WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HELP! kernel32.dll thing ... I think it's a virus! [Closed

Started by lisavvvv , Dec 13 2013 10:15 PM

This topic is locked

19 replies to this topic

#1 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 13 December 2013 - 10:15 PM

Today, various programs on my computer started showing the "The procedure entry point GetUserdefaultLCid could not be located in the dynamic library KERNEL32.dll" when I tried to open them.

I can open files OK (seems like I can), but most programs (not all) will not run. It seems to be expanding to more and more programs as well.

HELP!! I have a project due by the end of this weekend and this is my only computer!!

Thanks in advance

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 16 December 2013 - 11:48 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

#3 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 18 December 2013 - 08:52 AM

Thank you so much for the help, Jeff. I can't open any internet browsers on the affected computer, so should I save the DDS programs to an external hard drive using a functioning computer and then access them from the affected computer?

#4 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 18 December 2013 - 09:22 AM

You can just download them to a thumb drive (USB drive) on another computer and then transfer them that way.

#5 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2013 - 09:11 AM

Still here?

#6 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 03:44 PM

Hi Jeff,

I'm still here . Am going to download these today and post the results!

#7 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 04:26 PM

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Owner at 17:22:47 on 2013-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1855 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Frontier\Backup & Sharing\fshoster32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Frontier\Backup & Sharing\apps\Online Backup\agmailagent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>;*.local
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{3CA6EBC8-F765-490A-AC8C-51A57724CEE7} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{3CA6EBC8-F765-490A-AC8C-51A57724CEE7}\07F6775627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3CA6EBC8-F765-490A-AC8C-51A57724CEE7}\2427F6F6B6C697E6020264F62746 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{3CA6EBC8-F765-490A-AC8C-51A57724CEE7}\6627F6E647965627 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{C65F7F64-9738-44C6-9E9A-C651FDF10295} : DHCPNameServer = 192.168.254.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9jna99sf.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2013-02-11 12:34; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-2-15 283200]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-12-5 1907896]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-30 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2656280]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-11-30 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-11-30 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-11-30 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-11-3 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-11-3 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-11-3 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-11-3 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-11-3 29288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-11 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-30 243712]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-30 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-11 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-21 22:06:58   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80EC3E84-3806-44D2-B078-862A7B22F9AA}\offreg.dll
2013-12-21 22:03:04   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80EC3E84-3806-44D2-B078-862A7B22F9AA}\mpengine.dll
2013-12-18 20:45:02   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-18 20:45:02   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B3D6A-DB28-4BD5-9516-969532DDF2FB}\mpengine.dll
2013-12-14 03:37:18   --------   d-----w-   C:\MoTemp
2013-12-12 02:49:37   3155968   ----a-w-   C:\windows\System32\win32k.sys
2013-12-11 08:10:26   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 08:10:26   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 08:10:25   12625920   ----a-w-   C:\windows\System32\wmploc.DLL
2013-12-11 08:10:24   12625408   ----a-w-   C:\windows\SysWow64\wmploc.DLL
2013-12-11 07:46:00   335360   ----a-w-   C:\windows\System32\msieftp.dll
2013-12-11 07:46:00   301568   ----a-w-   C:\windows\SysWow64\msieftp.dll
2013-12-09 22:38:47   --------   d-----w-   C:\Users\Owner\AppData\Local\{65036DA3-DCF3-4DE3-B3C7-73B432723F11}
2013-12-06 10:05:37   965000   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B0EBCFB-70A9-4943-AA1B-A417DEF1029A}\gapaengine.dll
2013-12-06 09:47:11   --------   d-----w-   C:\Users\Owner\AppData\Local\{DCFA14E5-A2F8-4BA9-9C2A-386402480087}
2013-12-06 09:46:56   --------   d-----w-   C:\Users\Owner\AppData\Roaming\Windows Live Writer
2013-12-06 09:46:56   --------   d-----w-   C:\Users\Owner\AppData\Local\Windows Live Writer
