Corrine Help please

[Corrine]

Ok i just ran TDSSKILLER and 0 (nothing) was found.

Oh boy what does this mean?

That's good, actually.

1. Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

2. Please download AdwCleaner by Xplode and save to your Desktop.

• Double-click AdwCleaner.exe to run the tool.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• Click the Scan button.
• AdwCleaner will begin. Be patient as the scan may take some time to complete.
• After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

[nd2121]

Having fun yet?

You missed my edit, adding the information about Java: "Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version."

Do you use Adobe Reader frequently? Personally, I got tired of both the Adobe Reader security vulnerabilities and switched to Sumatra PDF. If you're interested, see my blog post here: Replacing Adobe Reader with Sumatra PDF. Otherwise, to continue using Adobe Reader, uninstall Version 10 and download the latest version here: Adobe - Adobe Reader download - All versions.

1) Please look at my control panel add remove programs. You will see that the 21 and 55 versions are still showing. If you say it is ok to leave both I will.

2) Did you see where I said the TDSSKILLER found 0 (nothing) What do I do now about this virus?

 

[Corrine]

Go ahead and uninstall the Java 7 Update 21.

I replied about TDSS Killer above your last post and provided additional instructions.

 

[nd2121]

BTW my MSE program icon just disappeared from the bottom right taskbar?? Can you fix that when we are all done?

 

[nd2121]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by lee on Thu 05/01/2014 at 21:39:54.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully disinfected: [Shortcut] C:\Users\lee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk
Successfully disinfected: [Shortcut] C:\Users\lee\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\user.js
Successfully deleted: [File] C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\searchplugins\web search.xml
Successfully deleted the following from C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\prefs.js

user_pref("CT3306061.originalSearchEngine", "TrustWorthy Customized Web Search");
user_pref("CT3306061.originalSearchEngineName", "TrustWorthy Customized Web Search");
user_pref("CT3306061.smartbar.homepage", "true");
user_pref("CT3309758.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource=61&CUI=UN36841720421608311&UM=2&UP=SP61D80811-EE0F-4E04-BD89
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN18412241543604267&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Web Search");
user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN36841720421608311&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309758&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN36841720421608311&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
user_pref("smartbar.homePageOwnerCTID", "CT3306061");
user_pref("smartbar.machineId", "8CEWOSJ7MNL8CXFVB8A7RHYUO0BUNOGXEZ/EIGSR8JLSV5IIT7ZZ5L3UC151U7CHOQT5SY/IFLFVF4XVEMAGHG");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN36841720421608311&UM=2&SearchSource=13");
user_pref("yahoo.ytff.ybButtons.used", "spt_skin,cobrand_tbfull,wlp_glxy,ultf30,yhoo_glxy,ebox_glxy_ff_us,vis_srch_glxy,spr82,championslg,pres_glxy,clkstrm240,cacheldr,epa4,se
Emptied folder: C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/01/2014 at 21:52:50.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Corrine]

A restart may solve the problem of MSE in the task bar.

Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.

 

[nd2121]

A restart may solve the problem of MSE in the task bar.

Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.

Ok I thank you for all your time. Very much appreciated. couple of quick questions before you go.

1) MSE is back after a reboot

2) adw cleaner is just saying pending???? What does that mean?

I clicked log and posted below but I am not sure how long should I leave it running. It just says pending/

 

[nd2121]

AdwCleaner v3.205 - Report created 01/05/2014 at 22:07:50
# Updated 28/04/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : lee - HOME-PC
# Running from : C:\Users\lee\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\prefs.js ]


[ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\nzp3gljz.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7335 octets] - [01/05/2014 21:58:09]
AdwCleaner[R1].txt - [792 octets] - [01/05/2014 22:07:50]
AdwCleaner[S0].txt - [7549 octets] - [01/05/2014 22:01:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [911 octets] ##########

 

[nd2121]

# AdwCleaner v3.205 - Report created 01/05/2014 at 22:25:47
# Updated 28/04/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : lee - HOME-PC
# Running from : C:\Users\lee\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\prefs.js ]


[ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\nzp3gljz.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7335 octets] - [01/05/2014 21:58:09]
AdwCleaner[R1].txt - [990 octets] - [01/05/2014 22:07:50]
AdwCleaner[R2].txt - [1049 octets] - [01/05/2014 22:17:26]
AdwCleaner[S0].txt - [7549 octets] - [01/05/2014 22:01:02]
AdwCleaner[S1].txt - [972 octets] - [01/05/2014 22:25:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1031 octets] ##########

 

[nd2121]

A restart may solve the problem of MSE in the task bar.

Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.

Ok I thank you for all your time. Very much appreciated. couple of quick questions before you go.

