41 replies to this topic

[Satchfan]

OK - going out for a while but will check in later.

[GeekStyle59]

Alright Satchfan, I'm ready to tackle this again for a bit. What I can tell you is that somethings are much faster than they were and bootup is much slower. Lightroom still is malfunctioning in the Develop Module. All other programs are working as they should and a few of them are MUCH faster. I had to re-install Photoshop Elements 10 because I needed to use it. I had uninstalled it before we started working together.

 

Two specific bootup problems. CCleaner is asking to load and I am denying it. Is there a way to shut that off? Or, even better, is there a better clean up program that I can use instead? I took a quick look at your "doucmentation" about IObit, etc. and I would certainly trust your judgement. I have been using the IObit Advanced System Care since at least version 4 and I think removing it is why the system went back to a very old wallpaper (can only imagine how much change that meant under the hood of the system!).

 

The second bootup issue is that I get a very quick message that "DSD_3420 (not responding)" and then the small box delivering the message goes away. I have no idea what that i connected to. Do you?

[GeekStyle59]

"For Intel video adapters, go to the Intel website. Tested video cards for Photoshop CC and CC 2014

Adobe tested the following video cards before the release of Photoshop CC and CC 2014. This document lists the video card by series. The minimum amount of VRAM supported on video cards for Photoshop CC and CC 2014 is 512 MB.

 

Adobe tested laptop and desktop versions of the following cards. Be sure to download the latest driver for your specific model (Laptop and desktop versions have slightly different names.)....Intel HD Graphics P3000"

 

The above is taken from this website:

 

http://helpx.adobe.c...aq1.html#Tested video cards for Photoshop CC and CC 2014

 

Now my graphics card is just listed as just INtel HD graphics 3000. I did find, on the Intel, a 32 and 64 bit update for my card.

[GeekStyle59]

No, I don't think the Lightroom problem is hardware related because, just to test it myself, I just re-installed Lightroom 4 -- which worked perfectly until I installed LIghtroom 5! Again, after install, same problem in the Develop module

[Satchfan]

Lightroom still is malfunctioning in the Develop Module

That is not something I can help with as I know nothing about it or any of the graphics problems you’re having. When we finish up here I’ll give you a link to another of our forums where they should be able to help.
 

CCleaner is asking to load and I am denying it. Is there a way to shut that off?

You could disable it from starting or just uninstall it.
 

DSD_3420 (not responding)

That is a message relating to Dell System Detect which scans your computer for your service tag; this is to enable automatic detection of updates related to drivers, downloads & other recommended software.

It is unnecessary and your drivers don’t need to be updated unless you are having problems, in which case they can be updated manually. You can uninstall Dell System Detect via the Control panel in the usual way.


I think we’ll run some final scans and if all is well, we can tidy up and I’ll give you my security recommendations etc.


Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================
 

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

 

• start Malwarebytes-Anti-Malware and update it, (“Update” tab}
• once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
• when the scan is complete, if no malicious items are found you can close the program
• if malicious items are found be sure that everything is checked and click Quarantine
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

 

• click the Eset online Scanner button
• for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  

  
  o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  o    double click on the Eset installer icon on your desktop.
   

• check Yes, I accept the Terms of Use
• click the Start button
• accept any security warnings from your browser
• check Enable detection of potentially unwanted applications
• click Advanced settings and select the following:
  

  
  o    scan archives
  o    scan for potentially unsafe applications
  o    enable Anti-Stealth technology
   

  Note: Do not check Remove found threats
  
   
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• when the scan completes, push List of found threats
• push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  

  
  Note - if ESET doesn't find any threats, no report will be created.
   

• push the back button.
• push Finish

When the scan is complete:

If no threats were found:

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Logs to include with the next post:

checkup.txt
Mbam.txt
Eset results (if there are any)

Satchfan

[GeekStyle59]

1) Lightroom problem solved quickly and easily after a post on the Adobe Lightroom fourm (just had to remove a preference file!)

 

2) Uninstalled CCleaner. The AVast Siren went off as soon as I hit Uninstall, too.

 

3) Removed the DSD_3420 program

 

Now please don't get upset with me but, in an absence of your response and your apparent trust in Bleeping Computer, I download and ran Combo Fix which apparently cleaned up a lot. It is only fair that I let you know that before I run your next suggestions which I will now work my way through.

