Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91701 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Entire PC slows down, keep seeing pop up saying I'm infected? [Sol


  • This topic is locked This topic is locked
20 replies to this topic

#1 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 04 December 2013 - 05:41 PM

Hi I have a PC that is very slow and I keep seeing a pop up from some antivirus software that says I'm infected.  It's very annoying and I cannot get rid of it.  Can you please help?

 

Here is my output for DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.19483  BrowserJavaVersion: 10.45.2

Run by tamlaz1986 at 11:15:53 on 2013-11-28

Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3070.1318 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

C:\Windows\system32\dmwu.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\jmdp\stij.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Garmin\Express Tray\ExpressTray.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\PCFixSpeed\PCFixTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\msfeedssync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/?rlz=1W4CHBA_enUS554

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={E79ABD81-D93B-11E2-8FC2-0024E818762D}

uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: WebConnect: {2316c625-b487-4410-a1a5-ff040b65245f} - c:\program files\webconnect\WebConnectbho.dll

BHO: Fast Free Converter 3.0: {304E71B8-633E-4C36-996A-7D21D9D1518F} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"

uRun: [FoodBuzzUpdate] c:\program files\foodbuzz\update\FoodBuzzUpdate.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PCFixSpeed] "c:\program files\pcfixspeed\PCFixTray.exe" /startup

mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [20131121] c:\program files\alwil software\avast5\setup\emupdate\365db296-f189-4bbd-9382-b0b32d61c2d1.exe /check

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

DPF: {551DDFC0-51FC-11D6-A169-000347A1932F} - hxxp://192.168.16.16/webris/powerscribeSDK/Vianix.cab

DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://go.caducidxct.com/net6helper.cab

DPF: {7F017F97-9257-11D5-87EA-00B0D0BE6479} - hxxp://192.168.16.16/webris/powerscribeSDK/MSSOAP.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {98EB948F-D2AF-4E43-8EDF-6B288E467EAA} - hxxp://192.168.16.16/webris/powerscribeSDK/Speech.cab

DPF: {9C50CC4C-11D3-4C96-A5CE-0259C15A2107} - hxxp://192.168.16.16/webris/powerscribeSDK/PowerscribeSDK.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5703/mcfscan.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F5945E53-00CF-48EF-8E74-5D4652AB249F} : DHCPNameServer = 209.18.47.61 209.18.47.62

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

AppInit_DLLs=                 c:\windows\system32\guard32.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 177864]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-12 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-5 369584]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 494416]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 42264]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-5 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-5 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 46808]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]

R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-6-19 1432368]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-5-20 27648]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]

R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-5-6 413208]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S2 CLKMSVC10_06A08EA1;CyberLink Product - 2012/12/09 12:04:27;"c:\program files\cyberlink\powerdvd dx\kernel\bd\navfilter\kmsvc.exe" /svc --> c:\program files\cyberlink\powerdvd dx\kernel\bd\navfilter\kmsvc.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2009-5-20 79360]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-5 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-5 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2009-7-5 79360]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-7 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-3 13464]

.

=============== Created Last 30 ================

.

2013-11-27 06:47:13        62576    ----a-w-                c:\programdata\microsoft\windows defender\definition updates\{d54a6a05-90bc-4353-a4ac-1c7718a5ad14}\offreg.dll

2013-11-26 23:58:34        7772552                ----a-w-                c:\programdata\microsoft\windows defender\definition updates\{d54a6a05-90bc-4353-a4ac-1c7718a5ad14}\mpengine.dll

2013-11-14 08:21:00        --------   d-----w-                c:\windows\system32\jmdp

2013-11-14 04:58:58        297984  ----a-w-                c:\windows\system32\gdi32.dll

2013-11-14 04:58:52        993792  ----a-w-                c:\windows\system32\crypt32.dll

2013-11-14 04:58:48        444928  ----a-w-                c:\windows\system32\IKEEXT.DLL

2013-11-14 04:58:47        596480  ----a-w-                c:\windows\system32\FWPUCLNT.DLL

.

==================== Find3M  ====================

.

2013-11-14 10:47:10        13464    ----a-w-                c:\windows\system32\drivers\SWDUMon.sys

2013-11-11 10:50:18        230048  ------w- c:\windows\system32\MpSigStub.exe

2013-10-16 03:20:28        94632    ----a-w-                c:\windows\system32\WindowsAccessBridge.dll

2013-10-15 09:05:30        1432368                ----a-w-                c:\windows\system32\dmwu.exe

2013-10-15 08:58:14        27136    ----a-w-                c:\windows\system32\ImHttpComm.dll

2013-10-13 11:55:47        916992  ----a-w-                c:\windows\system32\wininet.dll

2013-10-13 11:50:19        43520    ----a-w-                c:\windows\system32\licmgr10.dll

2013-10-13 11:49:54        1469440                ----a-w-                c:\windows\system32\inetcpl.cpl

2013-10-13 11:49:39        71680    ----a-w-                c:\windows\system32\iesetup.dll

2013-10-13 11:49:39        109056  ----a-w-                c:\windows\system32\iesysprep.dll

2013-10-13 11:47:48        18944    ----a-w-                c:\windows\system32\corpol.dll

2013-10-13 10:09:15        385024  ----a-w-                c:\windows\system32\html.iec

2013-10-13 08:28:01        133632  ----a-w-                c:\windows\system32\ieUnatt.exe

2013-10-13 08:25:30        1638912                ----a-w-                c:\windows\system32\mshtml.tlb

2013-10-08 21:51:18        71048    ----a-w-                c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-08 21:51:18        692616  ----a-w-                c:\windows\system32\FlashPlayerApp.exe

2013-10-08 21:51:15        17226632             ----a-w-                c:\windows\system32\FlashPlayerInstaller.exe

2013-09-30 15:53:04        632656  ----a-w-                c:\windows\system32\msvcr80.dll

2013-09-30 15:53:04        554832  ----a-w-                c:\windows\system32\msvcp80.dll

2013-09-30 15:53:04        479232  ----a-w-                c:\windows\system32\msvcm80.dll

.

