PDA

View Full Version : wanting to know how to proceed with aswmbr



1oldman
2014-07-02, 23:08
hi, last month i posted threads on a couple of computers of mine in which ken helped clean them of some issues. that went well and i was going to start a new thread on my daughters computer however when i used your links for the DDS and aswmbr software my norton dumped the aswmbr from downloads saying it was infected with trojan.gen.2. i understand this is a generic term for one of many viruses and am wondering if my antivirus is being to picky on the definitions or if the software really has a bug. the DDS downloaded and did its thing with no problems and i have used aswmbr on this machine in my earlier threads. i'll wait to here from you before proceeding with the thread on my daughters machine, thanks and have a good one.

ken545
2014-07-03, 02:05
Hi 1oldman

Sometimes antivirus software blocks our tools from being downloaded but I guarantee there not infected, go ahead and post the DDS log for this computer and describe any symptoms you are having

1oldman
2014-07-03, 03:20
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by momco at 19:16:43 on 2014-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.5141 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\NZ.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\NZ.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{55413D78-CD7E-4950-B146-D6844710622E} : DHCPNameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{58B4B753-D6D0-4676-83A5-C9D920784D2A} : DHCPNameServer = 192.168.0.1 205.171.202.166
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\momco\AppData\Roaming\Mozilla\Firefox\Profiles\liw05v8s.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-8 122584]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys [2014-5-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys [2014-5-17 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-9 1530160]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-17 162392]
R1 ccSet_NZ;Norton Zone Settings Manager;C:\Windows\System32\drivers\NZx64\02005F0.006\ccsetx64.sys [2014-4-14 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140630.001\IDSviA64.sys [2014-6-30 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys [2014-5-17 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys [2014-5-17 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-13 204288]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-8 1809720]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-17 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NZ;Norton Zone;C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\nz.exe [2014-4-14 522592]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-13 1128952]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-1 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-1 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-1 171416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-10 142128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-8 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-13 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-13 47232]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-8 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-2-13 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-13 39464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-8 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-2-8 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-26 20:00:30 -------- d-----w- C:\Program Files (x86)\Diablo III Public Test
2014-06-12 20:20:55 -------- d-----w- C:\Users\momco\AppData\Roaming\WildTangent
2014-06-11 18:10:10 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 18:10:09 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 18:10:01 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 18:10:01 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 18:09:43 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 18:09:43 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 18:09:43 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 18:09:43 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 18:09:42 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 18:09:42 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 18:09:42 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 18:09:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 18:09:18 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-06-11 18:09:18 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-11 18:00:45 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 18:00:44 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 20:24:04 -------- d-sh--w- C:\Users\momco\AppData\Local\EmieUserList
2014-06-10 20:24:04 -------- d-sh--w- C:\Users\momco\AppData\Local\EmieSiteList
2014-06-09 23:14:50 -------- d-----w- C:\Users\momco\AppData\Local\Macromedia
2014-06-09 17:32:24 -------- d-----w- C:\Users\momco\AppData\Roaming\HP Support Assistant
2014-06-08 23:12:53 -------- d-----w- C:\Users\momco\AppData\Local\Blizzard Entertainment
2014-06-08 23:12:47 -------- d-----w- C:\Users\momco\AppData\Roaming\Battle.net
2014-06-08 23:12:47 -------- d-----w- C:\Users\momco\AppData\Local\Battle.net
2014-06-08 23:08:15 96560 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2014-06-08 23:08:15 3667968 ----a-w- C:\Windows\System32\bcmihvui64.dll
