Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: win32.downloader.gen

  1. #1
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default win32.downloader.gen

    Hello,

    Following instructions from Tashi, please find copy of DDS Log and aswMBR Log about the problem created by Win32.

    Thank you so much for your help.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
    Run by tony at 7:56:08 on 2013-10-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10005.5918 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Users\tony\AppData\Local\Strongvault Online Backup\SMessaging.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\SysWOW64\RunDll32.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uProxyServer = hxxp=127.0.0.1:49178;https=127.0.0.1:49178
    uProxyOverride = <-loopback>
    uURLSearchHooks: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll
    mURLSearchHooks: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll
    mWinlogon: Userinit = userinit.exe
    BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
    BHO: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: MixiDJ V30 Toolbar: {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll
    TB: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "C:\Users\tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Facebook Update] "C:\Users\tony\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
    uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\tony\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [SMessaging] C:\Users\tony\AppData\Local\Strongvault Online Backup\SMessaging.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{878CADCC-9F3D-49F6-9DBB-4DCB11132379} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{9FB67F27-273E-4182-A0E6-ABBA3B6AA044} : NameServer = 69.50.60.8,137.118.1.32
    TCP: Interfaces\{9FB67F27-273E-4182-A0E6-ABBA3B6AA044} : DHCPNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-7-10 291624]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-25 46368]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-10 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-10 237056]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-7-10 1128952]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-26 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-10 95248]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [2012-7-10 1151096]
    R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-7-10 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-10 39464]
    R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2012-7-10 488568]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]
    R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
    R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]
    R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-7-10 136000]
    R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-7-10 409408]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-10 47232]
    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-26 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-10-21 18:08:09 -------- d-----w- C:\Users\tony\AppData\Local\{52B8BDAC-149B-4445-BD7F-27586C73B551}
    2013-10-17 18:19:10 -------- d-----w- C:\Users\tony\AppData\Local\Conduit
    2013-10-11 17:37:38 -------- d-----w- C:\Users\tony\AppData\Local\{A989DAC4-5139-4210-B756-8995E46A735B}
    2013-10-10 12:57:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2013-10-10 12:56:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2013-10-08 12:33:11 -------- d-----w- C:\Users\tony\AppData\Local\{1280416B-DD33-4255-9D61-C6B28E074E80}
    2013-10-02 00:53:50 -------- d-----w- C:\Users\tony\AppData\Local\{19F82FF0-FC4A-4B16-99B8-F8F06F61C3F8}
    2013-09-28 18:50:58 -------- d-----w- C:\Users\tony\AppData\Local\{916EF504-BF7C-419C-AD39-4FD8156B8DC3}
    2013-09-28 18:49:00 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
    2013-09-28 18:48:15 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2013-09-28 18:48:01 -------- d-----w- C:\ProgramData\Conduit
    2013-09-28 18:48:01 -------- d-----w- C:\Program Files (x86)\MixiDJ_V30
    2013-09-28 18:47:47 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-09-25 18:30:46 -------- d-----w- C:\Users\tony\AppData\Local\{8F083461-50F7-4894-888C-68F41C0B7E45}
    .
    ==================== Find3M ====================
    .
    2013-10-08 23:26:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-08 23:26:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-10-02 00:45:19 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-09-05 05:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
    2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    .
    ============= FINISH: 7:56:22.09 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-22 08:07:22
    -----------------------------
    08:07:22.858 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:07:22.858 Number of processors: 6 586 0x102
    08:07:22.859 ComputerName: TONY-HP UserName: tony
    08:07:25.970 Initialize success
    08:11:33.308 AVAST engine defs: 13102101
    08:11:39.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
    08:11:39.506 Disk 0 Vendor: Hitachi JP4OA41A Size: 953674MB BusType: 8
    08:11:39.584 Disk 0 MBR read successfully
    08:11:39.589 Disk 0 MBR scan
    08:11:39.597 Disk 0 Windows 7 default MBR code
    08:11:39.603 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    08:11:39.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 935988 MB offset 206848
    08:11:39.649 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17584 MB offset 1917110272
    08:11:39.701 Disk 0 scanning C:\Windows\system32\drivers
    08:11:47.357 Service scanning
    08:12:07.467 Modules scanning
    08:12:07.482 Disk 0 trace - called modules:
    08:12:07.498
    08:12:10.594 AVAST engine scan C:\Windows
    08:12:14.177 AVAST engine scan C:\Windows\system32
    08:15:14.275 AVAST engine scan C:\Windows\system32\drivers
    08:15:35.224 AVAST engine scan C:\Users\tony
    08:19:03.819 AVAST engine scan C:\ProgramData
    08:20:40.908 Scan finished successfully
    08:21:09.971 Disk 0 MBR has been saved successfully to "C:\Users\tony\Desktop\MBR.dat"
    08:21:09.975 The log file has been saved successfully to "C:\Users\tony\Desktop\aswMBR.txt"

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    First lets start off with taking care of your anti virus programs, you have two installed, Norton and AVG, not a good thing as they will suck up system resources and slow your system down, your call but you need to uninstall one.

