Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91977 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Extremely slow, system freezes, haven't noticed any update options

Possible Viruses &/or Worms

  • This topic is locked This topic is locked
27 replies to this topic

#1 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 18 July 2014 - 02:31 PM

I let my neighbor borrowed my laptop. Upon visiting her, I found my laptop in the condition in my "Topic Title. As stated above it is irritatingly slow, the system freezes, & can't get any updates. I can't do a system restore, the laptop won't stay powered on unless I have the adaptor (power) cord attached to it. When I try to do a system restore, it goes back to May 25, 2014. I chose that date even though I know the system has been acting up a couple of months before that. Any help at this point will be greatly appreciated. I am going to start a new post in the Windows section for the System Restore fix as I see this same topic in the Windows section of this site. I hope that is ok.

 

I have Windows Vista Home Premium

Dell Inspiron 1525 

Intel Core 2 Duo CPU w/ 3 GB Memory.


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 July 2014 - 11:18 AM

:welcome:

 

Lets run a few scans and see whats going on

 

 

Download DDS from one of the links below to your desktop
 
 
  •  
  • Double  click the tool to run it.
  • A black Screen   will open, just  read the contents and do nothing.
  • When the  tool  finishes, it  will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
 
 
 
 
 
 
==================================================
 
 
 
 
 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 07:13 PM

Hi Ken545!

Thanks for the quick reply. 

 

Here is my DDS report. 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19543
Run by Scott at 20:09:15 on 2014-07-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3061.1621 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbarsvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\CenturyLink\QuickCare\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\CenturyLink\QuickCare\bin\tgsrvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uProxyServer = :0
uURLSearchHooks: <No Name>: {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - c:\program files\inboxace_1g\bar\1.bin\1gSrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - c:\program files\inboxace_1g\bar\1.bin\1gSrcAs.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.7.644\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: CenturyLink: {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - c:\program files\qwesttoolbar\qwesttoolbarDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - 
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\program files\inboxace_1g\bar\1.bin\1gbar.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: InboxAce: {3775AFD7-5921-4571-968F-85A631203D1C} - c:\program files\inboxace_1g\bar\1.bin\1gbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: CenturyLink: {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - c:\program files\qwesttoolbar\qwesttoolbarDx.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.7.644\AVG Secure Search_toolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - c:\program files\inboxace_1g\bar\1.bin\1gbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpqSRMon] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8FE46B69-5EBE-4C97-8567-8C339A909E76} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-17 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-6-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-4 42784]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-6 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-6-27 3241488]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-6-17 289328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 InboxAce_1gService;InboxAceService;c:\progra~1\inboxa~2\bar\1.bin\1gbarsvc.exe [2014-1-24 88648]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\centurylink\quickcare\bin\sprtsvc.exe [2011-8-23 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\centurylink\quickcare\bin\tgsrvc.exe [2011-8-23 185640]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.7\ToolbarUpdater.exe [2014-6-23 1813528]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-6 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-15 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-07-17 01:35:18 -------- d-----w- c:\program files\CCleaner
2014-07-09 18:29:26 506880 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 18:29:24 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 18:29:24 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 18:29:23 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 18:29:23 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 18:29:21 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 18:29:20 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 18:29:20 965120 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 18:29:20 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 18:29:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
==================== Find3M  ====================
.
2014-07-09 18:45:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 18:45:26 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-23 13:22:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-17 21:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 21:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 21:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 21:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 21:06:40 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 21:06:38 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 21:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 21:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-05-28 07:08:29 916992 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 07:03:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-28 07:02:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 07:02:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-05-28 07:02:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-28 07:00:35 18944 ----a-w- c:\windows\system32\corpol.dll
2014-05-28 05:26:56 385024 ----a-w- c:\windows\system32\html.iec
2014-05-28 03:44:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 03:42:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH: 20:10:25.85 =============== 

Edited by Nettie724, 19 July 2014 - 07:24 PM.


#4 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 07:27 PM

Here is the second file you requested. 

Attached Files



#5 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 07:39 PM

Hi, Ken545! 

