Computer Hope
Software => Computer viruses and spyware => Topic started by: MP1975 on October 19, 2013, 08:22:50 AM
-
Hello all ,
HP Pavilion Entertainment PC, Vista.
Everything on my daughters computer seems to be accountable to X Vidly. I used Ccleaner and uninstalled it to no avail. When I look in ccleaner again the entry is no longer there but I'm sure the software is here someplace. I uninstalled and reinstalled Mozilla and that didn't work. I just ran Malwarebytes and showed 29 bad files. If I get 1 thats odd 29 is way out of the ballpark. Removed all 29 entries and retarted PC. rerunning MWB - this time it showed 0 infections.
Another very odd thing, In mozilla there are no graphics just alpha characters underlined and when in IE it wants me to update my browser but wants to take me to a http//rvzr-a-akamaihd.net site which I did not do.
I just stumbled onto this, when In Mozilla, if I go to netflix the initial attempt I just gets words o the screen but no graphics when I refresh the screen using the circle on the toolbar the correct netflix screen comes up graphics and all. This also worked for yahoo but it did not work for clubwpt. More when I get it.
Again TY in advance.
# AdwCleaner v3.008 - Report created 18/10/2013 at 11:10:20
# Updated 17/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Gab - GAB-PC
# Running from : C:\Users\Gab\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : BackupStack
Service Found : Update lucky leap
Service Found : Viewpoint Manager Service
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\b5363pub.default\Extensions\[email protected]
File Found : C:\Users\Gab\Desktop\MyPC Backup.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\b5363pub.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\lucky leap
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\Viewpoint
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\Gab\AppData\Local\SwvUpdater
Folder Found C:\Users\Gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\Software\lucky leap
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\b5363pub.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.InstallationThankYouPage", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.InstallationTime", 1382061288);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.active", true);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.addressbar", "NA");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.addressbarenhanced", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.backgroundver", 2);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.certdomaininstaller", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.changeprevious", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.cookie.InstallationTime.ex piration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.cookie.InstallationTime.va lue", "1382061288");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.description", "Turn YouTube videos to High Definition by default");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.domain", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.enablesearch", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.homepage", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.iframe", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.InstallerIdenti fiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.InstallerIdenti fiers.value", "%7B%22installer_bic%22%3A%22D85CD810EF92409195D8A74B59125[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_appVe r.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_appVe r.value", "90");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_lastV ersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_lastV ersion.value", "2");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_meta. expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_meta. value", "%7B%7D");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_nextC heck.expiration", "Fri Oct 18 2013 14:09:36 GMT-0700 (Pacific Standard T[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_nextC heck.value", "true");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_queue .expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.Resources_queue .value", "%7B%7D");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb._country_code_. expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb._country_code_. value", "%22US%22");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.installer.expir ation", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.installer.value ", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22D85CD810[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.monetization_pl ugin_last_executable_request.expiration ", "Fri Oct 18 2013 20:56:24 GMT-[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.internaldb.monetization_pl ugin_last_executable_request.value", "%22hxxp%3A//sdlc-esd.sun.com/ESD6/[...]
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.lastDailyReport", "1382108009520");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.lastUpdate", "1382108009525");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.manifesturl", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.name", "Plus-HD-1.6");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.newtab", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.opensearch", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/32002/plugins/092/ff/plugins.json");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.pluginsversion", 77);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.publisher", "Plus HD");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.searchstatus", 0);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.setnewtab", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.thankyou", "");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.updateinterval", 360);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.32002.ver", 90);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.apps", "32002");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.bic", "141c945a95d62c16d9e594701b8a6979");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.cid", 32002);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.firstrun", false);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.hadappinstalled", true);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.installationdate", 1382061288);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.modetype", "production");
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.reportInstall", true);
Line Found : user_pref("extensions.a6c937ed6be664f729a60ce5789c c7f0953ba67122cae46e2b82195baea44e049co m32002.statsDailyCounter", 3);
Line Found : user_pref("extensions.crossrider.bic", "141c945a95d62c16d9e594701b8a6979");
*************************
AdwCleaner[R0].txt - [18199 octets] - [18/10/2013 11:10:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18260 octets] ##########
MP.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
*******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Hello Dave,
I tried , twice, to install the adwcleaner from from the path given here and :
1. It does not save to my desktop
2. I do not see a delete option.
The only two function not greyed out are scan and uninstall.
Not sure if you wanted me to continue with junk removal so I stopped here.