============= FINISH: 11:16:27.49 ===============

 

 

 

And in my second file 2nd file:

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 5/20/2009 6:29:45 AM

System Uptime: 11/14/2013 3:23:39 AM (344 hours ago)

.

Motherboard: Dell Inc. |  | 0N185P

Processor: Intel® Core™2 Quad CPU    Q9650  @ 3.00GHz | Socket 775 | 1995/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 199.92 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.569 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1737: 11/7/2013 12:44:55 AM - Scheduled Checkpoint

RP1738: 11/8/2013 2:32:40 AM - Scheduled Checkpoint

RP1739: 11/9/2013 12:24:52 AM - Scheduled Checkpoint

RP1740: 11/10/2013 12:57:15 AM - Scheduled Checkpoint

RP1741: 11/11/2013 2:16:13 AM - Scheduled Checkpoint

RP1742: 11/12/2013 1:11:57 AM - Scheduled Checkpoint

RP1743: 11/13/2013 8:01:35 AM - Scheduled Checkpoint

RP1744: 11/13/2013 11:52:51 PM - Windows Update

RP1745: 11/14/2013 3:00:22 AM - Windows Update

RP1746: 11/15/2013 12:04:52 AM - Scheduled Checkpoint

RP1747: 11/16/2013 1:32:53 AM - Scheduled Checkpoint

RP1748: 11/17/2013 12:12:21 AM - Scheduled Checkpoint

RP1749: 11/18/2013 1:08:05 AM - Scheduled Checkpoint

RP1750: 11/19/2013 12:38:49 AM - Scheduled Checkpoint

RP1751: 11/19/2013 10:59:34 AM - Windows Update

RP1752: 11/20/2013 2:34:08 AM - Scheduled Checkpoint

RP1753: 11/21/2013 1:35:32 AM - Scheduled Checkpoint

RP1754: 11/22/2013 1:32:24 AM - Scheduled Checkpoint

RP1755: 11/22/2013 5:22:16 PM - Windows Update

RP1756: 11/24/2013 12:00:02 AM - Scheduled Checkpoint

RP1757: 11/25/2013 12:00:03 AM - Scheduled Checkpoint

RP1758: 11/25/2013 4:05:16 PM - Removed Skype Click to Call

RP1759: 11/25/2013 4:06:04 PM - Removed Skype™ 6.11

RP1760: 11/26/2013 6:57:41 PM - Windows Update

RP1761: 11/28/2013 12:00:04 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Acrobat.com

Adobe AIR

Adobe AIR Free Download Packages

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.05)

AMD APP SDK Runtime

AMD Catalyst Install Manager

avast! Free Antivirus

Business Contact Manager for Outlook 2007 SP2

Business Tools Launcher

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

COMODO Internet Security

Creative ALchemy

Creative Audio Control Panel

Creative Diagnostics

Creative Media Toolbox 6

Creative Media Toolbox 6 (Shared Components)

Creative MediaSource 5

Creative Software AutoUpdate

Creative Sound Blaster Properties

Creative WaveStudio 7

Dell Edoc Viewer

Dell Getting Started Guide

DriverUpdate

Elevated Installer

File Type Assistant

Garmin Express

Garmin Express Tray

Garmin Update Service

Google Chrome

Google Update Helper

Host OpenAL

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IB Updater Service

Intel® Matrix Storage Manager

Java 7 Update 45

Java Auto Updater

join.me

Junk Mail filter update

K-Lite Codec Pack 9.9.5 (Full)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

MSVCRT

OGA Notifier 2.0.0048.0

PC Fix Speed 1.2.0.25

Personal Entertainment Launcher

Product Support Launcher

Realtek Ethernet Network Card Diagnostic tool for Windows Vista

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

Skype Free Download Packages

Sonic CinePlayer Decoder Pack

Sound Blaster X-Fi

Spelling Dictionaries Support For Adobe Reader 9

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.1.0

WebConnect 3.0.0

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 06 December 2013 - 01:34 AM

Hi cobycoban,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

As we work through your logs.  Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....
 
Please download Junkware Removal Tool by clicking here and save it to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Double click JRT.exe to run the tool.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Then:
 
81mYIKe.jpg AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • And finally:

    1QYkxTZ.jpg Please download aswMBR to your desktop.
    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

So, in your next reply I'd like to see:

  • JRT.txt
  • AdwCleaner[S0].txt
  • aswMBR log

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 December 2013 - 10:12 PM

Thank you Tomk!

 

Here are the files below. Please let me know if I missed anything or made an error.