 

Well, the ESET scan is only 34% complete and is going to take quite a bit more time. It has just scanned a Win32/HackTool that I will love to get rid of! Whie waiting, here are the other reports:

 

Security Check

 

 Results of screen317's Security Check version 0.99.91  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Spyder4Pro     

 Malwarebytes Anti-Malware version 2.0.3.1025  

 Java 7 Update 71  

 Adobe Flash Player 15.0.0.239  

 Mozilla Firefox (33.1) 

 Google Chrome (39.0.2171.65) 

 Google Chrome (39.0.2171.71) 

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

 

 

MBAM

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/1/2014

Scan Time: 6:09:28 AM

Logfile: MBAM log file.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.12.01.02

Rootkit Database: v2014.11.30.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Grandma

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 360405

Time Elapsed: 20 min, 22 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 

 

ESET has already been running for almost 3 hours and it jut reached 41% so it will be wuite a while before I can get that report to you.

 

[GeekStyle59]

ESET Report

 

C:\MGtools\Process.exe Win32/PrcView potentially unsafe application

C:\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\Users\Grandma\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Grandma\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

D:\Software - XP\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

D:\Software - Current\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

D:\Software - Current\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

F:\June 21-2013\speccysetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

F:\Software - Current\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

F:\Software - Current\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

[Satchfan]

in an absence of your response and your apparent trust in Bleeping Computer

 

We ask you at the beginning not to run any programs unless requested: this is for a reason.

 

Yes, I trust BleepingComputer and they correctly have a warning on the download page about what you have done:

"Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper".
 

I download and ran Combo Fix which apparently cleaned up a lot.

 

How do you know that it "cleaned up a lot"? Those "infections" could have been legitimate files that you may need at some point and no longer have.

I'd like you to send me the log you got from ComboFix:

ComboFix logs are located at c:\combofix.txt

 

Satchfan

[GeekStyle59]

My apologies :-( Yes, I just read through it and it does indeed look as though I might have screwed up big time, but I AM glad that it shows you the Internet Explorer Ghostviet stuff because IE opens up two tabs of it and I have not been able to change that no matter what I have tried. Anyway, here is the Comb Fix report:

 

ComboFix 14-11-25.01 - Grandma 11/30/2014  22:17:23.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3492.1646 [GMT -5:00]

Running from: c:\users\Grandma\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\windows\system32\drivers\Setup.exe

D:\Setup.exe

.

.

(((((((((((((((((((((((((   Files Created from 2014-11-01 to 2014-12-01  )))))))))))))))))))))))))))))))

.

.

2014-11-30 19:05 . 2014-11-30 19:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2014-11-30 18:10 . 2014-11-30 18:31 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-11-30 18:10 . 2014-10-01 16:39 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-30 18:10 . 2014-10-01 16:39 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-30 18:10 . 2014-10-01 16:39 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-30 12:27 . 2014-11-30 12:27 -------- d-----w- c:\windows\ERUNT

2014-11-30 09:03 . 2014-11-30 09:03 -------- d-----w- c:\program files\Intel Driver Update Utility

2014-11-30 08:37 . 2014-11-30 08:37 -------- d-----w- c:\program files\NVIDIA Corporation

2014-11-30 05:49 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CC79489-B8A0-41CE-A00D-A043121F8178}\mpengine.dll

2014-11-30 02:13 . 2014-11-30 02:17 -------- d-----w- C:\MGADiagToolOutput

2014-11-30 02:12 . 2014-11-30 02:12 -------- d-----w- c:\programdata\Office Genuine Advantage

2014-11-29 04:05 . 2014-11-29 06:34 -------- d-----w- C:\MGtools

2014-11-29 03:07 . 2014-11-29 03:10 -------- d-----w- c:\programdata\HitmanPro

2014-11-29 03:06 . 2014-11-29 10:53 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-11-29 03:06 . 2014-11-29 03:06 -------- d-----w- c:\programdata\RogueKiller

2014-11-29 03:06 . 2014-11-30 18:09 -------- d-----w- C:\Desktop

2014-11-29 02:12 . 2014-11-29 02:12 -------- d-----w- c:\users\Admin\AppData\Local\Datacolor

2014-11-28 06:55 . 2014-11-28 06:55 -------- d-----w- c:\program files\CCleaner

2014-11-28 03:10 . 2014-11-28 03:10 -------- d-sh--w- c:\users\Grandma\AppData\Local\EmieBrowserModeList

2014-11-19 18:05 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll

2014-11-19 18:05 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll

2014-11-19 11:14 . 2014-11-19 11:14 -------- d-----w- C:\WTablet

2014-11-17 20:10 . 2014-11-17 20:10 -------- d-----w- c:\users\Grandma\AppData\Roaming\LavasoftStatistics

2014-11-17 19:52 . 2014-11-17 19:55 -------- d-----w- C:\AdwCleaner

2014-11-17 19:23 . 2013-09-02 07:58 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2014-11-17 06:18 . 2014-11-17 06:18 -------- d--h--w- c:\windows\system32\WLANProfiles

