Virus warnings on all downloads

mensatic · Nov 11, 2013

Yesterday I was infected by Antivirus Security Pro. I installed Malwarebytes Chameleon and seemed to successfully remove it. Today I tried to download from the Internet (Adobe Flash Player, IE11) and I get a message saying "this file contained a virus and was deleted". I thought the Chameleon was blocking, so I uninstalled it. Still happens and now I can't reinstall Chameleon.

How can I get my PC to stop saying everything I try to download is a virus? Is it a security setting?

kuttus · Nov 11, 2013

Do you have any other browser on your computer?

mensatic · Nov 11, 2013

kuttus said:
Do you have any other browser on your computer?

Yes, Chrome. You're brilliant! I guess I'm fried from dealing with the virus for two days. I went to Chrome and I'm able to download Malwarebytes chameleon again. After that installs, I'll try Flash Player through Chrome. Thanks!!

By the way, Adobe has ROTTEN customer service! They just tell me to post in their forum. The guy who got back to me said I should uninstall all my antivirus protection because obviously it wasn't working right. ?!

kuttus · Nov 11, 2013

It may be because of a Virus issue. Not 100% a Virus issue.

Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <>before</> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :

Double click on ComboFix.exe & follow the prompts.

Accept the disclaimer and allow to update if it asks

When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>

<hr />

mensatic · Nov 11, 2013

Oops. Sorry, please see the next post. I messed up.

mensatic · Nov 11, 2013

Here is the log Combofix generated:

