[RESOLVED] I suspect my PC has a virus or malware

**SteveMP170** · August 26th, 2014, 09:13 AM

Hi Docs. About a year ago you cleaned my PC of a troubling malware issue and now I suspect I have another one on my office PC. If you would be so kind I would appreciate some more help! I am running Windows 7 on a Dell Inspiron 570. I primarily use Firefox as my browser but became aware of some funky actions such as every time I clicked a tab I got a message that Firefox would not open the page or something like that. Then I started seeing all kinds of popups and I haven't seen those for years now on any of my computers. The security software on the system didn't find anything except some malware that it assumably handled. I downloaded and ran Avast and immediately it found two viruses which it handled by quarantining them. (Interesting how the antivirus on the system didn't even catch them!) I have run scans since with other programs and everything comes out clean but I know there is still something wreaking havoc. Please start with me to clean this computer!

**Train** · August 26th, 2014, 10:31 PM

Start here
http://discussions.virtualdr.com/sho...ed-4-1-2014%29
and post the logs in this thread.

**SteveMP170** · August 27th, 2014, 08:51 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 8/26/2014 8:15:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Starting,
Protection, 8/26/2014 8:15:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Started,
Protection, 8/26/2014 8:15:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 8:17:36 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 8:42:28 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.25.5, 2014.8.26.1,
Protection, 8/26/2014 8:42:50 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 8:42:50 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 8:42:54 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 8:45:30 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 8:45:30 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 8:45:47 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 9:45:35 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.1, 2014.8.26.2,
Protection, 8/26/2014 9:46:04 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 9:46:04 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 9:46:05 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 9:48:03 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 9:48:03 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 9:48:04 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Protection, 8/26/2014 11:07:03 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Starting,
Protection, 8/26/2014 11:07:03 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Started,
Protection, 8/26/2014 11:07:03 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 11:09:54 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 11:53:54 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.2, 2014.8.26.3,
Protection, 8/26/2014 11:54:04 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 11:54:04 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 11:54:05 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 11:54:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 11:54:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 11:54:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 1:03:37 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.3, 2014.8.26.4,
Protection, 8/26/2014 1:03:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 1:03:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 1:03:40 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 1:04:16 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 1:04:16 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 1:04:16 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 2:12:06 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.4, 2014.8.26.5,
Protection, 8/26/2014 2:12:07 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 2:12:07 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 2:12:07 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 2:12:35 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 2:12:35 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 2:12:36 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 3:16:24 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.5, 2014.8.26.7,
Protection, 8/26/2014 3:16:35 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 3:16:36 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 3:16:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 3:17:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 3:17:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 3:17:56 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 4:21:13 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.7, 2014.8.26.8,
Protection, 8/26/2014 4:21:14 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 8/26/2014 4:21:14 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/26/2014 4:21:15 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/26/2014 4:21:47 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 8/26/2014 4:21:47 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/26/2014 4:21:51 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 8/26/2014 5:29:07 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.8.26.8, 2014.8.26.9,

(end)