Thanks for the help,
MP.
-
I do not see a delete option.
The only two function not greyed out are scan and uninstall.
Not sure if you wanted me to continue with junk removal so I stopped here.
First run the scan and then hit the delete button. Please continue with the other scans.
-
# AdwCleaner v3.010 - Report created 24/10/2013 at 18:07:21
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Gab - GAB-PC
# Running from : C:\Users\Gab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE1Q6YLS\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\END
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416678}
Key Deleted : HKLM\Software\systweak
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\k9kl0sg1.default-1382124064032\prefs.js ]
*************************
AdwCleaner[R0].txt - [18341 octets] - [18/10/2013 11:10:20]
AdwCleaner[R1].txt - [1288 octets] - [24/10/2013 17:56:57]
AdwCleaner[S0].txt - [18445 octets] - [18/10/2013 11:43:40]
AdwCleaner[S1].txt - [1219 octets] - [24/10/2013 18:07:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1279 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Gab on Thu 10/24/2013 at 18:15:24.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322202202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412258}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412278}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Gab\AppData\Roaming\xvidly"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/24/2013 at 18:22:17.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Screen 317 did not like this computer.
UNSUPPORTED OPERATING SYSTEM! ABORTED!
-
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Dave ,
Thanks again for the help. Here is the Combofix report.
And before I forget I use AVG, Malewarebyte and superanitispyware.
Run them weekly. Is there anything else I shoudl add to this regimen.
ComboFix 13-10-26.01 - Gab 10/26/2013 10:53:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1919 [GMT -7:00]
Running from: c:\users\Gab\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-26 to 2013-10-26 )))))))))))))))))))))))))))))))
.
.
2013-10-26 18:03 . 2013-10-26 18:03 -------- d-----w- c:\users\Gab\AppData\Local\temp
2013-10-26 18:03 . 2013-10-26 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-25 01:15 . 2013-10-25 01:15 -------- d-----w- c:\windows\ERUNT
2013-10-20 02:53 . 2013-10-20 02:53 -------- d-----w- c:\program files\Microsoft Silverlight
2013-10-19 10:09 . 2013-10-19 10:09 0 ----a-w- c:\windows\system32\updB7C6.tmp
2013-10-19 07:09 . 2013-10-19 07:09 0 ----a-w- c:\windows\system32\updD936.tmp
2013-10-19 04:09 . 2013-10-19 04:09 0 ----a-w- c:\windows\system32\upd1A8.tmp
2013-10-18 19:38 . 2013-10-08 20:46 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-10-18 19:38 . 2013-10-08 20:46 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-10-18 19:37 . 2013-10-18 19:37 -------- d-----w- c:\users\Gab\AppData\Roaming\AVG
2013-10-18 19:31 . 2013-10-18 19:51 -------- d-----w- c:\programdata\AVG
2013-10-18 19:31 . 2013-10-18 19:56 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-10-18 18:30 . 2013-10-18 18:30 388096 ----a-r- c:\users\Gab\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-18 18:30 . 2013-10-18 18:30 -------- d-----w- c:\program files\Trend Micro
2013-10-18 18:09 . 2013-10-25 01:07 -------- d-----w- C:\AdwCleaner
2013-10-18 17:56 . 2013-10-18 17:56 -------- d-----w- c:\users\Gab\AppData\Local\AVG SafeGuard toolbar
2013-10-18 17:55 . 2013-10-18 17:55 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-18 17:55 . 2013-10-18 17:56 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-10-18 17:55 . 2013-10-18 17:55 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-10-18 16:31 . 2013-10-18 16:31 -------- d-----w- c:\program files\DIFX
2013-10-18 16:24 . 2013-10-20 00:44 -------- d-----w- c:\users\Gab\AppData\Local\Hewlett-Packard
2013-10-18 16:19 . 2013-10-18 16:58 -------- d-----w- C:\Downloads
2013-10-18 15:59 . 2013-10-08 14:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-18 15:31 . 2013-10-18 15:31 -------- d-----w- c:\windows\en
2013-10-18 15:30 . 2012-03-09 01:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-10-18 15:27 . 2013-10-18 15:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-10-18 15:25 . 2013-10-18 15:31 -------- d-----w- c:\program files\Windows Live
2013-10-18 15:24 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-10-18 15:24 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-10-18 15:24 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-10-18 15:24 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-10-18 15:23 . 2013-10-18 15:23 -------- d-----w- c:\users\Gab\AppData\Local\Windows Live
2013-10-18 15:23 . 2013-10-18 15:23 -------- d-----w- c:\program files\Common Files\Windows Live
2013-10-18 15:22 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-10-18 15:16 . 2013-10-18 15:16 -------- d-----w- c:\program files\LSI SoftModem
2013-10-18 15:08 . 2013-10-18 15:08 0 ----a-w- c:\windows\system32\updF.tmp
2013-10-18 06:18 . 2013-10-18 06:18 0 ----a-w- c:\windows\system32\upd48B6.tmp
2013-10-18 02:50 . 2013-10-18 02:50 0 ----a-w- c:\windows\system32\upd3ABF.tmp
2013-10-18 02:50 . 2013-10-18 02:50 0 ----a-w- c:\windows\system32\upd28C4.tmp
2013-10-18 02:47 . 2013-10-18 02:47 0 ----a-w- c:\windows\system32\upd7271.tmp
2013-10-18 02:46 . 2013-09-17 20:41 364544 ----a-w- c:\windows\system32\webmakerplus.dll
2013-10-18 02:45 . 2013-10-18 02:45 -------- d-----w- c:\users\Gab\AppData\Roaming\Online Download Accelerator
2013-10-18 02:45 . 2013-10-18 03:14 -------- d-----w- c:\users\Gab\AppData\Roaming\5261c755160ba0fb78005c00
2013-10-18 02:41 . 2013-10-18 02:41 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2013-10-12 10:07 . 2013-10-12 10:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-10-08 00:57 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 00:56 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-07 01:00 . 2013-10-07 01:00 -------- d-----w- c:\programdata\WindowsSearch
2013-10-06 04:30 . 2013-10-18 19:56 -------- d-----w- c:\users\Gab\AppData\Roaming\HpUpdate
2013-10-06 04:29 . 2013-10-06 04:29 -------- d-----w- c:\windows\Hewlett-Packard
2013-10-04 18:50 . 2013-10-04 18:50 -------- d-----w- c:\users\Gab\AppData\Local\AOL
2013-10-04 18:48 . 2013-10-04 18:48 -------- d-----w- c:\program files\CCleaner