2014-06-08 23:08:14 8046288 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2014-06-08 23:08:14 4400128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2014-06-08 23:08:13 1063936 ----a-w- C:\Windows\System32\BCMLogon.dll
2014-06-08 21:33:23 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-08 21:33:06 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-08 21:33:06 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-08 21:33:06 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-08 21:33:06 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-08 21:33:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 23:37:12 -------- d-----w- C:\Program Files\iPod
2014-06-02 23:37:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-02 23:37:08 -------- d-----w- C:\Program Files\iTunes
2014-06-02 23:37:08 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-02 07:36:55 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-06-08 23:09:31 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2014-06-08 23:07:04 7849472 ----a-w- C:\Windows\System32\BCMWLCPL.CPL
2014-06-08 23:07:04 73216 ----a-w- C:\Windows\System32\wltrynt.dll
2014-06-08 23:07:04 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe
2014-06-08 23:07:04 4659200 ----a-w- C:\Windows\System32\bcmttls.dll
2014-06-08 23:07:04 446 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat
2014-06-08 23:07:04 441 ----a-w- C:\Windows\System32\vcredist_x64.bat
2014-06-08 23:07:04 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2014-06-08 23:07:04 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe
2014-06-08 23:07:04 23760 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 03:54:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:54:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-04 07:05:12 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 19:17:07.44 ===============
hello again ken, this is the first computer we worked on with the traffic outbrain issue which has not been a problem since the reason i'm doing the thread on this computer is the malware-bytes scan keeps periodically picking up and quarantining mysearchdial which is a problem that has been going on with this machine since earlier this year.
is it possible this thing is reinstalling itself on my computer? i keep very a very close eye on this computers use and can't find any reason its getting reinfected by browsing habits (although nothing really surprises me anymore) when i finish this i'll try the aswmbr download again, if i still have problems can you give me any ideas on how to proceed with that part. this is the same computer i used in the first thread so the info posted there may be valid for this thread. i'm not to worried the aswmbr site is buggy but my antivirus settings are the same as when i downloaded and ran aswmbr earlier this month so i don't know what to make of norton dumping the download repeatedly. as another test im going to go on my daughters computer start a thread on that one and see what it does with the download.
as usual i'm having some kind of problem with zipping the attach part of DDS so im going to try just copy and paste it..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/1/2014 6:28:37 PM
System Uptime: 7/1/2014 11:23:04 AM (8 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2ACF
Processor: AMD A6-3620 APU with Radeon(tm) HD Graphics | P0 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 427.702 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.066 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: HP Bluetooth module
Device ID: USB\VID_0A5C&PID_217D\74DE2B79AD99
Manufacturer: Broadcom
Name: HP Bluetooth module
PNP Device ID: USB\VID_0A5C&PID_217D\74DE2B79AD99
Service: BTHUSB
.
==== System Restore Points ===================
.
RP50: 6/18/2014 9:12:06 AM - Sony PC Companion
RP51: 6/25/2014 11:52:35 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
aioscnnr
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battle.net
Bing Bar
Blio
Bluetooth by hp
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Diablo III
Diablo III Public Test
DirectX for Managed Code Update (Summer 2004)
essentials
Flight Simulator X
Flight Simulator X Service Pack 1
Google Chrome
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HP Application Assistant
HP Auto
HP Calendar
HP Client Services
HP Clock
HP Customer Experience Enhancements
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP MovieStore
HP Notes
HP Odometer
HP RSS
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP TouchSmart RecipeBox
HP Update
HP Vision Hardware Diagnostics
HP Weather
iCloud
IrfanView (remove only)
iTunes
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LabelPrint
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Mathematics
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Internet Security
Norton Online Backup
Norton Zone
ocr
opensource
PDF Complete Special Edition
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
PreReq
PressReader
PrintProjects
QuickTime 7
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype™ 6.13
Sony PC Companion 2.10.211
Spybot - Search & Destroy
TSHostedAppLauncher
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/29/2014 9:06:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================

ok that worked i'll try redownloading aswmbr again and let you know how that goes in the next post, thanks again.

