Solved Updateflashplayer virus

fordmann

Posts: 31   +0
I have apparently clicked on something I shouldn't have and now have several virus warnings on my AVG and continuously get pop-ups asking me if I want to allow flash player updates. I have run the AVG and the viruses are quarantined then I delete them but the pop up always comes back and more viruses are detected. A vicious cycle that never gets resolved. I have tried uninstalling anything recently downloaded but I still have it. I have done all the preliminary things this site says to do before contacting you. Can you help me clean up my computer, please?

Thanks.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/17/2014
Scan Time: 1:34:41 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.17.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Holly

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300958
Time Elapsed: 14 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2387700919-4103196123-1702309283-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [374722305b204bebcc946334f30f40c0],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2387700919-4103196123-1702309283-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [3f3f282a9fdc79bde78b6f2e8979c937],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3320244, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],

Registry Values: 1
PUP.Optional.Conduit, HKU\S-1-5-21-2387700919-4103196123-1702309283-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Holly\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, Quarantined, [b0ceaaa886f5290d2f05665b0102b44c]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3320244, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],

Files: 36
Spyware.Zbot.ED, C:\Users\Holly\AppData\Local\Temp\UpdateFlashPlayer_c06af72a.exe, Quarantined, [d3ab450df08bc670a662f980748d27d9],
PUP.Adware.DomaIQ, C:\Users\Holly\Downloads\7-zip.exe, Quarantined, [413db69c0378bf7740e4b84cf60ba25e],
PUP.Optional.Conduit.A, C:\Users\Holly\Downloads\Setup_brch.exe, Quarantined, [d8a6bc9687f4fd397293e06ac8394db3],
Spyware.Zbot.ED, C:\Users\Holly\AppData\Local\htvuxkld.exe, Quarantined, [bcc21c365f1cf4423e44bcb7fe0307f9],
Trojan.Agent.ED, C:\Users\Holly\AppData\Local\nmmvxnkv.exe, Quarantined, [6d11bd958bf0b87e66db093f5ba64db3],
Spyware.Zbot.ED, C:\Users\Holly\AppData\Local\uiohidpe.exe, Quarantined, [1e6072e05d1e69cd3ed85527d22f05fb],
PUP.Optional.Conduit.A, C:\Users\Holly\AppData\Local\Conduit\CT3320244\MessageViewer_3AutoUpdateHelper.exe, Quarantined, [96e80e44e39881b581ae78a6669aaa56],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 120661228.job, Quarantined, [4c32a7abfe7d4ee82ada8d1261a22fd1],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1320074114.job, Quarantined, [9be33919007bdc5a8f75faa58281669a],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1338660506.job, Quarantined, [3c42e270fe7df244689caff08c77ba46],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1842325781.job, Quarantined, [0678232f8cefd0663ec63b640300ef11],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2239993111.job, Quarantined, [e995fa586b10d36340c46d32d42f57a9],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2319465856.job, Quarantined, [2b536ae866150531f014217e22e10cf4],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2510351536.job, Quarantined, [1c620250dd9e4bebe91becb33fc4b050],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2551898832.job, Quarantined, [7c02262c6c0f92a464a0e5baa1629967],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2762813566.job, Quarantined, [5d21ba9828530234fd074c53dc2748b8],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2947698746.job, Quarantined, [ed912e2455262e08659fe3bc25de18e8],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3141716770.job, Quarantined, [7d0167ebf4879f97a064e2bd976cab55],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3192341216.job, Quarantined, [ed917cd61c5f71c5e2221b84ab5844bc],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 321130532.job, Quarantined, [7c0290c2abd09c9a07fd811e857eb64a],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3313625929.job, Quarantined, [2f4f460c39425cda0ef6089755aeb34d],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3353303088.job, Quarantined, [235b69e91962f046af55c1dead566d93],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3387020193.job, Quarantined, [c8b6371ba7d460d659ab415e996a3ec2],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3408216698.job, Quarantined, [e896193917642115e91be2bdd2319967],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3657746127.job, Quarantined, [582664eec8b3aa8c5aaa1c83dc27a858],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4016708674.job, Quarantined, [007e95bd8eed93a334d0acf3a360738d],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4130581147.job, Quarantined, [29551a38abd0270ffe06554ad0339967],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4223862125.job, Quarantined, [7d01fd55b5c6b97d41c31a85f80b03fd],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 464223690.job, Quarantined, [502eafa3cfac989efc08623d28dbfb05],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 739104321.job, Quarantined, [3549163c512ae05662a2c4dbdb286d93],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 807508863.job, Quarantined, [4935cf832457181e16ee643b6c9759a7],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 880272521.job, Quarantined, [106ef260e19ac175c93b0a952bd8dc24],
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [681687cbd8a363d3cbc58c31d033d927],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3320244\configutaion.json, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3320244\SetupIcon.ico, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3320244\UninstallerUI.exe, Quarantined, [a3db5200d7a496a0f2ee6b0656ac936d],