2014-11-17 06:02 . 2014-11-17 06:02 -------- d-----w- c:\programdata\IntelDLM

2014-11-17 05:58 . 2014-11-17 05:58 -------- d-----w- c:\users\Grandma\AppData\Local\Intel

2014-11-17 03:54 . 2014-11-17 03:54 -------- d-----w- c:\program files\Tracker Software

2014-11-17 02:38 . 2014-11-17 02:38 -------- d-----w- c:\windows\9B4D16A7393F470C8B9F74AE1EA6C105.TMP

2014-11-16 02:36 . 2014-11-16 02:37 -------- d-----w- c:\users\Grandma\AppData\Local\Datacolor

2014-11-16 02:36 . 2014-11-16 02:36 -------- d-----w- c:\program files\Datacolor

2014-11-12 12:21 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll

2014-11-12 12:21 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL

2014-11-12 12:21 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll

2014-11-12 12:19 . 2014-11-06 02:20 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-11-12 12:19 . 2014-11-06 03:10 64000 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-11-12 12:19 . 2014-11-06 02:36 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2014-11-12 12:19 . 2014-11-06 03:13 501248 ----a-w- c:\windows\system32\vbscript.dll

2014-11-12 12:19 . 2014-11-06 02:21 4298240 ----a-w- c:\windows\system32\jscript9.dll

2014-11-12 02:06 . 2014-11-30 09:03 -------- d-----w- c:\programdata\Package Cache

2014-11-10 00:10 . 2014-11-11 01:19 29 ---h--r- c:\programdata\GD4985JED2.sys

2014-11-09 23:39 . 2014-11-17 02:37 -------- d-----w- c:\users\Grandma\AppData\Roaming\ThePluginSite

2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2014-11-07 19:28 . 2014-11-07 19:28 -------- d-----w- c:\program files\QuickTime

2014-11-07 19:24 . 2014-11-07 19:24 -------- d-----w- c:\program files\iPod

2014-11-07 19:24 . 2014-11-07 19:26 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

2014-11-07 19:24 . 2014-11-07 19:26 -------- d-----w- c:\program files\iTunes

2014-11-05 13:14 . 2008-11-17 05:00 342016 ----a-w- c:\windows\system32\eswiaud.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-11-29 06:34 . 2014-11-29 04:05 474729 ----a-w- C:\MGlogs.zip

2014-11-26 12:39 . 2014-09-28 13:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-11-26 12:39 . 2014-09-28 13:44 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-11-22 00:14 . 2013-06-08 21:24 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys

2014-11-21 13:53 . 2013-06-08 21:24 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-11-04 19:30 . 2010-04-28 03:44 229000 ------w- c:\windows\system32\MpSigStub.exe

2014-11-01 01:53 . 2013-06-08 21:24 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

2014-10-26 13:52 . 2014-01-01 01:30 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-10-26 13:52 . 2014-10-26 13:52 291352 ----a-w- c:\windows\system32\aswBoot.exe

2014-10-26 13:52 . 2014-10-26 13:52 43152 ----a-w- c:\windows\avastSS.scr

2014-10-26 13:52 . 2014-05-01 05:26 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-10-26 13:52 . 2013-06-08 21:24 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-10-26 13:52 . 2013-06-08 21:24 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-26 13:52 . 2013-06-08 21:24 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-18 01:53 . 2014-10-18 01:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2014-10-05 01:20 . 2014-10-05 01:20 519680 ----a-w- c:\windows\system32\qdvd.dll

2014-10-02 19:23 . 2014-10-02 19:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2014-10-02 19:23 . 2014-10-02 19:23 69632 ----a-w- c:\windows\system32\QuickTime.qts

2014-09-12 00:07 . 2014-09-12 00:07 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2014-09-09 21:47 . 2014-09-23 23:41 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-04 05:04 . 2014-10-18 02:01 372736 ----a-w- c:\windows\system32\rastls.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-26 13:52 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]

"DellSystemDetect"="c:\users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe" [2014-11-30 264488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 501624]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 145904]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 181232]

"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 189936]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-06-20 280576]

.

c:\users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SpyderUtility.lnk - c:\program files\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]

2010-12-17 07:45 302240 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]

2010-12-17 07:45 486560 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLEServicesCtrl]

2012-03-15 03:58 153360 ----a-w- c:\program files\Intel\Bluetooth\BleServicesCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]

2012-03-27 01:01 10881296 ----a-w- c:\program files\Intel\Bluetooth\btmshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2014-10-15 10:42 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-11-28 2631456]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2013-07-29 112608]

R3 aswVmm;avast! VM Monitor;c:\users\Grandma\AppData\Local\Temp\aswVmm.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 76800]

R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]

R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2004-10-15 44344]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-30 114904]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-07 14848]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]

R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 12288]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-07 49664]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1343400]

S0 aswRvrt;avast! Revert; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 787800]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-26 24184]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-01 70384]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-26 91496]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-10-01 151552]

S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 56480]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 450560]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]

S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]

S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-10-26 218192]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 1437696]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-12-17 34976]

S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-10-26 3192344]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 60416]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-12-17 258720]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-12-17 24736]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-12-17 175776]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-12-17 49312]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-12-17 141088]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 558592]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 48128]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-06-08 289792]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-26 322664]

S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 107840]

S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 320832]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-11-26 02:07 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-28 12:39]

.