 

JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows Vista ™ Ultimate x86

Ran by tamlaz1986 on Sat 12/07/2013 at 15:53:08.65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Failed to stop: [Service] ibupdaterservice

Successfully stopped: [Service] mywebsearchservice

Successfully deleted: [Service] mywebsearchservice

 

 

 

~~~ Registry Values

 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1751350127-2045385697-3951476904-1003\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funwebproducts

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319576

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3198785

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311321154}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211621178}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2D5BE751-A681-484E-B73D-0C44ADF6D840}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{681D0AE4-8CFB-4C79-9C5D-34A3A8C6F5A4}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"

Successfully deleted: [File] "C:\Users\tamlaz1986\appdata\locallow\SkwConfig.bin"

Failed to delete: [File] "C:\Windows\system32\dmwu.exe"

Failed to delete: [File] "C:\Windows\system32\imhttpcomm.dll"

Successfully deleted: [File] "C:\end"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\AppData\Roaming\pcfixspeed"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\local\filetypeassistant"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\local\solid savings"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\locallow\funwebproducts"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\locallow\mywebsearch"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files\bonanzadeals"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\file scout"

Successfully deleted: [Folder] "C:\Program Files\funwebproducts"

Successfully deleted: [Folder] "C:\Program Files\mywebsearch"

Successfully deleted: [Folder] "C:\Program Files\otshot"

Successfully deleted: [Folder] "C:\Program Files\pcfixspeed"

Successfully deleted: [Folder] "C:\Program Files\radiorage_4jei"

Successfully deleted: [Folder] "C:\Program Files\webconnect"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\system32\arfc"

Failed to delete: [Folder] "C:\Windows\system32\jmdp"

Successfully deleted: [Folder] "C:\Windows\system32\wnlt"

Successfully deleted: [Folder] "C:\Users\tamlaz1986\documents\optimizer pro"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

 

 

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 12/07/2013 at 15:57:42.61

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

=================================================================================================================================================

 

 

AdwCleaner:

 

 

#1

 

# AdwCleaner v3.014 - Report created 07/12/2013 at 16:29:23

# Updated 01/12/2013 by Xplode

# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)

# Username : tamlaz1986 - TAMLAZ1986-PC

# Running from : C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIDSF2F0\AdwCleaner[1].exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : IBUpdaterService

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\TAMLAZ~1\AppData\Local\Temp\Uninstall.exe

File Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

File Found : C:\Users\tamlaz1986\AppData\Local\mysearchdial-speeddial.crx

File Found : C:\Windows\system32\dmwu.exe

File Found : C:\Windows\system32\ImhxxpComm.dll

Folder Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Folder Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Folder Found : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Folder Found C:\Program Files\AVG SafeGuard toolbar

Folder Found C:\Program Files\Common Files\AVG Secure Search

Folder Found C:\ProgramData\AVG SafeGuard toolbar

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot

Folder Found C:\Users\tamlaz1986\AppData\Local\AVG SafeGuard toolbar

Folder Found C:\Users\tamlaz1986\AppData\Local\Zoom_Downloader

Folder Found C:\Users\tamlaz1986\AppData\LocalLow\AVG SafeGuard toolbar

Folder Found C:\Windows\system32\jmdp

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AVG SafeGuard toolbar

Key Found : HKCU\Software\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webconnect.co

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WebConnect

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Found : HKCU\Software\WebConnect

Key Found : HKCU\Software\wnlt

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\Software\AVG SafeGuard toolbar

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Description

Key Found : HKLM\Software\FocusInteractive

Key Found : HKLM\Software\Fun Web Products

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19483

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

Found : urls_to_restore_on_startup

Found : icon_url

Found : keyword

Found : urls_to_restore_on_startup

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

Found : urls_to_restore_on_startup

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

Found : urls_to_restore_on_startup

Found : icon_url

Found : search_url

Found : suggest_url

Found : keyword

Found : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [14605 octets] - [07/12/2013 16:29:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14666 octets] ##########

 

 

#2

 

 

 

# AdwCleaner v3.014 - Report created 07/12/2013 at 16:32:03

# Updated 01/12/2013 by Xplode

# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)

# Username : tamlaz1986 - TAMLAZ1986-PC

# Running from : C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIDSF2F0\AdwCleaner[1].exe

# Option : Clean

 

***** [ Services ] *****

 

[x] Not Deleted : IBUpdaterService

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Windows\system32\jmdp

[!] Folder Deleted : C:\Users\tamlaz1986\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\tamlaz1986\AppData\Local\Zoom_Downloader