Physical Sectors: 0
(No malicious items detected)


(end)
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/6/2012 11:04:03 AM
System Uptime: 5/17/2014 1:35:42 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 04G65K
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 799.021 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 5/15/2014 10:26:47 AM - Removed DriverUpdate
RP153: 5/15/2014 10:32:01 AM - Removed DriverUpdate
RP154: 5/15/2014 5:15:05 PM - Windows Update
RP155: 5/16/2014 5:44:05 PM - Removed Adobe Reader XI (11.0.07).
RP156: 5/16/2014 5:45:42 PM - Removed Adobe Reader XI (11.0.07).
RP157: 5/16/2014 5:46:38 PM - Removed Adobe Reader XI (11.0.07).
RP158: 5/16/2014 5:47:04 PM - Removed Skype Click to Call
RP159: 5/16/2014 6:21:05 PM - Removed DriverUpdate
RP160: 5/16/2014 6:21:46 PM - Removed Skype™ 6.14
RP161: 5/16/2014 6:23:03 PM - Removed H&R Block Deluxe + Efile + State 2012.
RP162: 5/17/2014 7:52:30 AM - Removed DriverUpdate
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Community Help
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader XI (11.0.07)
Advanced Audio FX Engine
AntiLogger SDK version 1.6.6.247
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 6
AVG 2014
Banctec Service Agreement
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MX890 series MP Drivers
Canon MX890 series On-screen Manual
Canon MX890 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities Solution Menu
Complete Care Business Service Agreement
Conexant SmartAudio HD
Consumer In-Home Service Agreement
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DING!
DriverUpdate
eBay
Elements 9 Organizer
Elements STI Installer
Elevated Installer
Facebook Video Calling 2.0.0.447
Garmin City Navigator North America NT 2013.40 Update
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Garmin Update Service
Google Chrome
Google Update Helper
H&R Block Deluxe + Efile + State 2012
H&R Block Maryland 2012
iCloud
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 9
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.1.1004
Memeo AutoSync
Memeo Instant Backup
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Money 2006
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Holly at 14:05:42 on 2014-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.5020 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
svchost.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\splwow64.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly [Admin rights]
Mode : Remove -- Date : 05/17/2014 17:15:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\Holly\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f733ef60792247d3a7c9b91405c3a15b-d625e72e9bf75e582594fd1d74c5f332a2e774d9 /CMPID=1113a [x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : uqabfoja ("C:\Users\Holly\AppData\Local\iwvtngpp.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : qmaitnbx ("C:\Users\Holly\AppData\Local\pxohlmjr.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\Holly\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f733ef60792247d3a7c9b91405c3a15b-d625e72e9bf75e582594fd1d74c5f332a2e774d9 /CMPID=1113a [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : uqabfoja ("C:\Users\Holly\AppData\Local\iwvtngpp.exe" [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : qmaitnbx ("C:\Users\Holly\AppData\Local\pxohlmjr.exe" [-]) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly [Admin rights]
Mode : Remove -- Date : 05/17/2014 17:15:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\Holly\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f733ef60792247d3a7c9b91405c3a15b-d625e72e9bf75e582594fd1d74c5f332a2e774d9 /CMPID=1113a [x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : uqabfoja ("C:\Users\Holly\AppData\Local\iwvtngpp.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : qmaitnbx ("C:\Users\Holly\AppData\Local\pxohlmjr.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\Holly\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f733ef60792247d3a7c9b91405c3a15b-d625e72e9bf75e582594fd1d74c5f332a2e774d9 /CMPID=1113a [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : uqabfoja ("C:\Users\Holly\AppData\Local\iwvtngpp.exe" [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2387700919-4103196123-1702309283-1001\[...]\Run : qmaitnbx ("C:\Users\Holly\AppData\Local\pxohlmjr.exe" [-]) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10JPVT-75A1YT0 +++++
--- User ---
[MBR] e8efc619c1e8a35b0730bc0f034ffb00
[BSP] b325ad40e449de014c4a034df84f3707 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 20286 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41627648 | Size: 933542 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05172014_171555.txt >>
RKreport[0]_S_05172014_165007.txt
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Holly :: HOLLY-LAPTOP2 [administrator]