1) MSE is back after a reboot

2) adw cleaner is just saying pending???? What does that mean?

I clicked log and posted below but I am not sure how long should I leave it running. It just says pending/

It does not say finished and shows nothing but pending. Just hangs on pending and does not move

1) first it does a quick search (2 min)

2) Then comes with this pending thing that does not go away

I am confused on how to use this program?

 

[nd2121]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by lee at 23:01:06 on 2014-05-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6156 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolsoftware.exe
C:\Windows\system32\hasplms.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolupdates.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Google
uSearch Page = Google
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
uSearchAssistant = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1250564758\ee\AOLSoftware.exe"
mRun: [EfficientReminderFree] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F06BCFFE-0B9F-43E9-BD86-132AA1088824} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sysnative.com/forums/security-arena/9693-corrine-help-please.html#post72139
FF - prefs.js: network.proxy.http - 119.110.73.23
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\lee\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll
FF - plugin: C:\Users\lee\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-05-01 22:22; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-4 21184]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-8-9 91784]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2009-8-17 198240]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-7 66560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-5 1494304]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-4-27 290520]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-18 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 System Update kb70007;System Update kb70007;C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [2014-4-30 16384]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-7 4915040]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-8-17 459776]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-7 35112]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2011-8-22 44624]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-4-7 40464]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-05-02 00:46:06 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-02 00:45:59 313256 ----a-w- C:\Windows\System32\javaws.exe
2014-05-02 00:45:59 189352 ----a-w- C:\Windows\System32\javaw.exe
2014-05-02 00:45:58 189352 ----a-w- C:\Windows\System32\java.exe
2014-05-02 00:09:25 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 00:09:25 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC87.tmp
2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC86.tmp
2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC85.tmp
2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-28 02:53:56 154840 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-04-28 02:53:35 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-04-28 02:53:30 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-04-28 02:53:28 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2014-04-28 02:53:28 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
2014-04-26 01:05:53 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-10 22:17:22 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-03 21:14:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
.
============= FINISH: 23:03:06.81 ===============

 

[nd2121]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/17/2009 11:34:00 PM
System Uptime: 5/1/2014 10:55:01 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 305.487 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 9.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#7&15BE85E8&0&20060413092100000&0#
Manufacturer: Generic-
Name: Compact Flash
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#7&15BE85E8&0&20060413092100000&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#7&15BE85E8&0&20060413092100000&3#
Manufacturer: Generic-
Name: MS/MS-Pro
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#7&15BE85E8&0&20060413092100000&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&15BE85E8&0&20060413092100000&2#
Manufacturer: Generic-
Name: SD/MMC
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&15BE85E8&0&20060413092100000&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#7&15BE85E8&0&20060413092100000&1#
Manufacturer: Generic-
Name: SM/xD-Picture
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#7&15BE85E8&0&20060413092100000&1#
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
60tons (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.4)
Aktiv MP3 Recorder
Allied Intent Xtended 2.0
Any Video Converter 3.2.5
AOL Uninstaller (Choose which Products to Remove)
APB Reloaded
Apple Application Support
Apple Mobile Device Support
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
Battlefield 2 Server
Battlefield 2(TM)
Battlefield 4™
bitRipper
BitTorrent
Boilsoft Video Splitter 5.28
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Catalina Savings Printer
CCleaner
CCScore
CDBurnerXP
CheshireCat's One Click File Joiner
CheshireCat's One Click Thumbnailer
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
ConvertXtoDVD 4.1.19.365
Coupon Printer for Windows
CutePDF Writer 2.8
CyberLink DVD Suite Deluxe
Daniusoft MP3 WAV Converter(Build 2.3.1.0)
Defraggler
Directory Lister Pro v1.35
Diskeeper 2011
DivX Plus DirectShow Filters
DivX Setup
Driver Booster
Easy Video Joiner 5.21
Efficient Reminder Free 3.55
Enhanced Multimedia Keyboard Solution
ESN Sonar
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Eve of Destruction 2.0 Levels
Eve of Destruction v2.0
Express Dictate
Express Scribe
FlightGear v3.0.0
FLV Converter 3.2
FormatFactory 3.3.1.0
Free M4a to MP3 Converter 7.1
Free Video Joiner 1.1
Freez FLV to MP3 Converter
GameSpy Comrade
GIMP 2.6.11
GOM Player
GOM Video Converter
Google Earth
Google Update Helper
Grand Theft Auto IV
GTA2
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hot CPU Tester Pro 4.4.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
I.R.I.S. OCR
ImTOO iPod Computer Transfer
inSSIDer 3
Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes
iWisoft Free Video Converter 1.2
Java 7 Update 55 (64-bit)
K-Lite Codec Pack 10.4.0 Full
Kodak EasyShare software
LabelPrint
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Labeler
Logitech Gaming Software 5.04
Logitech Unifying Software 2.10
Magic Photo Editor 5.2
Malwarebytes Anti-Malware version 1.75.0.1300
Medal of Honor Airborne
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft DirectX SDK (June 2010)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel Viewer
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Windows Media Video 9 VCM
Microsoft Works
MiniGet 1.0.8.2504
Mozilla Developer Preview (3.7a1)
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP3 Parser (KB973685)
My HP Games
MyProfessionalBusinessCards
MySoftware Fonts
netbrdg
NETGEAR Print Server Utility
Network Recording Player
Noise Reduction Plug-in 2.0i
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Update 10.11.15
NVIDIA Update Core
OfotoXMI
OpenAL
OpenOffice 4.0.1
Origin
Pale Moon 24.5.0 (x64 en-US)
Paltalk Messenger 11.2
PeaZip 2.7.beta
PeerBlock 1.1 (r518)
Perfect Resize 7
PhotoScape
Picasa 3
PokerStars
PokerStars.net
Power2Go
PowerDirector
PSSWCORE
PunkBuster Services
Python 2.5.2
QuickTime
Ralink Wireless LAN
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Redist
Replay Video Capture
Revo Uninstaller 1.95
RTC Client API v1.2
Sandbox
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SFR
SHASTA
Should I Remove It
Silent Hunter Wolves of the Pacific
skin0001
SKINXSDK
Skype™ 5.5
Smart Defrag 3
SoulSeek 157 NS 13e
Sound Forge Pro 10.0
Source SDK Base 2007
Speckie
SpeedFan (remove only)
Spybot - Search & Destroy
SpywareBlaster 4.5
SpywareGuard v2.2
staticcr
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
System Update kb70007
Team Fortress 2
TeamViewer 9
Total Eclipse 4.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Verizon Media Manager
VideoToolkit01
VidSplitter
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.4
VPRINTOL
VS10Runtimex64
Vz In Home Agent
WebEx Event Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Live ID Sign-in Assistant
Windows Movie Maker 2.6
WinRAR archiver
WIRELESS
World of Warplanes
Worldwide Web Research
XviD v1.2.0 CVS
Zero Ballistics
.
==== End Of File ===========================