**SteveMP170** · August 27th, 2014, 09:04 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.65.2
Run by Salina at 8:55:20 on 2014-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.391 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\CIS.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {200F5C03-A4F0-A899-3AAD-C4F5AEA8470D} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {ACC780B0-906C-7AAD-64FF-51131513A55D} - <orphaned>
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Facebook Update] "C:\Users\Salina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D94B12F3-6144-438C-8582-893D7A1E252C} : DHCPNameServer = 10.1.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {ACC780B0-906C-7AAD-64FF-51131513A55D} - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\ksgzcgc5.default-1405450587902\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh07152014
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Salina\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Salina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-8-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-8-25 224896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-29 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-7-24 21184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-8-25 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-8-25 427360]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-7 37976]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-7 14888]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-7-24 881952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 238080]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-8-25 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-25 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-25 50344]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-7-25 70864]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-7-25 2327248]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-7-24 342336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-7-24 23048]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2014-7-24 458960]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-31 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PaniniUSB;PaniniUSB;C:\Windows\System32\drivers\PaniniUSB.sys [2013-10-21 258304]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-7-24 34848]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-7-24 23016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-7-24 2152736]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-30 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
.
=============== Created Last 30 ================
.
2014-08-26 18:51:59 -------- d-----w- C:\Users\Salina\AppData\Roaming\LavasoftStatistics
2014-08-26 18:50:44 -------- d-----w- C:\Program Files\Lavasoft
2014-08-26 18:49:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-08-26 13:29:05 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2014-08-26 12:48:50 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5C5C856-522C-47E3-A00E-F93852AC7B68}\mpengine.dll
2014-08-26 12:06:14 -------- d-s---w- C:\ProgramData\Shared Space
2014-08-26 12:05:20 -------- d-----w- C:\Program Files\COMODO
2014-08-26 12:05:10 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-08-26 12:02:57 -------- d-----w- C:\ProgramData\Comodo
2014-08-25 17:27:46 -------- d-----w- C:\Users\Salina\AppData\Roaming\AVAST Software
2014-08-25 17:26:52 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-25 17:26:52 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-08-25 17:26:52 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-25 17:26:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-25 17:26:52 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-25 17:26:52 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-25 17:26:52 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-08-25 17:26:43 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-25 17:24:49 -------- d-----w- C:\Program Files\AVAST Software
2014-08-25 17:23:13 -------- d-----w- C:\ProgramData\AVAST Software
2014-08-25 11:54:13 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-22 08:17:10 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-22 08:16:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-22 08:16:45 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 19:18:24 -------- d-----w- C:\Users\Salina\AppData\Local\SlimWare Utilities Inc
2014-08-21 19:18:12 -------- d-----w- C:\Program Files (x86)\SlimCleaner
2014-08-21 18:15:02 -------- d-----w- C:\ProgramData\Trusted Publisher
2014-08-21 18:13:41 -------- d-----w- C:\Users\Salina\AppData\Local\Packages
2014-08-21 18:13:10 -------- d-----w- C:\ProgramData\c6bd839095d3eda2
2014-08-21 18:13:09 -------- d-----w- C:\Users\Salina\AppData\Local\Torch
2014-08-21 18:13:09 -------- d-----w- C:\Users\Salina\AppData\Local\Chromatic Browser
2014-08-21 18:13:08 -------- d-----w- C:\Users\Salina\AppData\Local\Comodo
2014-08-20 17:41:30 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09AD0405-44E0-4D44-85D7-F2D642FA52A1}\gapaengine.dll
2014-08-19 13:02:15 -------- d-----w- C:\Windows\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-19 13:02:12 -------- d-----w- C:\Program Files\File Association Helper
2014-08-19 11:43:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-19 11:43:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-19 11:43:58 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-19 11:43:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-18 13:02:37 -------- d-----w- C:\Users\Salina\AppData\Local\Adobe
2014-08-15 12:48:22 -------- d-----w- C:\Program Files (x86)\Coupons
2014-08-13 16:01:51 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-13 16:01:51 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-13 16:01:51 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-13 16:01:51 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-13 16:01:49 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-13 16:01:49 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-13 16:01:30 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:01:30 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-13 11:43:53 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-13 11:43:52 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-13 11:43:51 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-13 11:43:50 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-28 23:25:45 -------- d-----w- C:\Users\Salina\AppData\Local\Windows Live
2014-07-28 23:25:28 -------- d-----w- C:\Users\Salina\AppData\Local\{FFF8C6A5-57B7-4192-B2B5-4844FF5F8535}
2014-07-28 23:25:28 -------- d-----w- C:\Users\Salina\AppData\Local\{881CB04C-E393-42B1-A846-064CFABFFD39}
.
==================== Find3M ====================
.
2014-08-27 11:38:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 12:01:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-18 12:01:58 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 11:49:44 7528440 ----a-w- C:\Windows\System32\atiumd64.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-11 07:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-04 19:17:14 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-06-04 19:17:14 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-06-04 19:17:12 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll20140724084219.dll
2014-06-04 19:17:12 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 8:58:49.84 ===============

**SteveMP170** · August 27th, 2014, 09:06 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2011 4:47:29 PM
System Uptime: 8/26/2014 11:04:35 AM (21 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 370.396 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP273: 8/18/2014 8:02:49 AM - Windows Update
RP274: 8/19/2014 7:42:25 AM - Windows Update
RP276: 8/21/2014 12:03:37 PM - Windows Update
RP277: 8/22/2014 4:16:18 AM - Windows Update
RP278: 8/25/2014 7:53:25 AM - Windows Update
RP279: 8/25/2014 1:24:28 PM - avast! antivirus system restore point
RP280: 8/26/2014 2:03:28 PM - Windows Modules Installer
RP281: 8/26/2014 2:48:20 PM - AA11
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.11) MUI
Advanced SystemCare 7
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
Bounce Symphony
BufferChm
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Citrix Online Launcher
COMODO Antivirus
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
D4100
D4100_Help
D7500
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell VideoStage
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
Driver Booster
eBay
Escape Whisper Valley (TM)
Facebook Video Calling 3.1.0.521
Farm Frenzy
FATE
File Association Helper
FileHippo.com Update Checker
Final Drive Fury
Final Drive Nitro
FIS Panini Universal Driver
GeekBuddy
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 6.4.0.1558
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
HP Imaging Device Functions 13.0
HP Photosmart D7500 Printer Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Internet Explorer
IObit Malware Fighter
IObit Uninstaller
iTunes
Java 7 Update 65
Java Auto Updater
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Namco All-Stars PAC-MAN
Panini 4.0.2 Universal Installer
Panini API 4.0.2 - Universal Installer
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
PS_SF_04_D7500_Software_Min
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SF_CDA_ProductContext
SF_CDA_Software
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 6.11
Slawdog Smart Shutdown
SlimCleaner
Smart Defrag 3
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Surfing Protection
Toolbox
TrayApp
TrustedID
UnloadSupport
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WebReg
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 18.5
World of Warcraft
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/26/2014 11:11:05 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2014 11:10:44 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
8/26/2014 11:04:41 AM, Error: volmgr [46] - Crash dump initialization failed!
8/26/2014 10:43:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/22/2014 7:59:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/22/2014 7:58:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2014 7:58:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/22/2014 7:58:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================