    Which ever one you decide to uninstall you can use this program to uninstall it

    Run AppRemover

    Vista users, right click on the icon and select "run as administrator"

    Please download AppRemover and save it to your desktop.
    • Double click on AppRemover.exe to run it.
    • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
    • Click on the Next button.
    • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.
    • Click on the Next button.
    • A scan begins, please wait. Once done, click on the Next button.
    • Now you should have a list of your installed programs, choose the one or ones you want to uninstall and click on the Next button.
    • Uninstall one at a time
    • Follow the last step and reboot if asked to do so.





    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Hello Ken,

    Thank you for answering my message.

    I uninstalled Norton and did the scanning with AdwCleaner. The report follow.

    Again thank you.

    # AdwCleaner v3.010 - Report created 22/10/2013 at 22:53:37
    # Updated 20/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : tony - TONY-HP
    # Running from : C:\Users\tony\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : CltMngSvc
    Service Found : vToolbarUpdater17.0.12

    ***** [ Files / Folders ] *****

    Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
    Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
    Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Found C:\Program Files (x86)\AVG Secure Search
    Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found C:\Program Files (x86)\Conduit
    Folder Found C:\Program Files (x86)\InfoAtoms
    Folder Found C:\Program Files (x86)\MixiDJ_V30
    Folder Found C:\Program Files (x86)\MixiDJ_V30
    Folder Found C:\Program Files (x86)\Searchprotect
    Folder Found C:\ProgramData\AVG Secure Search
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\Users\Chris\AppData\Local\AVG Secure Search
    Folder Found C:\Users\Chris\AppData\LocalLow\AVG Secure Search
    Folder Found C:\Users\tony\AppData\Local\AVG Secure Search
    Folder Found C:\Users\tony\AppData\Local\Conduit
    Folder Found C:\Users\tony\AppData\LocalLow\AVG Secure Search
    Folder Found C:\Users\tony\AppData\LocalLow\Conduit
    Folder Found C:\Users\tony\AppData\LocalLow\MixiDJ_V30
    Folder Found C:\Users\tony\AppData\LocalLow\MixiDJ_V30
    Folder Found C:\Users\tony\AppData\LocalLow\PriceGong
    Folder Found C:\Users\tony\AppData\Roaming\Conduit

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V30
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\smartbar
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\SearchProtect
    Key Found : [x64] HKCU\Software\AVG Secure Search
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\IGearSettings
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : [x64] HKCU\Software\SearchProtect
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\AVG Security Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Found : HKLM\Software\InfoAtoms
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6BAEE8-FA8F-47E1-957F-66F6E9BA32BE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60418F20-9742-49E4-8496-498AEA7B8D3A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
    Key Found : HKLM\Software\MixiDJ_V30
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\Software\SearchProtect
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : search_url
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword

    [ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [13661 octets] - [22/10/2013 22:53:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13722 octets] ##########

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,


    Did you install or use this proxy server ?
    uProxyServer = hxxp=127.0.0.1:49178;https=127.0.0.1:49178


    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.






    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.






    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Good morning Ken,

    I did not install the proxy server or if I did, it was involuntary and came with some downloading. I am going to start the procedures from your mail and keep you updated.

    Thank you for your prompt assistance.

  6. #6
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Ken,

    Here the copy of the AdwCleaner logfile.

    I will start the Junkware Removal Toll process right after I click on the "summit Reply" button.

  7. #7
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Sorry Ken, Here is the logfile....I must an other coffee....