 

[Corrine]

Hi, nd2121.

You need a it of patience. The results from AdwCleaner are merely that the program didn't find anything to remove. It appears that JRT (Junkware Removal Tool) had already done the heavy lifting.

Your log doesn't show any signs of AVG so it appears that the uninstaller tool did the trick.

When updating Flash Player, you need to update for both IE (even if you don't use it regularly) and non-IE browsers. So, although you did part of the update, you still need to update for IE as your log shows "Adobe Flash Player 11 ActiveX". The direct download for Flash Player For Internet Explorer 7, 8, 9, 10, 11 is available here: http://download.macromedia.com/get/...sing/win/install_flash_player_13_active_x.exe

Are you still getting pop-ups?

 

[nd2121]

Ok I am back,

I have Windows Vista btw

1) updating Flash Player, I followed your instructions last night to the letter. I know I did both. I do not know why it did not stick. I just did it again and followed your link

2) So I am glad you had to go last night. I was getting really tired. Working on this computer all day. So I checked last night before I turned off computer. The Russian bride ads were gone. So I went back to Healthgrades > Find a Doctor | Doctor Reviews | Hospital Ratings This is where I saw all the pop ups when I turned off ad block plus. So I crossed my fingers and tried it. The POP UPs are GONE! It seems the virus liked that Doctor website for some reason. I use it to look up doctors.

So it seems that the virus might be gone. YET, I do not know what we did last night to fix it. Non of the programs looked like they found anything. I would agree if any program did it. It was JWT. Yet I remember it did not find anything or much of anything. My computer seems a little faster also.

Although it does seem Adblock plus is letting one ad in on google. For example when I look up cars. It shows a cars.com ad. The ads on the bottom of the page are gone. Don't think it is the vrius just abp now? Any idea?

3) So at 10am not convinced it was really gone and that we just found the droids and not the mother ship. I did an emisoft scan. It found 3 no risk traces and ZERO virus. I also started MSE scan So far over 5 hours scanning and no virus showed up yet like yesterday. Why does it take so long with MSE? It is still going. I want to make 100% sure we going it all. Last night MSE kept showing win32/ buvmat!rts. Of course I removed the virus and stopped using all scans when you started to help me. I will uninstall all virus scanners except MSE. I just wanted to try different ones to make sure

4) The scrolling on Plalemoon seems jerky now? Anything we can do to fitx it? Was never that way before.

