanks again.

CopasDon't you dare doing any banking with that computer without installing an AV.Dave:

Your advice is well taken. I think I have been lucky; so far.

If I constrain my banking to my "other copy of Windows"; would that protect me?

I installed; AVG Free edition on this one.

CopasQuote

If I constrain my banking to my "other copy of Windows"; would that protect me?

I will depend on what protection you have on that version of Windows. Most banks also offer added protection of which you should take advantage.

Discussion

‹ 1 … 43 44 45 46 47 … 97 ›

Explore topic-wise InterviewSolutions in .

Solve : please take a look?

Solve : Free Anti-Virus?

Solve : hardware problems with fan always on?

Solve : Badware/malware help with website?

Solve : Antivirus System PRO Virus [Logs Attached]?

Solve : Search Links Redirecting Me to Wrong Pages?

Solve : IE and google problems?

Solve : Avira offer worthwhile??

Solve : what is this thing and how can I get rid of it??

Solve : Trojan Vundu, winupdate86.exe and Spyware?

Solve : Please check HJT log?

Solve : serious virus?

Solve : AntiVirus 2009?

Solve : Avast or AVG?

Solve : Hijackthis 2?

Solve : Pls help me with my logs...?

Solve : So this computer.....?

Solve : LOGS - SuperAntispyware ,Malwarebytes , and HijackThis?

Solve : Microsoft Updates Failed......?

Solve : In-session Phishing. Really??

Solve : Analysis of HijackThis Log? System keeps shutting down.?

Solve : Compuer Is acting up. Report logs inside...?

Solve : bgsvcgen.exe WHAT IS IT? A VIRUS??

Solve : AntiVirus CONFUSED!!!!?

Solve : Need helpwith malware removal?

Solve : Need some help, I'm guessing Virus?

Solve : Desktop malware and MORE Please help!...?

Solve : Computer only starts in safe mode?

Solve : spam address from CH?

Solve : Replaced HHD with SSD. Still have this !@#$%^&Malware!!?

Solve : Please help with cleaning up my computer?

Solve : System wont log on.?

Solve : scam email and yahoo mail disruption?

Solve : Vista closing programs randomly!?

Solve : Help! I have lost control of my computer.?

Solve : AVAsoft Antivirus trojan?

Solve : Can't remove RCMP Ukash virus?

Solve : Possible White Screen Virus?

Solve : very slow on some sites?

Solve : Cant Get AntiVirus to Scan?

Solve : Windows 8 PC Runing Poorly?

Solve : Can't open files on flash drive?

Solve : 501 errors and outgoing ip addresses?

Solve : STEAM Issues with McAfee??

Solve : Suspicious Rivals, Sent Enormous File for Document, Worried?

Solve : Random pop-ups, slow boot up?

Solve : A bunch of Trojans found all of a sudden?

Solve : DDOS protection by Cloudfare?

Solve : Malwarebyts?

Solve : SearchPage Clings to Firefox?