ComboFix 13-11-11.01 - Emily 11/11/2013 18:13:23.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10232.8031 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Caller ID\Caller ID.exe
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\9519~1\A535~1\E628~1\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\@
c:\program files (x86)\Google\Desktop\Install\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\9519~1\A535~1\E628~1\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\L\00000004.@
c:\programdata\ntuser.dat
c:\users\Emily\AppData\Local\fhojbfdm.exe
c:\users\Emily\AppData\Local\Google\Desktop\Install
c:\users\Emily\AppData\Local\Google\Desktop\Install\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\2E2F~1\28F0~1\E628~1\{d50b01d0-e134-56dd-6ab6-f41b4cec6db3}\@
c:\users\Emily\AppData\Roaming\SearchProtect
c:\users\Emily\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Emily\Documents\~WRL0001.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\PFRO.log
c:\windows\SysWow64\.txt
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\0285860eb8fbd3af.fb
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2013-10-11 to 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 23:25 . 2013-11-11 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-11 22:18 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-11 22:18 . 2013-11-11 22:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-11 22:06 . 2013-11-11 22:06 -------- d-----w- c:\programdata\p3Vgvns3
2013-11-11 01:58 . 2013-11-11 01:58 -------- d-----w- c:\users\Emily\AppData\Roaming\Malwarebytes
2013-11-11 01:58 . 2013-11-11 01:58 -------- d-----w- c:\programdata\Malwarebytes
2013-11-11 01:58 . 2013-11-11 01:58 -------- d-----w- c:\users\Emily\AppData\Local\Programs
2013-11-10 22:08 . 2013-11-10 22:26 -------- d-----w- c:\program files (x86)\supportdotcom
2013-11-10 22:06 . 2013-11-10 22:06 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2013-11-10 03:27 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-10 03:24 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-11-10 03:06 . 2013-11-10 03:06 -------- d-----w- c:\programdata\SMR410
2013-11-01 19:59 . 2013-11-11 02:16 -------- d-----w- c:\program files (x86)\SearchProtect
2013-11-01 19:59 . 2013-11-01 19:59 -------- d-----w- c:\users\Emily\AppData\Local\NativeMessaging
2013-11-01 14:45 . 2013-11-02 03:00 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-11-01 13:45 . 2013-11-01 13:45 -------- d-----w- c:\users\Emily\AppData\Local\AVG Secure Search
2013-11-01 01:57 . 2013-11-01 01:58 -------- d-----w- c:\users\Emily\AppData\Local\AVG SafeGuard toolbar
2013-11-01 01:57 . 2013-11-01 01:56 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-01 01:56 . 2013-11-01 01:57 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-11-01 01:56 . 2013-11-02 03:00 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-11-01 01:56 . 2013-11-01 01:56 -------- d--h--w- c:\programdata\Common Files
2013-10-20 12:08 . 2013-10-20 12:08 -------- d-----w- c:\programdata\Oracle
2013-10-20 12:08 . 2013-10-20 12:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-20 12:07 . 2013-10-08 11:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-23 13:37 . 2013-10-23 13:37 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-09-25 15:10 . 2013-09-25 15:10 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-25 15:10 . 2013-09-25 15:10 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-09-25 15:10 . 2013-09-25 15:10 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-09-25 15:10 . 2013-09-25 15:10 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-25 15:10 . 2013-09-25 15:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-09-25 15:10 . 2013-09-25 15:10 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-09-25 15:10 . 2013-09-25 15:10 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-09-25 15:10 . 2013-09-25 15:10 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-09-25 15:10 . 2013-09-25 15:10 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-09-25 15:10 . 2013-09-25 15:10 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-09-25 15:10 . 2013-09-25 15:10 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-09-25 15:10 . 2013-09-25 15:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-09-25 15:10 . 2013-09-25 15:10 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-25 15:10 . 2013-09-25 15:10 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-09-25 15:10 . 2013-09-25 15:10 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-25 15:10 . 2013-09-25 15:10 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-09-25 15:10 . 2013-09-25 15:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-09-25 15:10 . 2013-09-25 15:10 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-25 15:10 . 2013-09-25 15:10 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-25 15:10 . 2013-09-25 15:10 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-09-25 15:10 . 2013-09-25 15:10 81408 ----a-w- c:\windows\system32\icardie.dll
2013-09-25 15:10 . 2013-09-25 15:10 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-09-25 15:10 . 2013-09-25 15:10 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-09-25 15:10 . 2013-09-25 15:10 441856 ----a-w- c:\windows\system32\html.iec
2013-09-25 15:10 . 2013-09-25 15:10 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-09-25 15:10 . 2013-09-25 15:10 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-25 15:10 . 2013-09-25 15:10 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-09-25 15:10 . 2013-09-25 15:10 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-09-25 15:10 . 2013-09-25 15:10 235008 ----a-w- c:\windows\system32\url.dll
2013-09-25 15:10 . 2013-09-25 15:10 216064 ----a-w- c:\windows\system32\msls31.dll
2013-09-25 15:10 . 2013-09-25 15:10 197120 ----a-w- c:\windows\system32\msrating.dll