1oldman
2014-07-03, 03:35
hi ken, the norton is still blocking the aswmbr download. i'll start a thread on my daughters computer and let you know how the download goes on that one, i might mention it runs win 8 which is new to me so it might take a bit to get that but i have patience. thanks again

ken545
2014-07-03, 03:48
I'm a little confused, this is why we do not fix more than one computer in one thread, this is the dds log from the one we worked on before ....correct... when were done here then I will close this out and you can open a new one for your daughters computer..

Lets rerun both these tools

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.





http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

1oldman
2014-07-03, 13:04
hi, here are the reports on my computer. i would like to apologize for any confusion in this thread, i really shouldn't even mention the daughters computer here in this thread i only meant i would try the aswmbr download on her computer to see if it had any issues with the link, then start another thread to deal with that machine. you are correct this is the computer we dealt with in the first thread and it will be the only one mentioned until we close this thread. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by momco on Thu 07/03/2014 at 3:32:08.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F250A79D-3FA6-4CDF-975E-E3C3432B0BD5}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\momco\AppData\Roaming\mozilla\firefox\profiles\liw05v8s.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/03/2014 at 3:40:22.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the adw log is attached as a zipped folder, thank you again for the patience and the help. hope you have a great 4th weekend.

ken545
2014-07-03, 14:06
Ok, not a problem. lets run malwarebytes again and then we will do a final scan. It looks like searchdial is in chrome only, is this where you see it ?

You still have Malwarebytes on your system, open it, check for updates and run the Threat Scan, quarantine anything it finds and then post the log, if it comes back clean then no log is needed but let me know

1oldman
2014-07-05, 02:38
hi ken, malbytes scan came back clean so i got looking around and found that last month behind my back a grandaughter tried to download (guess what) minecraft demo. that seems to be the common link with mysearchdial she tried downloading it through chrome,which i never use i prefer my firefox. so i decide to uninstall chrome but when i try i'm prompted to close all chrome windows and try again, now i'm no c++ guru but theres no reason i can find that a chrome window would be open. any ideas on whats going on with that? as far as i can tell things on this computer are back to normal and haven't had a searchdial issue in many scans however the chrome uninstall still needs to be worked out. i'm still having a problem with the aswmbr download. i've tried it on three computers and all three come up with the trojan.gen.2 detection and dump the download. could you please try and download it from the link and let me know what happens i'm confused on how to proceed with the next thread. thank you and have a good one!

ken545
2014-07-05, 02:54
What you need to do is disable Norton so that you can download and run aswMBR

Norton should be in your system tray, right click on it and it should give you an option to disable it for a limited period of time.


Try uninstalling Chrome with this program
http://www.revouninstaller.com/revo_uninstaller_free_download.html


Let me know how it went

1oldman
2014-07-06, 08:01
hello again ken, i was able to uninstall the chrome browser however when i uninstalled the bing toolbar from IE (i don't use internet exp. and don't care for all the marketing suggestions bing is pushing it opened a window that said, " a program on your computer has corrupted your default search provider settings for IE, IE has reset this setting to your original search provider, bing. IE will now open your search settings where you can change this setting or install more search providers". i'm wondering what that is all about since firefox is my default browser. its very likely this is no big deal but i'm concerned about the phrase"program on computer corrupted".any thoughts on this?. also while uninstalling software i didn't install and didn't come with the computer i came across a program called Blio the verified publisher is K-NFB reading technology with a certificate that expired over 1 1/2 years ago. when i try uninstalling this thing i get prompted to allow a change to the hard drive(not unusual) but the program location says update C:\windows installer\282f5.msi. once again i'm probably jumping at shadows but i'm trying to learn something new that i know nothing about(trying not to repeat mistakes when i come across them in the future). i also would like to add that disabling the norton did allow the aswmbr software to install and run, i don't know if that log is relevant now if you would like to see it i will include it in the next posting. from what i can see right now things are once again running smoothly on this machine and the other laptop of mine has had no problems since we dealt with it last month. you can also be assured that the granddaughter who tried installing the latest minecraft demo won't be having a chance to repeat that attempt. thank you again you have no idea what an education this has been for yours truly.