 

Here is the aswMBR logfile you requested. 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-19 20:31:21
-----------------------------
20:31:21.538    OS Version: Windows 6.0.6002 Service Pack 2
20:31:21.538    Number of processors: 2 586 0xF0D
20:31:21.539    ComputerName: SCOTT-PC  UserName: Scott
20:31:23.172    Initialize success
20:31:23.276    VM: initialized successfully
20:31:23.313    VM: Intel CPU virtualization not supported 
20:35:46.971    AVAST engine defs: 14071901
20:36:33.087    The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"


#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 July 2014 - 08:13 PM

Hi, the log from aswMBR is incomplete, it should still be on your desktop, go ahead and open it and  paste the entire log please.

 

Then run these 3 programs in the order listed please and post the log from each one, if they all wont fit in one reply take as many replies as you need to post them

 

 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
===============================================================================
 
 
 

Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 20 July 2014 - 12:15 PM

Ok, I'm guessing this is what you were looking for as this is the only thing I see on my desktop that I didn't post from yesterday's downloads. 

 

 
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Calculator.lnk=@%SystemRoot%\system32\shell32.dll,-22019
Music.lnk=@shell32.dll,-21790

Edited by Nettie724, 20 July 2014 - 12:16 PM.


#8 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 20 July 2014 - 12:44 PM

Here is the ADWCleaner logfile. 

 

# AdwCleaner v3.216 - Report created 20/07/2014 at 13:33:00
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : InboxAce_1gService
Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\InboxAce_1g
Folder Deleted : C:\Program Files\SelectRebates
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Scott\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Scott\AppData\Local\InboxAce_1g
Folder Deleted : C:\Users\Scott\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Scott\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Scott\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Scott\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Hotbar
Folder Deleted : C:\Users\Scott\AppData\LocalLow\iac
Folder Deleted : C:\Users\Scott\AppData\LocalLow\InboxAce_1g
Folder Deleted : C:\Users\Scott\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Scott\AppData\LocalLow\ShoppingReport
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxAce_1g Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3775AFD7-5921-4571-968F-85A631203D1C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3775AFD7-5921-4571-968F-85A631203D1C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19543
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={B0C99B09-3B95-4B25-9C5F-2316CA3BB3FD}&mid=dbcdbd7bf1730a95f8a27b9c8dfe6a84-2dc3384a3ee3d63b323b3db705c126c60234bd32&lang=en&ds=AVG&pr=fr&d=2011-10-12 22:40:30&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [13126 octets] - [20/07/2014 13:30:31]
AdwCleaner[S0].txt - [13083 octets] - [20/07/2014 13:33:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13144 octets] ##########


#9 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 20 July 2014 - 12:55 PM

Here is the JRT.txt log.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Scott on Sun 07/20/2014 at 13:49:26.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{1B7EBC99-1667-4850-B4B8-BAF85FB257B6}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{37AD6C2E-97A0-4F13-B1A4-768AD145AFF4}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{4B4729E6-2B80-4AC3-BF06-9FEFE3A6D3B2}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{60C27FDC-889C-4728-9A4F-193389A90999}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{6B5EB7EB-A683-44F7-AD6F-6DB69E5621EC}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{7FEB8F16-7EE3-4204-97EC-7F7F772ACA93}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{94C05783-E062-46A2-929C-EF45855051CA}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{E93DE685-B888-4C01-BB5E-447BD2E9DA2E}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/20/2014 at 13:53:06.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 20 July 2014 - 01:19 PM

Thats not what I wanted for aswMBR, lets see what Malwarebytes finds and then we can try running aswMBR again


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 20 July 2014 - 07:40 PM

Ugh, I left this mbam download running and when I got back home 4 hours later it told me to choose an action, so I click apply. I never saw a log. And I ok'd the pgm to restart so the changes can take place. Now I can't find the log at all. Do I need to re-run this program? :pullhair:



#12 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 20 July 2014 - 08:23 PM

Open up Malwarebytes and on the Dashboard go to the History Tab > Then click on Application logs > Then scan log and chose the one you just ran and when it opens select Copy to Clipboard and paste it into this thread

 

 

If you cant find it than run a new threat scan and when its done on the top right click on View Detailed log and then Copy to Clipboard / or Export and choose a destination like your desktop and paste it into this thread


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#13 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 21 July 2014 - 09:59 PM

Hi, Ken545! 
This is the last one i ran. 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/20/2014
Scan Time: 2:29:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Scott
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 1428
Time Elapsed: 1 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 July 2014 - 02:52 AM

Good Morning,

 

Lets give aswMBR another shot

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #15 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 22 July 2014 - 09:59 PM

    hi

    here is the log.