2013-09-25 15:10 . 2013-09-25 15:10 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-25 15:10 . 2013-09-25 15:10 144896 ----a-w- c:\windows\system32\wextract.exe
2013-09-25 15:10 . 2013-09-25 15:10 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-09-25 15:10 . 2013-09-25 15:10 102912 ----a-w- c:\windows\system32\inseng.dll
2013-09-25 15:10 . 2013-09-25 15:10 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-09-25 15:10 . 2013-09-25 15:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-25 15:10 . 2013-09-25 15:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-09-25 15:10 . 2013-09-25 15:10 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-09-25 15:10 . 2013-09-25 15:10 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-09-25 15:10 . 2013-09-25 15:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-09-25 15:10 . 2013-09-25 15:10 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-09-25 15:10 . 2013-09-25 15:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-25 15:10 . 2013-09-25 15:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-25 15:10 . 2013-09-25 15:10 149504 ----a-w- c:\windows\system32\occache.dll
2013-09-25 15:10 . 2013-09-25 15:10 13824 ----a-w- c:\windows\system32\mshta.exe
2013-09-25 15:10 . 2013-09-25 15:10 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-09-25 15:10 . 2013-09-25 15:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-25 15:10 . 2013-09-25 15:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-09-25 15:07 . 2013-09-25 15:07 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-25 15:07 . 2013-09-25 15:07 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-25 15:07 . 2013-09-25 15:07 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-25 15:07 . 2013-09-25 15:07 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-25 15:07 . 2013-09-25 15:07 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-25 15:07 . 2013-09-25 15:07 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-25 15:07 . 2013-09-25 15:07 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-25 15:07 . 2013-09-25 15:07 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-25 15:07 . 2013-09-25 15:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-09-25 15:07 . 2013-09-25 15:07 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-25 15:07 . 2013-09-25 15:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-25 15:07 . 2013-09-25 15:07 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-09-25 15:07 . 2013-09-25 15:07 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-25 15:07 . 2013-09-25 15:07 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-25 15:07 . 2013-09-25 15:07 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-25 15:07 . 2013-09-25 15:07 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-25 15:07 . 2013-09-25 15:07 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-25 15:07 . 2013-09-25 15:07 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-09-25 15:07 . 2013-09-25 15:07 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-25 15:07 . 2013-09-25 15:07 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-25 15:07 . 2013-09-25 15:07 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-09-25 15:07 . 2013-09-25 15:07 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-09-25 15:07 . 2013-09-25 15:07 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-09-25 15:07 . 2013-09-25 15:07 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-25 15:07 . 2013-09-25 15:07 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-09-25 15:07 . 2013-09-25 15:07 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-09-25 15:07 . 2013-09-25 15:07 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-25 15:07 . 2013-09-25 15:07 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-25 15:07 . 2013-09-25 15:07 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-25 15:07 . 2013-09-25 15:07 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-25 15:07 . 2013-09-25 15:07 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-29 01:48 . 2013-11-10 03:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-02 02:59 3353624 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll" [2013-11-02 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 04:13 220608 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 04:13 220608 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 04:13 220608 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20681584]
"BackgroundContainer"="c:\users\Emily\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-14 319264]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-11-11 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" [2009-04-04 385024]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-11-02 2404376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/05/19 00:16;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20131110.003\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20131110.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys;c:\windows\SYSNATIVE\DRIVERS\HCW723x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 12:32 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 01:26]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 01:26]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForEmily.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 04:13 244672 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 04:13 244672 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 04:13 244672 ----a-w- c:\users\Emily\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk - c:\program files (x86)\Caller ID\Caller ID.exe
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk - c:\program files (x86)\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2013-11-11 18:34:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-11 23:34
.
Pre-Run: 1,324,952,137,728 bytes free
Post-Run: 1,334,658,850,816 bytes free
.
- - End Of File - - 554DAD0F1E823C9670E1C7622866ADDB