2013-12-05 14:07:53   --------   d-----w-   C:\ProgramData\regid.1991-06.com.microsoft
2013-12-05 13:57:13   --------   d-----w-   C:\Program Files\Microsoft Office 15
2013-12-05 13:40:32   --------   d-----w-   C:\Program Files (x86)\Microsoft SkyDrive
2013-12-05 13:40:29   --------   d-----r-   C:\Users\Owner\SkyDrive
2013-12-05 13:40:06   --------   d-----w-   C:\ProgramData\Microsoft SkyDrive
2013-12-05 12:04:03   566480   ----a-w-   C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-01 15:35:53   --------   d-----w-   C:\Users\Owner\AppData\Roaming\Verizon Wireless
2013-12-01 15:35:39   --------   d-----w-   C:\Users\Owner\AppData\Local\Novatel Wireless
2013-12-01 15:34:11   --------   d-----w-   C:\ProgramData\WEngineLite
2013-12-01 15:34:07   --------   d-----w-   C:\ProgramData\Verizon Wireless
2013-12-01 15:32:07   --------   d-----w-   C:\Program Files (x86)\Verizon Wireless
2013-12-01 15:31:12   --------   d-----w-   C:\Program Files (x86)\Novatel Wireless
2013-12-01 15:30:20   --------   d-----w-   C:\Users\Owner\AppData\Local\Downloaded Installations
2013-11-25 02:01:14   --------   d-----w-   C:\Users\Owner\AppData\Local\Radium Technologies
2013-11-25 02:00:41   --------   dc-h--w-   C:\ProgramData\{AD6D5A97-B46C-4FB1-91D4-411424B4A57F}
2013-11-25 02:00:37   --------   d-----w-   C:\ProgramData\Radium Technologies
2013-11-25 02:00:37   --------   d-----w-   C:\Program Files (x86)\Radium Technologies
2013-11-25 01:56:49   --------   d-----w-   C:\Users\Owner\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2013-12-11 01:58:58   692616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 01:58:57   71048   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 10:19:07   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\windows\System32\WMPhoto.dll
2013-11-19 10:21:41   267936   ------w-   C:\windows\System32\MpSigStub.exe
2013-11-12 02:23:09   2048   ----a-w-   C:\windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2013-11-01 13:01:07   5642   --sha-w-   C:\ProgramData\KGyGaAvL.sys
2013-10-19 02:18:57   81408   ----a-w-   C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59   159232   ----a-w-   C:\windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04   150016   ----a-w-   C:\windows\System32\wshom.ocx
2013-10-12 02:31:04   202752   ----a-w-   C:\windows\System32\scrrun.dll
2013-10-12 02:30:42   830464   ----a-w-   C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21   859648   ----a-w-   C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08   324096   ----a-w-   C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36   121856   ----a-w-   C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31   163840   ----a-w-   C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08   656896   ----a-w-   C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25   216576   ----a-w-   C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39   156160   ----a-w-   C:\windows\System32\cscript.exe
2013-10-12 01:33:26   168960   ----a-w-   C:\windows\System32\wscript.exe
2013-10-12 01:15:48   141824   ----a-w-   C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48   126976   ----a-w-   C:\windows\SysWow64\cscript.exe
2013-10-08 12:50:37   96168   ----a-w-   C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35   1474048   ----a-w-   C:\windows\System32\crypt32.dll
2013-10-05 19:57:25   1168384   ----a-w-   C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31   190464   ----a-w-   C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17   197120   ----a-w-   C:\windows\System32\credui.dll
2013-10-04 02:24:49   1930752   ----a-w-   C:\windows\System32\authui.dll
2013-10-04 02:16:30   116736   ----a-w-   C:\windows\System32\drivers\drmk.sys
2013-10-04 01:58:50   152576   ----a-w-   C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25   168960   ----a-w-   C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00   1796096   ----a-w-   C:\windows\SysWow64\authui.dll
2013-10-04 01:36:04   230400   ----a-w-   C:\windows\System32\drivers\portcls.sys
2013-10-03 02:23:48   404480   ----a-w-   C:\windows\System32\gdi32.dll
2013-10-03 02:00:44   311808   ----a-w-   C:\windows\SysWow64\gdi32.dll
2013-09-28 01:09:10   497152   ----a-w-   C:\windows\System32\drivers\afd.sys
2013-09-27 14:53:06   248240   ----a-w-   C:\windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06   134944   ----a-w-   C:\windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40   95680   ----a-w-   C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40   154560   ----a-w-   C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33   28672   ----a-w-   C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33   135680   ----a-w-   C:\windows\System32\sspicli.dll
2013-09-25 02:23:01   28160   ----a-w-   C:\windows\System32\secur32.dll
2013-09-25 02:22:59   340992   ----a-w-   C:\windows\System32\schannel.dll
2013-09-25 02:21:50   307200   ----a-w-   C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07   1447936   ----a-w-   C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24   247808   ----a-w-   C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42   220160   ----a-w-   C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24   30720   ----a-w-   C:\windows\System32\lsass.exe
.
============= FINISH: 17:24:20.55 ===============

#8 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 04:28 PM

DDS Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2012 7:44:53 AM
System Uptime: 12/20/2013 10:42:02 AM (31 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz | CPU | 2300/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 31.931 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 466 GiB total, 35.682 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP311: 12/7/2013 6:35:26 AM - Windows Update
RP312: 12/10/2013 7:14:14 AM - Windows Update
RP313: 12/11/2013 3:00:19 AM - Windows Update
RP314: 12/12/2013 3:00:17 AM - Windows Update
RP315: 12/14/2013 3:00:14 AM - Windows Update
RP316: 12/18/2013 9:23:29 AM - Windows Update
RP317: 12/21/2013 5:01:54 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe After Effects CS5.5
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Illustrator CS6
Adobe Photoshop CS6
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Adobe Story
Aimersoft DRM Media Converter(Build 1.4.7.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Backup & Sharing
BitTorrent
Bonjour
BufferChm
Conexant HD Audio
Contents
Copy
Corel VideoStudio Pro X3
D3DX10
DAEMON Tools Lite
Destinations
DeviceDiscovery
DeviceIO
DJ_AIO_03_F2200_Software_Min
ESET Online Scanner v3
F2200
Free YouTube Downloader 3.5.176
Google Chrome
Google Earth Plug-in
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ICA
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IPM_VS_Pro
iTunes
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Label@Once 1.0
Living Cookbook 2013
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Office 365 Home Premium - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MLE
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OJOsoft Total Video Converter
PDF Settings CS6
PDFCreator
PeerBlock 1.0+ (r484)
PhotoScape
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
PureHD
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Sagelight Image Editor v4
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Setup
Share
Share64
Shop for HP Supplies
Skype Launcher
Skype™ 6.11
Slideroll Gallery AV 2.1.04b
SmartSound Common Data
SmartSound Quicktracks 5
SmartWebPrinting
Solar Fire Gold Demo
SolutionCenter
Spybot - Search & Destroy
Status
swMSM
Synaptics Pointing Device Driver
The Photographer's Ephemeris
Toolbox
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Verizon Mobile Broadband Drivers
Verizon Wireless MiFi-2200 Firmware Updates
VIO
VLC media player 1.1.11
VSClassic
VSPro
VZAccess Manager
WebReg
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR 4.10 (32-bit)
Wizard101
.
==== End Of File ===========================

#9 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 04:36 PM

There were "no threats found" with the TDSKiller

#10 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 04:41 PM

ADwCleaner Log

# AdwCleaner v3.015 - Report created 21/12/2013 at 17:37:48
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : H:\virus stuff\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\QuickStores.url
Folder Found C:\Users\Owner\AppData\Local\PackageAware
Folder Found C:\Users\Owner\AppData\Roaming\pccustubinstaller
Folder Found C:\Users\Owner\AppData\Roaming\pdfforge

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9jna99sf.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1454 octets] - [21/12/2013 17:37:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1514 octets] ##########

Advertisements

Register to Remove

#11 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 04:58 PM

Weird ... My affected computer seems to be running normally now ...

#12 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2013 - 05:11 PM

Hi there,

Looks like we have some cleaning to do...

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#13 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 06:39 PM

Here is the ComboFix log ...

ComboFix 13-12-20.01 - Owner 12/21/2013 19:12:45.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2433 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\Booking.ico
H:\Autorun.inf
H:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-22 to 2013-12-22 )))))))))))))))))))))))))))))))
.
.
2013-12-22 00:23 . 2013-12-22 00:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-22 00:23 . 2013-12-22 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-21 22:56 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{929C9C48-43AC-48E7-8183-27F91CC6BA7B}\mpengine.dll
2013-12-21 22:37 . 2013-12-21 22:38 -------- d-----w- C:\AdwCleaner
2013-12-18 20:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-14 03:37 . 2013-12-14 03:37 -------- d-----w- C:\MoTemp
2013-12-12 02:49 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 08:10 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 08:10 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 08:10 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 08:10 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 08:10 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 08:09 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-11 07:46 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 07:46 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-06 10:05 . 2013-10-18 01:10 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B0EBCFB-70A9-4943-AA1B-A417DEF1029A}\gapaengine.dll
2013-12-06 09:46 . 2013-12-06 09:47 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live Writer
2013-12-06 09:46 . 2013-12-06 09:46 -------- d-----w- c:\users\Owner\AppData\Roaming\Windows Live Writer
2013-12-05 14:07 . 2013-12-05 14:35 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-12-05 13:57 . 2013-12-05 13:57 -------- d-----w- c:\program files\Microsoft Office 15
2013-12-05 13:40 . 2013-12-05 13:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-12-05 13:40 . 2013-12-22 00:11 -------- d-----r- c:\users\Owner\SkyDrive
2013-12-05 13:40 . 2013-12-05 13:40 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-12-05 12:04 . 2013-12-05 14:06 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-01 15:35 . 2013-12-01 15:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Verizon Wireless
2013-12-01 15:35 . 2013-12-01 15:35 -------- d-----w- c:\users\Owner\AppData\Local\Novatel Wireless
2013-12-01 15:34 . 2013-12-01 15:34 -------- d-----w- c:\programdata\WEngineLite
2013-12-01 15:34 . 2013-12-01 15:38 -------- d-----w- c:\programdata\Verizon Wireless
2013-12-01 15:32 . 2013-12-01 15:34 -------- d-----w- c:\program files (x86)\Verizon Wireless
2013-12-01 15:31 . 2013-12-01 15:31 -------- d-----w- c:\program files (x86)\Novatel Wireless
2013-12-01 15:30 . 2013-12-01 15:30 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
2013-11-25 02:01 . 2013-11-25 02:01 -------- d-----w- c:\users\Owner\AppData\Local\Radium Technologies
2013-11-25 02:00 . 2013-11-25 02:00 -------- dc-h--w- c:\programdata\{AD6D5A97-B46C-4FB1-91D4-411424B4A57F}
2013-11-25 02:00 . 2013-11-25 02:00 -------- d-----w- c:\programdata\Radium Technologies
2013-11-25 02:00 . 2013-11-25 02:00 -------- d-----w- c:\program files (x86)\Radium Technologies
2013-11-25 01:56 . 2013-11-25 01:56 -------- d-----w- c:\users\Owner\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 08:01 . 2012-01-11 14:09 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 01:58 . 2012-04-03 05:09 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 01:58 . 2011-10-31 02:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-01 13:01 . 2012-01-29 07:33 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2013-10-18 01:10 . 2012-06-12 16:47 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-13 11:02 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 11:02 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 11:02 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 11:02 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 11:02 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 12:50 . 2013-11-16 20:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-13 11:02 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 11:02 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 11:02 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 11:02 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 11:02 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 11:02 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 11:02 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 11:02 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 11:02 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 11:02 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 11:02 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2011-04-27 20:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 11:02 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 11:02 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 11:02 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 11:02 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 11:02 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 11:02 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 11:02 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 11:02 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 11:02 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 11:02 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 11:02 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 11:02 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 11:02 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-05 14:36 222832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-05 14:36 222832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-05 14:36 222832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"AdobeBridge"="" [BU]
"F-Secure Hoster"="c:\program files (x86)\Frontier\Backup & Sharing\fshoster32.exe" [2011-09-01 139264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SkyDrive"="c:\users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-12-05 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-05-17 4322688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:14 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:58]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 22:45]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-05 14:37 261744 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-05 14:37 261744 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-05 14:37 261744 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-12-05 14:18 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-12-05 14:18 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-12-05 14:18 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9jna99sf.default\
FF - ExtSQL: !HIDDEN! 2013-02-11 12:34; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-21 19:36:28
ComboFix-quarantined-files.txt 2013-12-22 00:36
ComboFix2.txt 2012-12-28 04:12
ComboFix3.txt 2012-05-05 21:26
.
Pre-Run: 70,925,975,552 bytes free
Post-Run: 70,496,296,960 bytes free
.
- - End Of File - - 72DEB6BE804B7CD4AF4AB706D3FAD00B

#14 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2013 - 06:59 PM

AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------

Post the new AdwCleaner and also let me know how your system is running now.

#15 lisavvvv

Authentic Member

Authentic Member
57 posts

Posted 21 December 2013 - 07:11 PM

# AdwCleaner v3.015 - Report created 21/12/2013 at 20:02:55
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : H:\virus stuff\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Owner\AppData\Roaming\pdfforge
File Deleted : C:\Users\Public\Desktop\QuickStores.url

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\WEDLMNGR

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9jna99sf.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1598 octets] - [21/12/2013 17:37:48]
AdwCleaner[R1].txt - [1656 octets] - [21/12/2013 20:01:52]
AdwCleaner[S0].txt - [1565 octets] - [21/12/2013 20:02:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1625 octets] ##########

Body Background

skin color theme