5/18/2014 12:05:27 AM
mbar-log-2014-05-18 (00-05-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 296537
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8487546880, free: 4529217536

Downloaded database version: v2014.05.18.01
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 216E4808

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 41545728
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 41627648 Numsec = 1911894016

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Is this all I need to do? Nothing was found on this last scan. When all this is finished should I uninstall these programs you had me download?

Thanks for your help.

Holly
 
We're not done...
From my rules:
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I wasn't going to quit until you said so. I just thought we were done. My computer seems to be running well now.
Do I have to uninstall the AVG on my computer to download the Combofix, or can I just disable it temporarily? Also the Malwarebytes anti malware program you had me install, do I need to disable or uninstall it before the Combofix? If so, can you tell me how I do that? Thanks.
 
ComboFix 14-05-16.01 - Holly 05/18/2014 19:53:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.5058 [GMT -4:00]
Running from: c:\users\Holly\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\Roaming
c:\users\Holly\AppData\Local\iwvtngpp.exe
c:\users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA8AAF75-5D56-4202-8B36-F428D7629730}.xps
c:\users\Holly\AppData\Local\pxohlmjr.exe
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2014-04-19 to 2014-05-19 )))))))))))))))))))))))))))))))
.
.
2014-05-19 00:02 . 2014-05-19 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-19 00:02 . 2014-05-19 00:02 -------- d-----w- c:\users\Mike\AppData\Local\temp
2014-05-18 04:05 . 2014-05-18 04:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-05-17 17:19 . 2014-05-18 23:48 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 17:19 . 2014-05-18 04:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-17 17:19 . 2014-05-17 17:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-17 17:19 . 2014-05-17 17:19 -------- d-----w- c:\programdata\Malwarebytes
2014-05-17 17:19 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-17 17:19 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-16 21:39 . 2014-05-16 21:40 -------- d-----w- c:\users\Holly\AppData\Roaming\Penumoas
2014-05-16 20:59 . 2014-05-16 21:00 -------- d-----w- c:\users\Holly\AppData\Roaming\Efefem
2014-05-15 21:19 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 21:19 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 21:19 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 21:19 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 20:43 . 2014-05-15 20:44 -------- d-----w- c:\users\Holly\AppData\Roaming\Nuebiw
2014-05-14 22:44 . 2014-05-14 22:44 -------- d-----w- c:\users\Holly\AppData\Roaming\Nuwiziac
2014-05-13 21:43 . 2014-05-13 21:44 -------- d-----w- c:\users\Holly\AppData\Roaming\Guxozak
2014-05-13 17:41 . 2014-05-13 17:41 -------- d-----w- c:\users\Holly\AppData\Roaming\Ykavbim
2014-05-13 13:45 . 2014-05-13 13:45 -------- d-----w- c:\users\Holly\AppData\Roaming\Ziuvlyys
2014-05-12 21:49 . 2014-05-12 21:50 -------- d-----w- c:\users\Holly\AppData\Roaming\Azetvimu
2014-05-12 19:51 . 2014-05-12 19:52 -------- d-----w- c:\users\Holly\AppData\Roaming\Etumafi
2014-05-11 12:28 . 2014-05-11 12:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Yhzeuwro