Folder Deleted : C:\Users\tamlaz1986\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Folder Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Folder Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

File Deleted : C:\Windows\system32\dmwu.exe

File Deleted : C:\Windows\system32\ImhxxpComm.dll

File Deleted : C:\Users\tamlaz1986\AppData\Local\mysearchdial-speeddial.crx

File Deleted : C:\Users\TAMLAZ~1\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\tamlaz1986\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webconnect.co

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{304E71B8-633E-4C36-996A-7D21D9D1518F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\WebConnect

Key Deleted : HKCU\Software\wnlt

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Description

Key Deleted : HKLM\Software\FocusInteractive

Key Deleted : HKLM\Software\Fun Web Products

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WebConnect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19483

 

 

*************************

 

AdwCleaner[R0].txt - [14747 octets] - [07/12/2013 16:29:23]

AdwCleaner[S0].txt - [14335 octets] - [07/12/2013 16:32:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14396 octets] ##########

 

 

 

==============================================================================================================================================

 

 

 

aswMBR:

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-12-07 17:21:23

-----------------------------

17:21:23.643    OS Version: Windows 6.0.6002 Service Pack 2

17:21:23.643    Number of processors: 4 586 0x170A

17:21:23.643    ComputerName: TAMLAZ1986-PC  UserName: tamlaz1986

17:21:24.907    Initialize success

17:21:25.031    AVAST engine defs: 13120601

17:21:58.743    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

17:21:58.743    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

17:21:58.993    Disk 0 MBR read successfully

17:21:58.993    Disk 0 MBR scan

17:21:58.993    Disk 0 Windows VISTA default MBR code

17:21:59.008    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63

17:21:59.024    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 145408

17:21:59.039    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       294933 MB offset 21116928

17:21:59.071    Disk 0 scanning sectors +625139712

17:21:59.289    Disk 0 scanning C:\Windows\system32\drivers

17:22:20.521    Service scanning

17:22:38.445    Modules scanning

17:23:02.079    Disk 0 trace - called modules:

17:23:02.609    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

17:23:02.609    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b71a28]

17:23:02.609    3 CLASSPNP.SYS[8b5c78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x865dd028]

17:23:03.452    AVAST engine scan C:\Windows

17:23:25.635    AVAST engine scan C:\Windows\system32

17:28:53.656    AVAST engine scan C:\Windows\system32\drivers

17:29:33.436    AVAST engine scan C:\Users\tamlaz1986

17:56:24.994    Disk 0 MBR has been saved successfully to "C:\Users\tamlaz1986\Desktop\MBR.dat"

17:56:25.010    The log file has been saved successfully to "C:\Users\tamlaz1986\Desktop\aswMBR.txt"

 

 

======================================================================================================================



#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 08 December 2013 - 10:17 PM

That is looking good.

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also, please update me as to how things seem to be running now.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 December 2013 - 07:26 AM

Hi Tomk

 

I ran the Malwarebytes.  Things seem better

Here is the output:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.09.08

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19483

tamlaz1986 :: TAMLAZ1986-PC [administrator]

 

12/9/2013 8:37:13 PM

mbam-log-2013-12-09 (20-37-13).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227955

Time elapsed: 12 minute(s), 50 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 8

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} (PUP.PlayTopus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} (PUP.PlayTopus) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Installl_Converter_A (PUP.Optional.InstalllConverter.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

Files Detected: 62

C:\Users\tamlaz1986\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\Media Player Classic - Home CinemaUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\GraphStudioNextUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\hsbing_717_active.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\OtshotInstaller7.exe (PUP.Optional.Otshot.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\1371686293_377963044_900_4.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\1371686293_377963137_900_6.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\SkypeUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\VLC media playerUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\Revo Uninstaller ProUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\chlogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\nsb8AC8.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\nss26B9.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\nssB199.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\1804075247.Uninstall\Revo Uninstaller ProUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\safe-saver.exe (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\WebConnect.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\303380861_stp.EXE (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\27132866_stp\WebConnect.