     

     

    aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
    Run date: 2014-07-22 21:23:01
    -----------------------------
    21:23:01.568    OS Version: Windows 6.0.6002 Service Pack 2
    21:23:01.568    Number of processors: 2 586 0xF0D
    21:23:01.570    ComputerName: SCOTT-PC  UserName: Scott
    21:23:03.498    Initialize success
    21:23:03.585    VM: initialized successfully
    21:23:03.595    VM: Intel CPU virtualization not supported 
    21:23:51.608    AVAST engine defs: 14072201
    21:24:08.326    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    21:24:08.331    Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
    21:24:08.550    Disk 0 MBR read successfully
    21:24:08.555    Disk 0 MBR scan
    21:24:08.564    Disk 0 Windows VISTA default MBR code
    21:24:08.583    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
    21:24:08.597    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 81920
    21:24:08.620    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       225874 MB offset 20561920
    21:24:08.631    Disk 0 Partition - 00     0F Extended LBA              2559 MB offset 483153920
    21:24:08.702    Disk 0 Partition 4 00     DD              MSDOS5.0     2558 MB offset 483155968
    21:24:08.715    Disk 0 scanning sectors +488394752
    21:24:09.348    Disk 0 scanning C:\Windows\system32\drivers
    21:24:36.058    Service scanning
    21:25:10.092    Modules scanning
    21:25:32.466    Disk 0 trace - called modules:
    21:25:32.498    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
    21:25:32.503    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8712dac8]
    21:25:32.508    3 CLASSPNP.SYS[8afaa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d1f030]
    21:25:33.980    AVAST engine scan C:\Windows
    21:25:37.859    AVAST engine scan C:\Windows\system32
    21:30:51.664    AVAST engine scan C:\Windows\system32\drivers
    21:31:09.588    AVAST engine scan C:\Users\Scott
    21:41:27.232    Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
    21:41:27.250    The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt1.txt"
    21:41:42.571    Scan stopped
    21:41:46.203    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    21:41:46.214    Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
    21:41:46.286    Disk 0 MBR read successfully
    21:41:46.296    Disk 0 MBR scan
    21:41:46.309    Disk 0 Windows VISTA default MBR code
    21:41:46.322    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
    21:41:46.361    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 81920
    21:41:46.406    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       225874 MB offset 20561920
    21:41:46.420    Disk 0 Partition - 00     0F Extended LBA              2559 MB offset 483153920
    21:41:46.476    Disk 0 Partition 4 00     DD              MSDOS5.0     2558 MB offset 483155968
    21:41:46.504    Disk 0 scanning sectors +488394752
    21:41:46.568    Disk 0 scanning C:\Windows\system32\drivers
    21:41:46.578    Service scanning
    21:42:18.891    Modules scanning
    21:42:35.748    Disk 0 trace - called modules:
    21:42:35.782    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
    21:42:35.789    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8712dac8]
    21:42:35.796    3 CLASSPNP.SYS[8afaa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d1f030]
    21:42:36.764    AVAST engine scan C:\Windows
    21:42:44.211    AVAST engine scan C:\Windows\system32
    21:46:14.663    AVAST engine scan C:\Windows\system32\drivers
    21:46:32.754    AVAST engine scan C:\Users\Scott
    22:32:23.327    File: C:\Users\Scott\Documents\Word Docs\Internet_Explorer_Setup.exe  **INFECTED** Win32:Adware-gen [Adw]
    22:40:11.075    AVAST engine scan C:\ProgramData
    22:48:13.099    Scan finished successfully
    22:56:51.805    Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
    22:56:51.811    The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt2.txt"

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users