2014-05-10 22:10 . 2014-05-10 22:10 -------- d-----w- c:\users\Holly\AppData\Roaming\Idmefyu
2014-05-10 17:43 . 2014-05-10 17:43 -------- d-----w- c:\users\Holly\AppData\Roaming\Diuxecf
2014-05-09 01:38 . 2014-05-09 01:39 -------- d-----w- c:\users\Holly\AppData\Roaming\Sofenym
2014-05-08 23:52 . 2014-05-08 23:53 -------- d-----w- c:\users\Holly\AppData\Roaming\Nicoumoc
2014-05-08 18:40 . 2014-05-08 23:41 -------- d-----w- c:\users\Holly\AppData\Roaming\Sypeolu
2014-05-08 18:37 . 2014-05-08 18:37 -------- d-----w- c:\users\Holly\AppData\Roaming\Aslautug
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 17:40 . 2014-05-07 17:41 -------- d-----w- c:\users\Holly\AppData\Roaming\Yzheroan
2014-05-07 11:27 . 2014-05-07 11:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Ufimge
2014-05-07 07:03 . 2014-05-07 07:03 -------- d-----w- c:\users\Holly\AppData\Roaming\Pyvaloe
2014-05-07 07:00 . 2014-05-15 21:22 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 18:22 . 2014-05-06 18:23 -------- d-----w- c:\users\Holly\AppData\Roaming\Uqocigre
2014-05-05 21:54 . 2014-05-05 21:55 -------- d-----w- c:\users\Holly\AppData\Roaming\Itniuny
2014-05-05 17:42 . 2014-05-05 17:43 -------- d-----w- c:\users\Holly\AppData\Roaming\Avsoimu
2014-05-05 13:39 . 2014-05-05 13:39 -------- d-----w- c:\users\Holly\AppData\Roaming\Irloihu
2014-05-04 21:49 . 2014-05-04 21:49 -------- d-----w- c:\users\Holly\AppData\Roaming\Venihit
2014-05-04 19:39 . 2014-05-04 19:39 -------- d-----w- c:\users\Holly\AppData\Roaming\Ypzyamo
2014-05-04 12:51 . 2014-05-04 12:52 -------- d-----w- c:\users\Holly\AppData\Roaming\Laacyrac
2014-05-04 07:03 . 2014-05-04 13:00 -------- d-----w- c:\users\Holly\AppData\Roaming\Fagayx
2014-05-03 21:49 . 2014-05-04 12:51 -------- d-----w- c:\users\Holly\AppData\Roaming\Ommiydit
2014-04-29 12:13 . 2014-03-06 09:19 8011776 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 23:46 . 2014-03-27 12:39 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-05-15 21:16 . 2012-09-12 12:44 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-04 09:44 . 2014-04-09 22:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 22:45 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 22:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 22:45 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 22:45 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 22:45 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 22:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 22:45 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 22:45 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 22:45 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 22:45 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e2ed319e-719c-474d-8236-dcc9bdc13bdb}"= "c:\program files (x86)\MessageViewer_3\prxtbMess.dll" [2013-12-24 226592]
.
[HKEY_CLASSES_ROOT\clsid\{e2ed319e-719c-474d-8236-dcc9bdc13bdb}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e2ed319e-719c-474d-8236-dcc9bdc13bdb}]
2013-12-24 08:47 226592 ----a-w- c:\program files (x86)\MessageViewer_3\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e2ed319e-719c-474d-8236-dcc9bdc13bdb}"= "c:\program files (x86)\MessageViewer_3\prxtbMess.dll" [2013-12-24 226592]
.
[HKEY_CLASSES_ROOT\clsid\{e2ed319e-719c-474d-8236-dcc9bdc13bdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-01-12 169184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(3).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
 