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\is1852162411\303380725_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Downloads\google chrome setup.exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\6X00J8WO\KeyBar_1.8[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\6X00J8WO\Setup[1].exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\87IPDQYV\Setup[1].exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\B2CRLRBV\jre-7u7-windows-x64-d2c[1].exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\B2CRLRBV\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\M1766BWY\OtshotInstaller7[1].exe (PUP.Optional.Otshot.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\NUF366L6\Installl_Converter_A[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\WJLWL4E3\Free_Download_Manager_Setup[1].exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\WT0K1VIU\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\Local Settings\Temporary Internet Files\Content.IE5\WYWWLNGS\KeyBar_1_8_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LXN7CW6S\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PPEX2OFR\SkywalkerSetup[2].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YDG67M5D\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YDG67M5D\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Roaming\Adobe\plugs\mmc18.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Roaming\Adobe\plugs\mmc22.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Roaming\Adobe\plugs\mmc229.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Roaming\Adobe\plugs\mmc86.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3286042\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\CT3289847.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\tamlaz1986\AppData\Local\Temp\ct3289847\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)



#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 10 December 2013 - 10:06 AM

Please run me a new set of DDS logs and post here for my review.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 December 2013 - 11:24 PM

Hi again

Here is the output of the new DDS log

 

DDS (Ver_11-03-05.01) - NTFSx86
Run by tamlaz1986 at 20:38:22.64 on Tue 12/10/2013
Internet Explorer: 8.0.6001.19483 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.

3070.1309 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6X00J8WO\index[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [FoodBuzzUpdate] c:\program files\foodbuzz\update\FoodBuzzUpdate.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_152_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [20131121] c:\program files\alwil software\avast5\setup\emupdate\365db296-f189-4bbd-9382-b0b32d61c2d1.exe /check
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {551DDFC0-51FC-11D6-A169-000347A1932F} - hxxp://192.168.16.16/webris/powerscribeSDK/Vianix.cab
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://go.caducidxct.com/net6helper.cab
DPF: {7F017F97-9257-11D5-87EA-00B0D0BE6479} - hxxp://192.168.16.16/webris/powerscribeSDK/MSSOAP.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {98EB948F-D2AF-4E43-8EDF-6B288E467EAA} - hxxp://192.168.16.16/webris/powerscribeSDK/Speech.cab
DPF: {9C50CC4C-11D3-4C96-A5CE-0259C15A2107} - hxxp://192.168.16.16/webris/powerscribeSDK/PowerscribeSDK.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5703/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-12 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-5 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-7 37664]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 42264]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-5 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-5 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\reimage\reimage repair\ReiGuard.exe [2013-12-8 4019560]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-5-20 27648]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-4 10070016]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-4 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-5-6 413208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 CLKMSVC10_06A08EA1;CyberLink Product - 2012/12/09 12:04:27;"c:\program files\cyberlink\powerdvd dx\kernel\bd\navfilter\kmsvc.exe" /svc --> c:\program files\cyberlink\powerdvd dx\kernel\bd\navfilter\kmsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-9 136176]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257416]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2009-5-20 79360]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-5 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-5 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2009-7-5 79360]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-7 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-9 136176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-3 13464]
.
=============== Created Last 30 ================
.
2013-12-10 21:06:51     --------        d-----w-        C:\rei
2013-12-10 21:06:51     --------        d-----w-        \rei
2013-12-10 21:06:51     --------        d-----w-        \rei
2013-12-10 02:18:53     --------        d-----w-        c:\users\tamlaz1986\appdata\roaming\AVAST Software
2013-12-10 01:36:00     --------        d-----w-        c:\users\tamlaz1986\appdata\roaming\Malwarebytes
2013-12-10 01:35:16     22856   ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-12-10 01:35:16     --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-12-08 16:15:21     --------        d-----w-        c:\program files\Reimage
2013-12-07 21:28:47     --------        d-----w-        C:\AdwCleaner
2013-12-07 21:28:47     --------        d-----w-        \AdwCleaner
2013-12-07 21:28:47     --------        d-----w-        \AdwCleaner
2013-12-07 21:04:16     37664   ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2013-12-07 20:48:55     --------        d-----w-        c:\windows\ERUNT
2013-12-06 12:07:40     --------        d-----w-        c:\program files\Mobogenie
2013-11-14 04:58:58     297984  ----a-w-        c:\windows\system32\gdi32.dll
2013-11-14 04:58:52     993792  ----a-w-        c:\windows\system32\crypt32.dll
2013-11-14 04:58:48     444928  ----a-w-        c:\windows\system32\IKEEXT.DLL