    # AdwCleaner v3.010 - Report created 23/10/2013 at 07:45:17
    # Updated 20/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : tony - TONY-HP
    # Running from : C:\Users\tony\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : CltMngSvc
    Service Deleted : vToolbarUpdater17.0.12

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\InfoAtoms
    Folder Deleted : C:\Program Files (x86)\MixiDJ_V30
    Folder Deleted : C:\Program Files (x86)\Searchprotect
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\tony\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\tony\AppData\Local\Conduit
    Folder Deleted : C:\Users\tony\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\tony\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\tony\AppData\LocalLow\MixiDJ_V30
    Folder Deleted : C:\Users\tony\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\tony\AppData\Roaming\Conduit
    Folder Deleted : C:\Users\Chris\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Chris\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
    Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
    Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60418F20-9742-49E4-8496-498AEA7B8D3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6BAEE8-FA8F-47E1-957F-66F6E9BA32BE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V30
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\InfoAtoms
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\MixiDJ_V30
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : icon_url
    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword

    [ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : icon_url

    *************************

    AdwCleaner[R0].txt - [13879 octets] - [22/10/2013 22:53:37]
    AdwCleaner[R1].txt - [13940 octets] - [23/10/2013 07:44:03]
    AdwCleaner[S0].txt - [12329 octets] - [23/10/2013 07:45:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12390 octets] ##########