5) Is there any other scan we can try to make sure it is 100% clean? I am really paranoid that we did not get it all. I think there was one main (mother ship) sending out many little virus.

6) Would you recommend a system Restore? To get the system back before the virus?

7) Besides Smart defrag. Any better free defragger out there?

8) Besides toolwiz care free. Any better system optimizer?

9) Would you recommend doing any scans in safe mode and if yes, which ones?

Without your help I would of been lost. I really do not know how to thank you.

 

[Corrine]

Hi, nd2121. I'll do my best to address your enumerated items:

1) updating Flash Player

No idea why is still showed the old version in the log but you should be fine now -- that is until the next update! Keep in mind that, unless there is an out-of-band update, Adobe generally updates Flash Player on "Patch Tuesday" (2nd Tuesday of the month).

2) So I am glad you had to go last night. I was getting really tired. Working on this computer all day. So I checked last night before I turned off computer. The Russian bride ads were gone.
I can understand you you felt. To begin with, our computers have become an important tool -- whether it is for work or playing games, doing research, staying in contact with friends . . . so when there is a problem, it is very frustrating until fixed.

The removal of the trojans was handled by Malwarebytes and MSE. The developers of the Junkware Removal Tool and AdwCleaner work very closely with the security community, regularly receiving additional items to add to detection. I am sure that was why JRT was able to remove the additional items that were causing the problem. AdBlock Plus is good but not perfect.

3) Why does it take so long with MSE? It is still going. I want to make 100% sure we going it all. Last night MSE kept showing win32/ buvmat!rts. Of course I removed the virus and stopped using all scans when you started to help me. I will uninstall all virus scanners except MSE. I just wanted to try different ones to make sure

Why does MSE take so long? Look at what you have on your C: Drive: 686 GiB total, 311.006 GiB free. It also takes longer to scan compressed files -- having to decompress to scan and then compress again.

You may want to keep either Malwarebytes or SUPERAntiSpyware for occasional scanning of your computer. Once a week or so should be sufficient.

4) The scrolling on Plalemoon seems jerky now? Anything we can do to fitx it? Was never that way before.

That I'm not sure about but satrow may have a suggestion.

5) Is there any other scan we can try to make sure it is 100% clean? I am really paranoid that we did not get it all. I think there was one main (mother ship) sending out many little virus.

Yes, due to how badly infected your computer was, I have plans for running another tool. Those instructions follow.

6) Would you recommend a system Restore? To get the system back before the virus?

Now, not after you've done all this work to update and clean your computer. Don't do anything now but later we'll take care of any infected restore points.

7) Besides Smart defrag. Any better free defragger out there?

I know there are a lot of people with personal preferences. Personally, I stick with the built in Windows defrag tool.

---

Ok, just because of the nature of what was on your computer, I would like you to run ComboFix. It is a very powerful tool so please follow the instructions exactly. (While you're doing that, I'll take care of the cat & dogs and get dinner started so take your time!)

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. (Don't worry about MSE.)
  
  Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  
• If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

8) Besides toolwiz care free. Any better system optimizer?

9) Would you recommend doing any scans in safe mode and if yes, which ones?

Without your help I would of been lost. I really do not know how to thank you.[/QUOTE]

 

[nd2121]

If it is ok with you. I would like to wait for combo fix. I am in the middle of doing a full scan with MSE. It is almost on its 8 hour. According to the scale over 3/4. It looks like it might be done in a hour or so. Since I already put in 8 hours I would like to wait for MSE to finish.


PS The Palemoon Jerky motion has gone away

 

[Corrine]

Most definitely finish the MSE scan first I'll want some time to review the ComboFix log. Then we'll determine if any additional scans are needed. Following that, we'll "clean up" the tools we used.

Glad Pale Moon is working smoothly again. :thumbsup2:

 

[nd2121]

I still wait for MSE, BUT

I BELIEVE I AM STILL INFECTED. Please note this happens only on palemoon (never before). Not firefox or IE

1) I belong to a band forum. The Doors Message Board
When I click on reply or Quote to reply. Nothing happens. When I disable Adblock plus a pop up opens and takes me to

Welcome to www.lpcloudbox327.com ( DO NOT CLICK THIS, Just to show where I am being DIRECTED)

I then get asked to click for media player and the same Long VIRUS AD is posted.

HELP! lol this is not funny

It seems that palemoon is the only browser infected? Is that possible?

 

[Corrine]

When MSE finishes, please follow the instructions to run ComboFix.

 

[nd2121]

MSE finished ( NOTHING FOUND NO VIRUS) going to do it now after a quick reboot