2013-11-14 04:58:47     596480  ----a-w-        c:\windows\system32\FWPUCLNT.DLL
.
==================== Find3M  ====================
.
2013-12-10 02:15:56     43152   ----a-w-        c:\windows\avastSS.scr
2013-12-04 04:51:35     71048   ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 04:51:35     692616  ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-11-11 10:50:18     230048  ------w-        c:\windows\system32\MpSigStub.exe
2013-10-16 03:20:28     94632   ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-10-13 11:55:47     916992  ----a-w-        c:\windows\system32\wininet.dll
2013-10-13 11:50:19     43520   ----a-w-        c:\windows\system32\licmgr10.dll
2013-10-13 11:49:54     1469440 ----a-w-        c:\windows\system32\inetcpl.cpl
2013-10-13 11:49:39     71680   ----a-w-        c:\windows\system32\iesetup.dll
2013-10-13 11:49:39     109056  ----a-w-        c:\windows\system32\iesysprep.dll
2013-10-13 11:47:48     18944   ----a-w-        c:\windows\system32\corpol.dll
2013-10-13 10:09:15     385024  ----a-w-        c:\windows\system32\html.iec
2013-10-13 08:28:01     133632  ----a-w-        c:\windows\system32\ieUnatt.exe
2013-10-13 08:25:30     1638912 ----a-w-        c:\windows\system32\mshtml.tlb
2013-10-08 21:51:15     17226632        ----a-w-        c:\windows\system32\FlashPlayerInstaller.exe
2013-09-30 15:53:04     632656  ----a-w-        c:\windows\system32\msvcr80.dll
2013-09-30 15:53:04     554832  ----a-w-        c:\windows\system32\msvcp80.dll
2013-09-30 15:53:04     479232  ----a-w-        c:\windows\system32\msvcm80.dll
.
============= FINISH: 20:39:19.11 ===============


#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 11 December 2013 - 12:28 AM

Still a little straightening up to do.
 
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 December 2013 - 10:29 AM

Hi Tomk
I ran this several times but was not able to see any combofix txt file in C drive
A window like DDS flashes and then closes
Does it save somewhere else?

#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 14 December 2013 - 02:39 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *combofix*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#11 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 December 2013 - 10:58 PM

Hi:

 

I ran the SystemLook and it came back saying:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 23:49 on 15/12/2013 by tamlaz1986

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*combofix*"

C:\32788R22FWJFW\ComboFix-Download.3XE   --a---- 236032 bytes        [00:00 31/08/2000]          [00:00 31/08/2000] 3DF9E0775A9E3FC113F4D9FD0D4A14C4

C:\32788R22FWJFW\ndis_combofix.dat                --a---- 283 bytes               [08:12 24/12/2009]          [08:12 24/12/2009] 182239E94CE631D096BD17DFCA1E7E76

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87IPDQYV\ComboFix[1].exe  -r----- 5153140 bytes       [22:18 11/12/2013]          [22:18 11/12/2013] D1681900F30C0F453A3FF1D3B95509E6

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8TWXACX\ComboFix[1].exe                -r----- 5153140 bytes       [21:23 11/12/2013]          [21:24 11/12/2013] D1681900F30C0F453A3FF1D3B95509E6

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHP285W0\ComboFix[1].exe               -r----- 5149261 bytes       [21:21 11/12/2013]          [21:21 11/12/2013] 54183DADEDA7FCCF50720A4F4952376C

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1766BWY\ComboFix[1].exe               -r----- 5153140 bytes       [22:24 11/12/2013]          [22:24 11/12/2013] D1681900F30C0F453A3FF1D3B95509E6

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1766BWY\ComboFix[2].exe               -r----- 5154339 bytes       [16:06 14/12/2013]          [16:06 14/12/2013] 097D29CE43EFE8547026C4AF8FAB6ABF

C:\Users\tamlaz1986\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WT0K1VIU\ComboFix[1].exe                -r----- 5154339 bytes       [15:15 14/12/2013]          [15:15 14/12/2013] 097D29CE43EFE8547026C4AF8FAB6ABF

C:\Windows\Prefetch\COMBOFIX[1].EXE-7B6417C8.pf  --a---- 40176 bytes           [15:15 14/12/2013]          [15:15 14/12/2013] 0E2F45C41CF830D1013246CB83242501

C:\Windows\Prefetch\COMBOFIX[2].EXE-DCBA8F8D.pf                --a---- 153740 bytes        [16:06 14/12/2013]          [16:06 14/12/2013] 6A70410884DF689DAB43C92B60624AD5

 

-= EOF =-

 

Didn't seem to find Combofix.txt?

 



#12 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 16 December 2013 - 09:44 AM

It would appear that you did not save ComboFix to your desktop.  Even so, if it ran it should have mad a log and I don't see one either.

 

Please put it on your desktop and try it just one more time.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#13 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 December 2013 - 08:39 PM

I think I got it this time!

ComboFix 13-12-16.01 - tamlaz1986 12/16/2013  21:12:18.1.4 - x86
Microsoft® Windows Vista Ultimate   6.0.6002.2.1252.1.1033.18.3070.1496 [GMT -5:00]
Running from: c:\users\tamlaz1986\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\My App
c:\program files\My App\1-0_
c:\program files\My App\1-1_
c:\program files\My App\1-2_
c:\program files\My App\1-3_
c:\program files\My App\1-4_
c:\program files\My App\10-0_
c:\program files\My App\10-1_
c:\program files\My App\10-2_
c:\program files\My App\10-3_
c:\program files\My App\10-4_
c:\program files\My App\10-5_
c:\program files\My App\2-0_
c:\program files\My App\2-1_
c:\program files\My App\2-2_
c:\program files\My App\2-3_
c:\program files\My App\2-4_
c:\program files\My App\2-5_
c:\program files\My App\2-6_
c:\program files\My App\3-0_
c:\program files\My App\3-1_
c:\program files\My App\3-2_
c:\program files\My App\4-0_
c:\program files\My App\4-1_
c:\program files\My App\4-2_
c:\program files\My App\4-3_
c:\program files\My App\4-4_
c:\program files\My App\5-0_
c:\program files\My App\5-1_
c:\program files\My App\5-2_
c:\program files\My App\6-0_