  8. #8
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Ken,

    Here is the JRT.txt

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Windows 7 Home Premium x64
    Ran by tony on Wed 10/23/2013 at 8:02:10.08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [Strongvault]
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name Type Value Data
    ========================================================================================
    BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\tony\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F08E2C7-0ED4-427A-B3E8-FD244BFA2C3B}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9C98980A-5694-447E-A184-2AB68257D00A}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9C98980A-5694-447E-A184-2AB68257D00A}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
    Successfully deleted: [Folder] "C:\Users\tony\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\tony\appdata\local\strongvault online backup"
    Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{07B51D3D-940D-476E-9407-DA80F8BE0116}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{07E21DE2-0EFB-4930-BACA-6CBABA62FDCE}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1280416B-DD33-4255-9D61-C6B28E074E80}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1687D72C-9978-4E1A-9AC4-A3A8AD581E00}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{17D56BEF-FEAA-4BB9-9C9D-DC5B1872FE29}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{19F82FF0-FC4A-4B16-99B8-F8F06F61C3F8}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1A626DB1-3DC4-42CB-8755-58C9900D3E71}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1BC89246-BBE0-43A2-A11C-18050B100E95}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1DC9B68C-F50D-4C5B-8E92-DCD45E13F588}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{1FC3040D-B4C7-4F79-802A-23C84D1C9870}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{2034B872-7117-4C44-BE3A-BDA4A6DF09BA}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{275682B6-8372-4037-AC4D-9A815AD730ED}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{2C626FF9-0579-457B-A80F-1CEB35758BE9}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{2D9CD0D0-DCD0-4AEF-8D2D-582774F4564A}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{2EB79FD9-A8F0-4A90-9A60-0687351B9F9A}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{30ABB0DB-88AB-4907-9807-961974BB02A9}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{3125614F-866A-4F08-A075-4571A28C5A33}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{322F389E-BD75-4C47-B39C-DEC5977304E5}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{345F0C72-ACF2-4590-9EBA-B0FFFADA5FD0}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{35156E5A-D666-4CD5-A504-5B241E3E1893}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{357198A1-FD70-4984-B0EE-5D4149D7CBBA}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{35CDFA47-108E-4388-AD04-6EED7670AA32}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{369EA0FF-BEED-4102-939C-4850D240FF9F}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{3BEF3B11-E52C-45DF-995B-C28B65EAC657}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{3BF50C73-C839-4A83-ABBC-B03B651092AB}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{3D8EF846-E071-4856-BA03-0E864834B8EB}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{3F5F2DB9-618F-442B-83B6-03F237FD4376}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{40AE9774-C2DF-4E24-A848-3E99B0BF10C7}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{416DD1B4-8452-48AA-8747-EFC3E1F10F33}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{41B9FA8D-4112-445C-97EC-F3AD0F3994AA}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{42CA1787-DC35-4640-A27B-2502D18A0B63}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{44C92CC3-B995-4F0B-BF86-606956C9747F}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{4F8286CE-042D-4958-90ED-A9EFC09FA9C8}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{52B8BDAC-149B-4445-BD7F-27586C73B551}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{6EC6E6CB-104A-4B62-9E6D-A42AD1DF2DE6}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{756419CB-DF76-4D2F-8D55-671117DB1B63}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{78A01F36-35CB-40BB-A8FF-35481146CBCE}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{79C48615-2428-4754-A8BD-32AF968BD7C3}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{7E3A9887-59E6-462D-9D2C-66AF9278FF27}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{80AF6660-4912-43D1-90F8-B1B138E5102E}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{8F083461-50F7-4894-888C-68F41C0B7E45}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{8F6A77A7-1869-4918-8477-D5A42094F622}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{910C9508-3B17-43F7-85F4-A51B8D5430D0}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{9141473F-B3A9-459C-B98C-657AF3F72551}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{916EF504-BF7C-419C-AD39-4FD8156B8DC3}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{95E4D8F8-7179-48E7-8320-D65FF858AEF2}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{997D6A7C-00F7-49F0-B0AD-1439F1B7A08B}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{9C9A222D-305D-4092-BBD9-664A7B2C3C2B}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{A107EFA4-11F3-482A-BDF7-EEBFD8964F61}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{A458BF40-9F4E-4EBB-ACC0-F4A38A3DBC67}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{A989DAC4-5139-4210-B756-8995E46A735B}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{AC19CCCC-EB48-485E-900B-53499BDEF22F}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{AC8CD303-4B1C-4221-9573-EFF1E4F14382}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{ACB69D64-561B-4533-AF53-93DBD35C8812}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{ACC79BB5-F72C-4AD6-913C-CCECABE1B3EF}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{ACD68892-478A-4153-BA80-D1805AC081D5}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{B2C7BFF2-EECD-477A-B946-D10F8CF1B750}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{B8BDE914-6FE5-4E13-8102-D5F8E75837BC}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{B9D4972E-75DF-400A-85DC-37CE54CF67D0}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{BA98F79F-1F5C-403C-98E3-37E2ABB5EAEC}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{BB8751AD-B2F7-4BAF-956B-5A5CE84F305E}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{BC07865C-4C9B-458F-916C-2BF724A35337}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{BC35CE12-9471-4121-8F87-6D5669206342}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{BF5B2B5C-AA43-46E5-B836-5EE28A9D0C4B}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C0B798FB-6AF4-4715-980A-14A23892D934}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C282C931-F766-40A6-B3FB-B641FB370AA6}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C3D92272-FB20-4446-830B-4D4D24F64091}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C473A0AB-F4AA-4797-9A93-613C591ADBCD}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C4DAE78F-8142-403A-B8D7-97145BFB6B5E}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{C9B08011-715F-4822-8CBE-0747FB952043}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{CA546265-D6E8-486E-BA87-23E76E0A62B4}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{CC0008C9-F453-4DA3-90FD-28C79BFDB95C}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{D753AC4A-E41E-4375-B0CC-E0185E6B97E3}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{D7CF2B65-C9B8-4B85-82DE-FCFAAEB0FF57}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{DC7F5559-CE82-43FA-A9F9-2987F0C67B9C}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{DE553C81-DFBD-42C8-BBED-D230512F86FB}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{DE61B2E4-49C7-4EB8-8F82-7CB2F79827E2}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{E5F31B93-8C9A-4B0A-8E44-D83D5C802440}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{EA8021BF-B3BD-44F8-B8BF-DD63F3090F78}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{EF105AD2-B165-42F7-865A-8B79FC679800}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{F00764D9-97E5-4DFD-9A1E-4F0312404C55}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{F37EF2A3-606C-435F-994B-C3D2B4F401B9}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{F8865B24-0ED5-4599-8797-5326F1E24EBF}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{FE0C4A72-36F6-4442-BA1D-11901DAE10E8}
    Successfully deleted: [Empty Folder] C:\Users\tony\appdata\local\{FEED61B2-3B05-4A69-BD2F-F3B169802D86}



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\tony\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 10/23/2013 at 8:07:29.91
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Ken,

    Last log from Malwarebytes.

    Again thank you so much.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.23.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    tony :: TONY-HP [administrator]

    10/23/2013 8:22:10 AM
    mbam-log-2013-10-23 (08-22-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253951
    Time elapsed: 3 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-160x600-filehippo-30370265780 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\tony\AppData\Local\Temp\ct3298566 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\$RECYCLE.BIN\S-1-5-21-3831433286-80246559-1618497858-1000\$R127014.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
    C:\Users\tony\Downloads\finalmediaplayer_2_d222792.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

    (end)

  10. #10
    Junior Member
    Join Date
    Oct 2013
    Location
    Vermont, USA
    Posts
    22

    Default

    Ken,

    I run Spybot SD and apparently the threat win32.downloader.gen is gone.

    Question : do I have to keep all the downloads that helped find a solution to the problem or do I only have to save some ?

    Again, my sincere thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •