33 replies to this topic

[Tomk]

Mostly that is just misc. garbage.  However, there does appear to be a pirated version of Microsoft Office on there.
 
The good news is that I see no signs of the files infector.
 
COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
  C:\Program Files (x86)\VNT\vntldr.exe
  C:\Users\Admin2\AppData\Local\VNT\vntldr.exe
  C:\Users\Admin2\Downloads\avira_free_antivirus_en.exe
  C:\Users\Admin2\Downloads\reimagerepair.exe
  C:\Users\Chloe\Desktop\Office.Proessional.2010.exe"
  C:\Users\Chloe\Desktop\Office Professional 2010\Office 2010 Toolkit.exe
  C:\Users\Chloe\Documents\Stuff I dont know what to do with\Office.Proessional.2010.exe"
  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5AskToolbarInstaller-AVIRA-V7C[1].7z"
  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5AskToolbarInstaller-AVIRA-V7C[1].7z"
  
  Folder::
  C:\Program Files (x86)\AskPartnerNetwork
  
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

While you're at it... let's make sure the remnants of the misc. garbage are gone.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Then:

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

[vealie]

Done.  Combofix with CFScript

 

ComboFix 14-02-23.01 - Admin2 23/02/2014  20:02:25.3.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2668.1216 [GMT 0:00]

Running from: c:\users\Admin2\Desktop\ComboFix.exe

Command switches used :: c:\users\Admin2\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"

"c:\program files (x86)\VNT\vntldr.exe"

"c:\users\Admin2\AppData\Local\VNT\vntldr.exe"

"c:\users\Admin2\Downloads\avira_free_antivirus_en.exe"

"c:\users\Admin2\Downloads\reimagerepair.exe"

"c:\users\Chloe\Desktop\Office Professional 2010\Office 2010 Toolkit.exe"

"c:\users\Chloe\Desktop\Office.Proessional.2010.exe"

"c:\users\Chloe\Documents\Stuff I dont know what to do with\Office.Proessional.2010.exe"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5AskToolbarInstaller-AVIRA-V7C[1].7z"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5AskToolbarInstaller-AVIRA-V7C[1].7z"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\AskPartnerNetwork

c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1031.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1033.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1034.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1036.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1040.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1041.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1043.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1045.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\1049.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\2070.mst

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.3_AVIRA-V7C.msi

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\content.zip

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntldr.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntsrv.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\SO.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll

c:\program files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe

c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\ask-search.xml

c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\config.xml

c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe

c:\program files (x86)\VNT\vntldr.exe

c:\users\Admin2\AppData\Local\VNT\vntldr.exe

c:\users\Admin2\Downloads\avira_free_antivirus_en.exe

c:\users\Admin2\Downloads\reimagerepair.exe

c:\users\Chloe\Desktop\Office Professional 2010\Office 2010 Toolkit.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_APNMCP

-------\Service_APNMCP

.

.

(((((((((((((((((((((((((   Files Created from 2014-01-23 to 2014-02-23  )))))))))))))))))))))))))))))))

.

.

2014-02-23 20:19 . 2014-02-23 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-23 20:19 . 2014-02-23 20:19 -------- d-----w- c:\users\Chloe\AppData\Local\temp

2014-02-23 00:28 . 2014-02-23 00:28 -------- d-----w- c:\program files (x86)\ESET

2014-02-21 17:03 . 2014-02-21 17:11 -------- d-----w- C:\FRST

2014-02-19 15:19 . 2014-02-19 15:20 -------- d-----w- c:\program files\HijackThis

2014-02-19 12:02 . 2014-02-23 20:18 -------- d-----w- c:\program files (x86)\VNT

2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\AskPartnerNetwork

2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\APN

2014-02-19 11:58 . 2014-02-14 11:00 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2014-02-19 11:58 . 2014-02-14 11:00 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2014-02-19 11:58 . 2014-02-14 11:00 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2014-02-19 11:58 . 2014-02-14 11:00 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\programdata\Avira

2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\program files (x86)\Avira

2014-02-19 11:41 . 2014-02-19 11:41 -------- d-----w- c:\users\Admin2

2014-02-19 11:26 . 2014-02-17 01:32 10536864 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E917D9EE-52BB-44E2-A32B-8A8D688F3050}\mpengine.dll

2014-02-19 02:39 . 2014-02-19 02:41 -------- d-----w- c:\users\Administrator

2014-02-19 02:14 . 2014-02-19 02:14 -------- d-----w- c:\windows\Migration

2014-02-19 02:10 . 2014-02-19 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-02-19 00:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2014-02-19 00:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2014-02-19 00:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2014-02-19 00:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2014-02-19 00:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2014-02-18 23:39 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-18 23:39 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-18 23:37 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-02-18 23:37 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-02-18 23:37 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll

2014-02-18 23:37 . 2014-02-06 22:55 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2014-02-18 23:37 . 2014-02-06 22:24 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2014-02-18 23:37 . 2014-02-06 08:47 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2014-02-18 23:37 . 2014-02-06 08:37 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2014-02-18 23:37 . 2014-02-06 10:52 574976 ----a-w- c:\windows\system32\ieui.dll

2014-02-18 23:37 . 2014-02-06 08:29 271360 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2014-02-18 03:19 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2014-02-18 03:19 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2014-02-18 03:18 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2014-02-18 03:18 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2014-02-18 03:18 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2014-02-18 03:18 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2014-02-18 03:18 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2014-02-18 03:18 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-02-18 03:17 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll

2014-02-18 03:17 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-18 03:17 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2014-02-18 03:17 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-02-18 03:15 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-02-18 00:44 . 2014-02-18 00:44 -------- d-----w- c:\programdata\Oracle

2014-02-18 00:43 . 2014-02-18 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-02-18 00:42 . 2014-02-18 00:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-02-18 00:41 . 2014-02-18 00:41 -------- d-----w- c:\program files (x86)\Java

2014-02-18 00:19 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2014-02-18 00:11 . 2014-02-18 00:11 999936 ----a-w- c:\program files (x86)\Internet Explorer\networkinspection.dll

2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\users\Chloe\AppData\Roaming\Malwarebytes

2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\programdata\Malwarebytes

2014-02-17 15:16 . 2014-02-17 15:16 -------- d-----w- c:\users\Chloe\AppData\Local\Programs

2014-02-17 15:14 . 2014-02-17 15:14 388096 ----a-r- c:\users\Chloe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2014-02-17 15:14 . 2014-02-17 15:14 -------- d-----w- c:\program files (x86)\Trend Micro

2014-02-17 14:49 . 2014-02-17 14:50 235680752 ----a-w- C:\regold.reg

2014-02-17 14:47 . 2014-02-17 14:45 2629 ----a-w- C:\fix.reg

2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-21 17:24 . 2012-04-02 10:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-21 17:24 . 2011-12-30 18:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-04 19:09 . 2011-12-26 12:34 88567024 ----a-w- c:\windows\system32\MRT.exe

2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-12 336384]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-22 23:31 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:24]

.

2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]

.

2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{41564952-412D-5637-4300-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll

Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

Wow6432Node-HKLM-Run-VNT - c:\program files (x86)\VNT\vntldr.exe

BHO-{41564952-412D-5637-4300-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll

Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]

"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

.

**************************************************************************

.

Completion time: 2014-02-23  20:42:37 - machine was rebooted

ComboFix-quarantined-files.txt  2014-02-23 20:42

ComboFix2.txt  2014-02-22 12:25

ComboFix3.txt  2014-02-21 23:50

.

Pre-Run: 172,236,746,752 bytes free

Post-Run: 172,194,099,200 bytes free

.

- - End Of File - - 25308E0CF05FC9DE29D95F585A50018A

A36C5E4F47E84449FF07ED3517B43A31

[vealie]

and JRT,txt

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows 7 Home Premium x64

Ran by Admin2 on 23/02/2014 at 20:50:09.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/02/2014 at 21:05:46.65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Tomk]

Good.

Let's see those other logs.

[Tomk]

JRT looks good.

(You're faster than I type.)

[vealie]

and AdwCleaner......

 

# AdwCleaner v3.019 - Report created 23/02/2014 at 21:11:31

# Updated 17/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Admin2 - CHLOE-LAPTOP

# Running from : C:\Users\Admin2\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Chloe\AppData\LocalLow\boost_interprocess

File Deleted : C:\Users\Public\Desktop\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\caphyon

Key Deleted : HKLM\Software\caphyon

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1833 octets] - [23/02/2014 21:09:09]

AdwCleaner[S0].txt - [1737 octets] - [23/02/2014 21:11:31]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1797 octets] ##########

[vealie]

AdwCleaner Pt2

 

# AdwCleaner v3.019 - Report created 23/02/2014 at 21:11:31

# Updated 17/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Admin2 - CHLOE-LAPTOP

# Running from : C:\Users\Admin2\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Chloe\AppData\LocalLow\boost_interprocess

File Deleted : C:\Users\Public\Desktop\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\caphyon

Key Deleted : HKLM\Software\caphyon

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1833 octets] - [23/02/2014 21:09:09]

AdwCleaner[S0].txt - [1737 octets] - [23/02/2014 21:11:31]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1797 octets] ##########

[Tomk]

How does it seem to be running now?

[vealie]

Tomk,

 

It is running well.  The firewall is now started, anti-virus runs, browsing goes ok with no hanging and the laptop does not slow down and hang as it did before.

 

Quick question.  I created a new account to run these fixes. Will the old accounts still be ok?

 

Rgds,

Steve

[Tomk]

Things we have done will not have changed the other accounts... the question really is - are the other accounts clean of infections?

 

Most of the tools we ran look for multiple accounts... but sometimes things get hidden.

 

Please enter one of the old accounts and run me a set of DDS logs.

[vealie]

How do I get DDS logs again?

[Tomk]

My fault.  We didn't start with DDS.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

•  
  • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments,  attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt and Attach.txt reports in your next reply

 

[vealie]

TomK,

 

Ah, carp**!

 

Ran a scandsk late last night.  This morning on startup got the 'build 7601 this is not a genuine copy of windows' error.  After restart the machine is crawling.  I can't even load a webpage or get to the control panel.  AV and uac is working. I have tried admin and user account.  Both the same.

 

What would you suggest?  I quite understand if you have gone as  far as you would like to.

 

Rgds,

Steve

[Tomk]

How about safe mode?

Is it a legitimate copy of windows?

[vealie]

TomK,

 

Actually, it looks like HD failure.  I ran the diagnostics and the HD failed self-test.  I think you actually fixed the machine but this is a game changer!  I'm returning the laptop to the owner.  It will start but is too slow to use.  Must be bad sectors or worse.

 

As for windows, I'm told it came pre-installed on the laptop (Dell) and seems ok to me.

 

Thanks for all your help and assistance.  I have really appreciated the time you gave it and I've learnt something into the bargain!

 

All the best,

Steve