**Broni** · August 27th, 2014, 09:29 PM

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

You're running FOUR antivirus programs, MSE, Avast, Ad-aware and Comodo.
You must uninstall THREE of them.
Only one AV program is allowed.

MBAM log is incorrect.
Re-read MBAM instructions and post correct log.

**SteveMP170** · August 28th, 2014, 07:51 AM

Originally Posted by Broni

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

You're running FOUR antivirus programs, MSE, Avast, Ad-aware and Comodo.
You must uninstall THREE of them.
Only one AV program is allowed.

MBAM log is incorrect.
Re-read MBAM instructions and post correct log.

-----------------------------------------------------------------------------------------------------

Hi Broni. Okay, I think I have now got the MBAM log correct. I will post it. I usually run only one antivirus program but in my desperation I downloaded the other three to try to remove any virus/malware on my PC. This was done just before I contacted you. I will remove the other three.
Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 6/24/2014 7:30:56 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Rootkit Database, 2014.6.20.1, 2014.6.23.2,
Update, 6/24/2014 7:31:07 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.23.12, 2014.6.24.6,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 7:31:37 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 7:31:44 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:31:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Starting,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malware Protection, Started,
Protection, 6/24/2014 7:34:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 7:35:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 8:44:33 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.6, 2014.6.24.7,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 8:44:41 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 8:44:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 9:33:37 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.7, 2014.6.24.8,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 9:33:49 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 9:34:01 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 9:34:02 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 10:29:20 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.8, 2014.6.24.9,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 10:29:34 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 10:29:39 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 11:40:35 AM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.9, 2014.6.24.10,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 11:40:45 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 11:40:57 AM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 1:41:52 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.10, 2014.6.24.11,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 1:42:06 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 1:42:10 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 3:41:28 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.11, 2014.6.24.12,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 3:41:41 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 3:41:45 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 3:41:46 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,
Update, 6/24/2014 4:32:01 PM, SYSTEM, JOHNSMARTIN-PC, Scheduler, Malware Database, 2014.6.24.12, 2014.6.24.13,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Starting,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/24/2014 4:32:34 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Refresh, Success,
Protection, 6/24/2014 4:32:38 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/24/2014 4:32:39 PM, SYSTEM, JOHNSMARTIN-PC, Protection, Malicious Website Protection, Started,

(end)

**Broni** · August 28th, 2014, 07:26 PM

No. This is "protection" log. I need "scan" log.

**SteveMP170** · August 28th, 2014, 07:58 PM

Originally Posted by Broni

No. This is "protection" log. I need "scan" log.

I think I need some help with this step. Could you explain what I need to do to get what you need? Once I have the log I am not sure how to post or what to post if that makes sense to you. Steve

**Broni** · August 28th, 2014, 09:55 PM

Open MBAM again and look at my screenshot:

p22011969.gif

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

**SteveMP170** · August 29th, 2014, 07:48 AM

Okay Broni. Thank you! I think I understand now! See if this is what you need:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 7:38:10 AM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.02
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Salina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371747
Time Elapsed: 26 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

**Broni** · August 29th, 2014, 04:29 PM

Super

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download [img=http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png]Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

P. S. I'm going out of town this afternoon. I'll be back on Sunday evening.

**Broni** · September 2nd, 2014, 07:51 PM

Still with me?

**SteveMP170** · September 2nd, 2014, 09:04 PM

Originally Posted by Broni

Still with me?

Yes I am Broni. The long holiday weekend came so I haven't been to the office. I plan on tackling the last task you sent me tomorrow. Will report later...Steve

**Broni** · September 2nd, 2014, 09:25 PM

Thread: [RESOLVED] I suspect my PC has a virus or malware

Thread Tools

Search Thread

Display

[RESOLVED] I suspect my PC has a virus or malware

Thread Information

Users Browsing this Thread

Posting Permissions