2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-07 02:57]

.

2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-07 02:57]

.

2014-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003Core.job

- c:\users\Grandma\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 01:31]

.

2014-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003UA.job

- c:\users\Grandma\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 01:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ghostviet.com/

mStart Page = https://www.yahoo.co...t&type=avastbcl

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Grandma\AppData\Roaming\Mozilla\Firefox\Profiles\morjvmye.default\

FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe

c:\users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepMapper Data Card Uploader.lnk - c:\users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\pcmd..tion_0273333114cba30a_0001.0004_0d16dfeb5fcf88c2\PCMDCA.exe -FromStartup

MSConfigStartUp-EaseUS EPM tray - c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}

.

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(6020)

c:\program files\Dell Wireless\Bluetooth Suite\AthCopyHook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\windows\system32\PSIService.exe

c:\windows\System32\WUDFHost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\taskhost.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe

c:\program files\Microsoft Mouse and Keyboard Center\itype.exe

c:\windows\system32\WTablet\Wacom_TabletUser.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\iTunes\iTunes.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe

c:\windows\system32\conhost.exe

c:\users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\windows\ehome\ehRec.exe

c:\program files\Common Files\Apple\Mobile Device Support\ATH.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\program files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe

c:\windows\system32\conhost.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2014-11-30  22:40:49 - machine was rebooted

ComboFix-quarantined-files.txt  2014-12-01 03:40

.

Pre-Run: 240,384,905,216 bytes free

Post-Run: 239,920,103,424 bytes free

.

- - End Of File - - 2E837AACD31C81A9912A6A1E59484F90

671B81004FDD1588FA9ED1331C9CECA9

[Satchfan]

it shows you the Internet Explorer Ghostviet

That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
 

IE opens up two tabs of it and I have not been able to change that no matter what I have tried

You didn't mention this before - is it still a problem?

We need to get rid of what was found in the Eset scan.

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\MGtools\Process.exe Win32/PrcView"
del /f /s /q "C:\PDFXVwer\PDFXVwer.exe"
del /f /s /q "C:\Program Files\IObit\Advanced SystemCare 6"
del /f /s /q "C:\ProgramData\IObit\ASCDownloader"
del /f /s /q "C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"
del /f /s /q "C:\Users\Grandma\Downloads\ccsetup500.exe"
del /f /s /q "C:\Users\Grandma\Downloads\spsetup126.exe"
del /f /s /q "D:\Software - XP\PDFXVwer\PDFXVwer.exe"
del /f /s /q "D:\Software - Current\PDFXVwer.zip"
del /f /s /q "D:\Software - Current\PDFXVwer\PDFXVwer.exe"
del /f /s /q "F:\June 21-2013\speccysetup122.exe"
del /f /s /q "F:\Software - Current\PDFXVwer.zip"
del /f /s /q "F:\Software - Current\PDFXVwer\PDFXVwer.exe"
del %0

• save the Notepad file to your desktop and name it delfiles.bat
• save type as "All Files"
• on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

Please answer the question about IE.

 

Satchfan

 

[GeekStyle59]

Am going to do this and then I have to go out for a few hours. Back later in 3 hours.

[Satchfan]

Time difference - I'm off to sleep now and have a busy day tomorrow but your computer is fine so we'll complete this tomorrow.

 

Satchfan

[GeekStyle59]

Quote

it shows you the Internet Explorer Ghostviet

That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
 

Quote

IE opens up two tabs of it and I have not been able to change that no matter what I have tried

You didn't mention this before - is it still a problem?

 

 

 

Yes, it is still a problem.

[Satchfan]

Please run RogueKiller again and send the new log.

[GeekStyle59]

RogueKiller report

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Grandma [Administrator]

Mode : Scan -- Date : 12/02/2014  06:57:09

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 15 ¤¤¤

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found

[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.co...t&type=avastbcl  -> Found

[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://ghostviet.com/  -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found

[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 ATA Device +++++

--- User ---

[MBR] 55a8383f61851be5a8bba1ea2379f97c

[BSP] 47903395ed53d7ac174fbf6fe04b27d5 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_SCN_11282014_230134.log - RKreport_SCN_11292014_055922.log - RKreport_SCN_12022014_064859.log