2013-10-04 18:35 . 2013-10-04 18:35 -------- d-----w- c:\users\Gab\AppData\Roaming\SUPERAntiSpyware.com
2013-10-04 18:35 . 2013-10-04 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-04 18:35 . 2013-10-04 18:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-04 18:12 . 2013-10-04 18:12 -------- d-----w- c:\users\Gab\AppData\Roaming\Malwarebytes
2013-10-04 18:12 . 2013-10-04 18:12 -------- d-----w- c:\programdata\Malwarebytes
2013-10-04 18:12 . 2013-10-04 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-04 18:12 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-03 03:40 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-10-02 10:59 . 2013-10-02 10:59 -------- d-----w- c:\program files\Windows Portable Devices
2013-10-02 10:24 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-10-02 10:24 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-10-02 10:24 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-10-02 10:23 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-02 10:23 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-02 10:23 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-02 10:23 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-10-02 10:23 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-10-02 10:23 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-10-02 10:23 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-10-02 10:17 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-02 10:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-02 10:17 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-01 10:35 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-10-01 10:35 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-10-01 10:35 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-10-01 10:35 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-10-01 10:35 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-10-01 10:35 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-01 10:34 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2013-10-01 10:34 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-10-01 10:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-10-01 10:31 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-10-01 10:31 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-01 10:30 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-10-01 10:30 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-01 10:29 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-10-01 10:29 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-10-01 10:29 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-10-01 10:29 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-01 10:29 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-10-01 10:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-01 10:28 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-10-01 10:28 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-10-01 10:27 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-10-01 10:26 . 2013-08-03 02:06 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-10-01 10:24 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-10-01 10:24 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-01 10:24 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2013-10-01 10:24 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-10-01 10:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-10-01 10:23 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-10-01 10:23 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-10-01 10:23 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-01 10:23 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-10-01 10:23 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-10-01 10:22 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-10-01 10:22 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2013-10-01 10:22 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-10-01 10:22 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-10-01 10:22 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-01 10:22 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-01 10:22 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-10-01 10:22 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-10-01 10:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-10-01 10:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2013-10-01 10:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-10-01 10:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-10-01 10:21 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2013-10-01 10:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2013-10-01 10:21 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-10-01 10:21 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-10-01 10:20 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-10-01 10:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-18 15:25 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-27 00:48 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-27 00:48 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-26 03:57 . 2013-09-26 03:57 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-14 18:36 . 2013-09-14 18:36 6656 ----a-w- c:\windows\system32\kbd106n.dll
2013-09-11 05:11 . 2013-09-11 05:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 05:12 . 2013-09-09 05:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 17:39 . 2013-09-02 17:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 17:28 . 2013-09-02 17:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 17:28 . 2013-09-02 17:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 17:28 . 2013-09-02 17:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-21 05:54 . 2013-08-21 05:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-07 20:11 . 2013-08-07 20:11 7680037 ----a-w- C:\xvidly.exe
2013-08-03 04:22 . 2013-10-01 10:26 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-08-01 23:08 . 2013-08-01 23:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-28 442467]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Gab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\Gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-10-02 19:54 5706480 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 11:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-27 01:54]
.