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 20:42 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-18 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19 16:34]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387700919-4103196123-1702309283-1001Core.job
- c:\users\Holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-24 22:52]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387700919-4103196123-1702309283-1001UA.job
- c:\users\Holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-24 22:52]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 20:25]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-01-17 2895656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-31 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-31 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-31 440600]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-09-08 1628288]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(3).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-096C1621D44C6B000D2E0A4CD651AE54AD841217._service_run - c:\users\Holly\AppData\Local\Google\Chrome\Application\chrome.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{E2ED319E-719C-474D-8236-DCC9BDC13BDB} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-18 20:07:16
ComboFix-quarantined-files.txt 2014-05-19 00:07
.
Pre-Run: 856,194,236,416 bytes free
Post-Run: 862,466,543,616 bytes free
.
- - End Of File - - F2CC6A276CC7715AE5885F36FA6BDFDE
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Folder::
c:\users\Holly\AppData\Roaming\Aslautug
c:\users\Holly\AppData\Roaming\Sypeolu
c:\users\Holly\AppData\Roaming\Nicoumoc
c:\users\Holly\AppData\Roaming\Sofenym
c:\users\Holly\AppData\Roaming\Diuxecf
c:\users\Holly\AppData\Roaming\Idmefyu
c:\users\Holly\AppData\Roaming\Yhzeuwro
c:\users\Holly\AppData\Roaming\Etumafi
c:\users\Holly\AppData\Roaming\Azetvimu
c:\users\Holly\AppData\Roaming\Ziuvlyys
c:\users\Holly\AppData\Roaming\Ykavbim
c:\users\Holly\AppData\Roaming\Guxozak
c:\users\Holly\AppData\Roaming\Nuwiziac
c:\users\Holly\AppData\Roaming\Nuebiw
c:\users\Holly\AppData\Roaming\Efefem
c:\users\Holly\AppData\Roaming\Penumoas
c:\users\Holly\AppData\Roaming\Ommiydit
c:\users\Holly\AppData\Roaming\Fagayx
c:\users\Holly\AppData\Roaming\Laacyrac
c:\users\Holly\AppData\Roaming\Ypzyamo
c:\users\Holly\AppData\Roaming\Venihit
c:\users\Holly\AppData\Roaming\Irloihu
c:\users\Holly\AppData\Roaming\Avsoimu
c:\users\Holly\AppData\Roaming\Itniuny
c:\users\Holly\AppData\Roaming\Uqocigre
c:\users\Holly\AppData\Roaming\Pyvaloe
c:\users\Holly\AppData\Roaming\Ufimge
c:\users\Holly\AppData\Roaming\Yzheroan

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I'm sorry, I don't see Combofix.exe on my computer. I tried reloading it, but it runs then closes. what am I doing wrong? I have copied and pasted into notepad, but can not see Combofix to drop it into.
 
We can remove those folders later with different tool.

You can reinstall AVG now.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.209 - Report created 18/05/2014 at 23:04:21
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Holly - HOLLY-LAPTOP2
# Running from : C:\Users\Holly\Downloads\adwcleaner_3.209.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MessageViewer_3
Folder Deleted : C:\Users\Holly\AppData\Local\Conduit
Folder Deleted : C:\Users\Holly\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Holly\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Holly\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Holly\AppData\LocalLow\MessageViewer_3
Folder Deleted : C:\Users\Holly\AppData\Roaming\targus
File Deleted : C:\Windows\Tasks\driverupdate startup.job
File Deleted : C:\Windows\System32\Tasks\driverupdate startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3320244
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2ED319E-719C-474D-8236-DCC9BDC13BDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DB082FB-C66C-4992-98D5-7F47217549F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2ED319E-719C-474D-8236-DCC9BDC13BDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2ED319E-719C-474D-8236-DCC9BDC13BDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DB082FB-C66C-4992-98D5-7F47217549F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2ED319E-719C-474D-8236-DCC9BDC13BDB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DB082FB-C66C-4992-98D5-7F47217549F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B5CCD50-E5DB-42CD-B4E7-B74651A5B5F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{697A8EA0-5591-47E1-A363-293787072F49}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E2ED319E-719C-474D-8236-DCC9BDC13BDB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E2ED319E-719C-474D-8236-DCC9BDC13BDB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E2ED319E-719C-474D-8236-DCC9BDC13BDB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E2ED319E-719C-474D-8236-DCC9BDC13BDB}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MessageViewer_3
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MessageViewer_3

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm002YYus&ptb=B61D0F17-64D7-4D24-B934-E0318C28B482&psa=&ind=2011032510&ptnrS=YRxdm002YYus&si=&st=sb&n=77ddebbe&searchfor={searchTerms}

*************************

AdwCleaner[R0].txt - [4199 octets] - [18/05/2014 23:03:03]
AdwCleaner[S0].txt - [4456 octets] - [18/05/2014 23:04:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4516 octets] ##########
 
I reinstalled AVG. I don't see a way to disable it temporarily to load the Junkware Removal tool. Do I need to uninstall it again and load the tool?
 
Back