c:\program files\My App\6-1_
c:\program files\My App\6-2_
c:\program files\My App\7-0_
c:\program files\My App\7-1_
c:\program files\My App\7-10_
c:\program files\My App\7-11_
c:\program files\My App\7-12_
c:\program files\My App\7-13_
c:\program files\My App\7-14_
c:\program files\My App\7-15_
c:\program files\My App\7-16_
c:\program files\My App\7-17_
c:\program files\My App\7-18_
c:\program files\My App\7-19_
c:\program files\My App\7-2_
c:\program files\My App\7-20_
c:\program files\My App\7-21_
c:\program files\My App\7-22_
c:\program files\My App\7-23_
c:\program files\My App\7-24_
c:\program files\My App\7-25_
c:\program files\My App\7-26_
c:\program files\My App\7-3_
c:\program files\My App\7-4_
c:\program files\My App\7-5_
c:\program files\My App\7-6_
c:\program files\My App\7-7_
c:\program files\My App\7-8_
c:\program files\My App\7-9_
c:\program files\My App\8-0_
c:\program files\My App\8-1_
c:\program files\My App\8-10_
c:\program files\My App\8-2_
c:\program files\My App\8-3_
c:\program files\My App\8-4_
c:\program files\My App\8-5_
c:\program files\My App\8-6_
c:\program files\My App\8-7_
c:\program files\My App\8-8_
c:\program files\My App\8-9_
c:\program files\My App\9-0_
c:\program files\My App\9-1_
c:\program files\My App\9-10_
c:\program files\My App\9-11_
c:\program files\My App\9-12_
c:\program files\My App\9-13_
c:\program files\My App\9-14_
c:\program files\My App\9-15_
c:\program files\My App\9-16_
c:\program files\My App\9-17_
c:\program files\My App\9-18_
c:\program files\My App\9-19_
c:\program files\My App\9-2_
c:\program files\My App\9-20_
c:\program files\My App\9-3_
c:\program files\My App\9-4_
c:\program files\My App\9-5_
c:\program files\My App\9-6_
c:\program files\My App\9-7_
c:\program files\My App\9-8_
c:\program files\My App\9-9_
c:\program files\My App\click-1_wav
c:\program files\My App\dep\config.xml
c:\program files\My App\dep\imgFirewallHelp.gif
c:\program files\My App\dep\imgInstallPath.jpg
c:\program files\My App\dep\imgKey.ico
c:\program files\My App\dep\imgKey2.ico
c:\program files\My App\dep\imgKey3.ico
c:\program files\My App\dep\imgLeftLogo.jpg
c:\program files\My App\dep\imgProgressBar.gif
c:\program files\My App\dep\imgProgressbar.jpg
c:\program files\My App\dep\imgTip.gif
c:\program files\My App\dep\ins_
c:\program files\My App\dep\SCR_
c:\program files\My App\dep\Thumbs.db
c:\program files\My App\dv_
c:\program files\My App\fe_
c:\program files\My App\flash_exe
c:\program files\My App\Image1_gif
c:\program files\My App\ins_
c:\program files\My App\lc_
c:\program files\My App\lp_
c:\program files\My App\nlp_
c:\program files\My App\pkgs_
c:\program files\My App\SCR_
c:\program files\My App\setwiz_i.exe
c:\program files\My App\setwiz_i.uzy
c:\program files\My App\su_
c:\program files\My App\testlist.lst
c:\program files\My App\tp_
c:\program files\My App\zlicense.exe
c:\users\tamlaz1986\AppData\Local\assembly\tmp
c:\users\tamlaz1986\AppData\Roaming\Adobe\plugs
c:\users\tamlaz1986\AppData\Roaming\Adobe\shed
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\ava48C3.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\7ae40873dd685d25.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\cfaa03b96b4cae9a.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-17 to 2013-12-17  )))))))))))))))))))))))))))))))
.
.
2013-12-17 02:19 . 2013-12-17 02:19         --------   d-----w-                c:\users\Default\AppData\Local\temp
2013-12-14 07:15 . 2013-12-14 07:15         62576    ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{35757263-530B-4D50-93B4-A526A758A142}\offreg.dll
2013-12-13 08:25 . 2013-11-08 01:15         7772552                ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{35757263-530B-4D50-93B4-A526A758A142}\mpengine.dll
2013-12-10 21:06 . 2013-12-10 21:06         --------   d-----w-                C:\rei
2013-12-10 02:18 . 2013-12-10 02:18         --------   d-----w-                c:\users\tamlaz1986\AppData\Roaming\AVAST Software
2013-12-10 01:36 . 2013-12-10 01:36         --------   d-----w-                c:\users\tamlaz1986\AppData\Roaming\Malwarebytes
2013-12-10 01:35 . 2013-12-10 01:35         --------   d-----w-                c:\programdata\Malwarebytes
2013-12-10 01:35 . 2013-12-10 01:35         --------   d-----w-                c:\program files\Malwarebytes' Anti-Malware
2013-12-10 01:35 . 2013-04-04 19:50         22856    ----a-w-                c:\windows\system32\drivers\mbam.sys
2013-12-08 16:15 . 2013-12-08 16:15         --------   d-----w-                c:\program files\Reimage
2013-12-07 21:46 . 2013-12-08 04:14         --------   d-----w-                c:\users\tamlaz1986\AppData\Local\FileTypeAssistant
2013-12-07 21:28 . 2013-12-07 21:44         --------   d-----w-                C:\AdwCleaner
2013-12-07 21:05 . 2013-12-07 21:05         --------   d-----w-                c:\programdata\CDB
2013-12-07 21:04 . 2013-12-07 21:04         37664    ----a-w-                c:\windows\system32\drivers\avgtpx86.sys
2013-12-07 20:48 . 2013-12-07 20:48         --------   d-----w-                c:\windows\ERUNT
2013-12-06 12:08 . 2013-12-06 12:08         --------   d-----w-                c:\users\tamlaz1986\AppData\Local\cache
2013-12-06 12:08 . 2013-12-06 12:10         --------   d-----w-                c:\users\tamlaz1986\AppData\Local\Mobogenie
2013-12-06 12:08 . 2013-12-06 12:08         --------   d-----w-                c:\users\wangzhisong
2013-12-06 12:07 . 2013-12-06 12:11         --------   d-----w-                c:\program files\Mobogenie
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 02:55 . 2012-03-30 10:44         692616  ----a-w-                c:\windows\system32\FlashPlayerApp.exe
2013-12-11 02:55 . 2011-10-13 09:19         71048    ----a-w-                c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 02:15 . 2013-03-27 16:18         49944    ----a-w-                c:\windows\system32\drivers\aswRvrt.sys
2013-12-10 02:15 . 2013-03-27 16:18         178304  ----a-w-                c:\windows\system32\drivers\aswVmm.sys