ken545
2014-07-06, 15:14
https://play.google.com/store/apps/details?id=com.blio.androidreader&hl=en
This program appears safe so I would not worry about it


As far as IE, we can set it back to company defaults , but first make Google you default



Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
Make Google you default



If that didn't work try this


Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped




Glad all is ok and things are working again for you

1oldman
2014-07-08, 19:44
good morning ken, the reset went well on the internet explorer and everything is looking good. i have one more question about browsers maybe you could help me with, sometimes but not always if i open my browser history i find my email shows it has been opened a bunch(up to 20 to 30 times). pretty unusual if you ask me, this seems to happen in particular after i have checked my email and then went over the news. i stay away from the sideline links and banner ads and i show no redirecting or behavior other than the history log. can you think of any explanation for this? maybe its a glitch in the browser but it never happens with anything but the gmail address. i guess i should ask if this is a good time to remove the tools i have downloaded can't really think of anything else so i'll wait to hear back from you. have an excellent day

ken545
2014-07-08, 20:12
Internet Explorer as do all other browsers save every page you visit including mail in a cache...this is your TEMPORARY INTERNET FILES.

Open IE and go to Tools > Internet Options and on the Main tab under Browsing History just click on Delete

ken545
2014-07-11, 03:08
Sorry, forgot to post this for you

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.






Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Double-click DelFix.exe to run the program.
Place a checkmark next to the following items:

.Activate UAC
.Remove disinfection tools
.Create registry backup
.Reset System Settings

Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

1oldman
2014-07-14, 23:08
hi ken sorry about the delay getting back to you i was camping in the mountains with the grandkids for a few days and forgot to take care of this before i left. the delfix did it's thing just fine, that makes it easy. one thing i should mention about the multiple browser entries on my gmail is it only happens with gmail and it's firefox history not EI. i delete browser history after going over each entry at the end of every session so its not a case of stacking multiple searches over several days' i'm wondering if its a gmail glitch or something similar, i can't think of any other explanation. thanks again for the help and advice they are both priceless. 1 fairly old man.
:bigthumb:

ken545
2014-07-15, 00:01
Hi,

No problem in the reply, I go out to California about once a year to see mine.

I am not following what your saying about multiple browsers in your gmail, could you be a bit more specific

1oldman
2014-07-15, 01:00
hello again, what i'm talking about isn't multiple browsers, it's multiple instances of gmail opening in the firefox history. as i was saying i go over the history after each use and while i open gmail only once(i'm sure of this) the history reflects many instances of it opening gmail. don't know what to make of this as i clear history after each use to make it easier to keep track of whats going on on my computer. if you have any thoughts or ideas about whats going on here i'm always open to ideas. have a good one and i'm looking forward to hearing what you think of this browser history issue, as i was saying it only happens with gmail so i was suspecting a glitch on their part or possibly firefox.

ken545
2014-07-15, 01:15
Everything you open is saved in a cache and history, even if you go to Gmail just once to check your mail, it saves a copy in the history of every mail you open, so even if you just went to Gmail once and there where 8 emails and you clicked on each one to open them so you could read them, those 8 are saved in your history.

1oldman
2014-07-15, 02:34
cool that makes sense, as i was saying your help and advice is priceless, once again i'm left with a good running machine and no lingering questions. thanks so much, i guess class is dismissed on this one (however the education never ends). one thought i'm left with after reading through some of the others posts is a lot of problems are probably caused by not so safe surfing as much as predatory software so safe surfing is good advice. take er' easy and thanks again.

ken545
2014-07-15, 02:44
Great. Just use your head, dont open any spam email, just delete it. If you wander into a site that wants you to download anything to make your experience better dont do it, dont use any registry cleaners, you can remove wrong entries that can make your system unbootable. Windows has a lot of nice built in programs so no need for any 3rd party programs to enhance your system, the only thing there going to enhance is there bank account.

Take care my friend,

Ken :)