mensatic · Nov 11, 2013

I was able to figure out how to do the OTL and aswMBR scans. See attached.

kuttus · Nov 12, 2013

Are you able to download files in Internet Explorer now? There was some Root kits on your computer. Combofix removed them...

mensatic · Nov 12, 2013

kuttus said:
Are you able to download files in Internet Explorer now? There was some Root kits on your computer. Combofix removed them...

Yes! Everything seems to be working great. I can't get gifs to run in my Incredimail program, but who cares?!

Thank you very, very, very much for your assistance! Are you part of the Malware Tips team?

kuttus · Nov 12, 2013

Hi mensatic,

Great to hear that it is back to Normal now... Yes I am from MT Malware Removal Team.

Yes it's seems all good only now...

Do you want to try some more Scans so that we can make sure there is no other issues on the computer now...

mensatic · Nov 12, 2013

kuttus said:
Hi mensatic,

Great to hear that it is back to Normal now... Yes I am from MT Malware Removal Team.

Yes it's seems all good only now...

Do you want to try some more Scans so that we can make sure there is no other issues on the computer now...

Sure! I try to always keep a super clean computer. Do you know why I used to be able to see gifs and now I can't? Now they just appear as regular images with no movement. The program used to open them is Picasa from Google (which I installed years ago)

I also wanted to know if there was a way I could donate to this web site. You guys ROCK!!

kuttus · Nov 12, 2013

I will check the Gif File issues.

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts
Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
The tool will open and start scanning your system
Please be patient as this can take a while to complete depending on your system's specifications
On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
Post the contents of JRT.txt into your next reply

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
When it prompts you to try their 30-day trail, click decline
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.

mensatic · Nov 12, 2013

kuttus said:
I will check the Gif File issues.

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts

Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator

The tool will open and start scanning your system

Please be patient as this can take a while to complete depending on your system's specifications

On completion, a log (JRT.txt) will be saved to your desktop and will automatically open

Post the contents of JRT.txt into your next reply

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.

After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.

When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to

Update Malwarebytes' Anti-Malware

and Launch Malwarebytes' Anti-Malware

then click Finish.

If an update is found, it will download and install the latest version.

When it prompts you to try their 30-day trail, click decline

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

When completed, a log will open in Notepad. please copy and paste the log into your next reply

If you accidently close it, the log file is saved here and will be named like this:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.

I downloaded everything successfully and will run the scans tomorrow. Thank so much for your continued help!!

kuttus · Nov 12, 2013

No issues... I am here with you....

mensatic · Nov 13, 2013

kuttus said:
No issues... I am here with you....

I finally got a chance to run the other scans you suggested. I've attached the logs. The Malwarebytes Rootkill scan found 2 malwares. The second scan was clean.

A friend of mine says that Trend Micro Titanium anti virus and malware protection is much better than Norton Antivirus. I'd appreciate your opinion on this. I still have 251 days left in my Norton subscription.

Were you able to figure out why my gifs don't work anymore?

Thanks so much for your help. It is GREATLY appreciated!!

mensatic · Nov 13, 2013

JOY! My gifs are working again now that the malware is gone. Hooray!!!

kuttus · Nov 14, 2013

Great to hear that the Gif Files are working back....

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Scan</>,then confirm each time with <>Ok</>.</li>
<li>After the Scan is Over press on Clean ,then confirm each time with <>Ok</>.
</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> (This link will automatically download ESET Online Scanner on your computer.)</li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> (This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li>System Memory</li>
<li>Hidden startup objects</li>
<li>Disk boot sectors</li>
<li>Local Disk (C: )</li>
<li>Also any other drives (Removable that you may have)</li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

mensatic · Nov 14, 2013

kuttus said:
Great to hear that the Gif Files are working back....

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Scan</>,then confirm each time with <>Ok</>.</li>
<li>After the Scan is Over press on Clean ,then confirm each time with <>Ok</>.
</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> (This link will automatically download ESET Online Scanner on your computer.)</li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> (This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li>System Memory</li>
<li>Hidden startup objects</li>
<li>Disk boot sectors</li>
<li>Local Disk (C: )</li>
<li>Also any other drives (Removable that you may have)</li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

Wow, thanks for all the tools! I'll do this a little later. I really appreciate all your help!!

kuttus · Nov 14, 2013

It's my pleasure Emily.

Let me know when you are ready...

mensatic · Nov 15, 2013

kuttus said:
It's my pleasure Emily. Let me know when you are ready...

I've attached the logs. Wow, Kapersky scan took 12 and a half hours! Kapersky was run last and found no threats, so there wasn't a log.

I can't believe that ESET found 3 more virus threats! Norton Antivirus is NOT doing its job.

Thanks again! Please let me know if I'm finally in the clear.

Virus warnings on all downloads

New Member

Level 2

New Member

Level 2

New Member

New Member

New Member

Attachments

Level 2

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

Attachments

New Member

Level 2

New Member

Level 2

New Member

Attachments

Similar threads