2013-12-10 02:15 . 2011-05-12 23:24         774392  ----a-w-                c:\windows\system32\drivers\aswSnx.sys
2013-12-10 02:15 . 2009-07-05 22:53         57672    ----a-w-                c:\windows\system32\drivers\aswTdi.sys
2013-12-10 02:15 . 2009-07-05 22:53         403440  ----a-w-                c:\windows\system32\drivers\aswSP.sys
2013-12-10 02:15 . 2009-07-05 22:53         35656    ----a-w-                c:\windows\system32\drivers\aswFsBlk.sys
2013-12-10 02:15 . 2009-07-05 22:52         70384    ----a-w-                c:\windows\system32\drivers\aswMonFlt.sys
2013-12-10 02:15 . 2010-06-30 01:08         43152    ----a-w-                c:\windows\avastSS.scr
2013-12-10 02:15 . 2009-07-05 22:53         54832    ----a-w-                c:\windows\system32\drivers\aswRdr.sys
2013-12-10 02:15 . 2009-07-05 22:52         269216  ----a-w-                c:\windows\system32\aswBoot.exe
2013-11-14 10:47 . 2013-08-03 15:45         13464    ----a-w-                c:\windows\system32\drivers\SWDUMon.sys
2013-11-11 10:50 . 2009-10-03 02:29         230048  ------w- c:\windows\system32\MpSigStub.exe
2013-10-16 03:20 . 2013-10-16 03:20         94632    ----a-w-                c:\windows\system32\WindowsAccessBridge.dll
2013-10-11 02:08 . 2013-11-14 04:58         444928  ----a-w-                c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 04:58         596480  ----a-w-                c:\windows\system32\FWPUCLNT.DLL
2013-10-08 21:51 . 2013-10-08 21:51         17226632             ----a-w-                c:\windows\system32\FlashPlayerInstaller.exe
2013-10-03 12:45 . 2013-11-14 04:58         297984  ----a-w-                c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-14 04:58         993792  ----a-w-                c:\windows\system32\crypt32.dll
2013-09-30 15:53 . 2013-06-19 23:57         632656  ----a-w-                c:\windows\system32\msvcr80.dll
2013-09-30 15:53 . 2013-06-19 23:57         554832  ----a-w-                c:\windows\system32\msvcp80.dll
2013-09-30 15:53 . 2013-06-19 23:57         479232  ----a-w-                c:\windows\system32\msvcm80.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-10 02:15              321752  ----a-w-                c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-10 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation           REG_MULTI_SZ                FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 22:52              1210320                ----a-w-                c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:55]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 03:59]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 03:59]
.
2013-12-11 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-05-20 07:02]
.
2013-12-17 c:\windows\Tasks\User_Feed_Synchronization-{18AF2BE7-45AA-4466-9A03-7B8A54458C93}.job
- c:\windows\system32\msfeedssync.exe [2013-12-10 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {551DDFC0-51FC-11D6-A169-000347A1932F} - hxxp://192.168.16.16/webris/powerscribeSDK/Vianix.cab
DPF: {7F017F97-9257-11D5-87EA-00B0D0BE6479} - hxxp://192.168.16.16/webris/powerscribeSDK/MSSOAP.cab
DPF: {98EB948F-D2AF-4E43-8EDF-6B288E467EAA} - hxxp://192.168.16.16/webris/powerscribeSDK/Speech.cab
DPF: {9C50CC4C-11D3-4C96-A5CE-0259C15A2107} - hxxp://192.168.16.16/webris/powerscribeSDK/PowerscribeSDK.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-FoodBuzzUpdate - c:\program files\FoodBuzz\Update\FoodBuzzUpdate.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files\PCFixSpeed\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-16 21:22
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\guard32.dll
.
Completion time: 2013-12-16  21:23:40
ComboFix-quarantined-files.txt  2013-12-17 02:23
.
Pre-Run: 214,309,855,232 bytes free
Post-Run: 215,458,541,568 bytes free
.
- - End Of File - - 711A5893CAFC916710DA2165EE6C9F6D
5C616939100B85E558DA92B899A0FC36
 

#14 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 17 December 2013 - 12:31 AM

Beautiful.

 

That looks good.

 

Let's get an online scan:

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#15 cobycoban

cobycoban

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 December 2013 - 08:51 PM

Hi here are the results of the eset scan:

 

C:\AdwCleaner\Quarantine\C\Windows\system32\dmwu.exe.vir           a variant of Win32/Toolbar.Perion.G application

C:\Program Files\Windows Live\Messenger\msimg32.dll              Win32/Toolbar.MyWebSearch application

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\33746a94-61180161         multiple threats

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4947139d-18f54826         multiple threats

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\4686f1e2-3f2c0f63           a variant of Java/Exploit.Agent.NEA trojan

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7fc28beb-39adee75        multiple threats

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\5e7a730-40911795           multiple threats

C:\Users\tamlaz1986\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\30b80673-5e8db35c        a variant of Java/Exploit.Agent.NEA trojan

C:\Users\tamlaz1986\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe AIR Free Download Packages\uninstaller.exe                Win32/InstallCore.AZ application

C:\Users\tamlaz1986\AppData\Roaming\1O1L1I1PtF1F1C1N\Skype Free Download Packages\uninstaller.exe                Win32/InstallCore.AZ application

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\background.js Win32/BrowseFox.B application

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\content.js         Win32/BrowseFox.B application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PPEX2OFR\SkywalkerSetup[1].exe     Win32/SweetIM.G application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PPEX2OFR\WSSetup[1].exe   multiple threats


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users