2013-10-24 c:\windows\Tasks\HPCeeScheduleForGab.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-23 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\k9kl0sg1.default-1382124064032\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-09-17 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-26 11:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Gab\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-10-26 11:05:00
ComboFix-quarantined-files.txt 2013-10-26 18:04
.
Pre-Run: 171,173,908,480 bytes free
Post-Run: 171,201,585,152 bytes free
.
- - End Of File - - 6EB6B75AAEF87DEA47C1D3354C90330D
85D751F0E41B8E520AEE8C07A8DA777B
-
I use AVG, Malewarebyte and superanitispyware.
Run them weekly. Is there anything else I shoudl add to this regimen.
That looks good. You could also turn on Windows Defender and run AdwCleaner and Junkware Remove tool weekly.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Hello Dave ,
Quick question. How long should that take to run ?
Approx 1 hr now...Something is hitting my hard drive.
Can only "Assume" thats it. Only thing I have running.
Thanks,
MP.
-
Ok, please try this one.
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 2949734400, free: 1638182912
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 2949734400, free: 1903628288
Could not load protection driver
Downloaded database version: v2013.11.08.07
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/08/2013 13:24:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\hpcisss.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu160m.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\djsvs.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\i2omp.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\iteatapi.sys
\SystemRoot\system32\drivers\iteraid.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\megasr.sys
\SystemRoot\system32\drivers\mraid35x.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\sisraid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\symc8xx.sys
\SystemRoot\system32\drivers\sym_hi.sys
\SystemRoot\system32\drivers\sym_u3.sys
\SystemRoot\system32\drivers\uliahci.sys
\SystemRoot\system32\drivers\ulsata.sys
\SystemRoot\system32\drivers\ulsata2.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\Amddfltr.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff868aa370
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xffffffff85653890
Lower Device Driver Name: \Driver\ahcix86s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff868aa370, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff869add18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff868aa370, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff868aac48, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff867a7590, DeviceName: Unknown, DriverName: \Driver\Amddfltr\
DevicePointer: 0xffffffff85653890, DeviceName: \Device\00000090\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 28C428C3
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 467326913
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 467326976 Numsec = 21063680
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Read File: File "c:\programdata\avg2014\chjw\84444a7e444a734a.dat:e2615729-56b5-447a-8d9a-630b161e027c" is sparse (flags = 32768)
Read File: File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-c0d15817-367f-4153-9e22-8623c59cf41e.tmp" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.11.08.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gab :: GAB-PC [administrator]
11/8/2013 1:24:11 PM
mbar-log-2013-11-08 (13-24-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 210783
Time elapsed: 15 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Dave ,
I ran eset but at the end there was no export to text file or back, just a finish.
There were no threats found but not sure where to get you the report.
There's none on the desk top either.
Thanks again,
MP.
-
Dave ,
I ran eset but at the end there was no export to text file or back, just a finish.
There were no threats found but not sure where to get you the report.
There's none on the desk top either.
Thanks again,
MP.
How's your computer running now? Any other issues before we clean up?
-
Dave ,
Again I can't thank you eneough.
The computer seems just fine. The only thing that keeps popping up is a CLSched has stopped running message.
Otherwise running like a champ.
MP.
-
Ok, let's do some clean up.
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you.
*************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dave as usual you've earned the "Super" Moniker. lol
All fixed, all celaned up and read one of the articles so far.
Always something new to learn.
Again thanks so much,
Happy Holidays if I don't have another problem before then.
MP.
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.