Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My wife said I could get a new guitar if her PC is fixed!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 22nd, 2014, 10:58 am

Hi again,
I tried a reboot and then to run OTL again.
It stopped - OTL not Responding.
The file being scanned at the time was:

HKEY_LOCAL_MACHINE\SOFTWARE\WINDOWSNT\CurrentVersion\Preflib\009\Help.

Not sure this this might be helpful?

Thanks,
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm
Advertisement
Register to Remove

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 22nd, 2014, 11:15 am

Hello Walshie100,

I tried a reboot and then to run OTL again.
It stopped - OTL not Responding.
The file being scanned at the time was:

HKEY_LOCAL_MACHINE\SOFTWARE\WINDOWSNT\CurrentVersion\Preflib\009\Help.

Not sure this this might be helpful?
Yes, thank you - it is helpful! In such case please do the following:

ComboFix Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 22nd, 2014, 1:19 pm

Hi,
Thanks for sticking with me in this.
Browsing seems much better now, no big pauses and much more responsive.

ComboFix output file is here:
ComboFix 14-03-19.01 - Clare 22/03/2014 17:08:52.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3539.2162 [GMT 0:00]
Running from: c:\users\Clare\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Clare\AppData\Local\assembly\tmp
c:\users\Clare\g2mdlhlpx.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2014-02-22 to 2014-03-22 )))))))))))))))))))))))))))))))
.
.
2014-03-22 17:14 . 2014-03-22 17:15 -------- d-----w- c:\users\Clare\AppData\Local\temp
2014-03-22 17:14 . 2014-03-22 17:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-03-22 17:14 . 2014-03-22 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-22 17:14 . 2014-03-22 17:14 -------- d-----w- c:\users\Connors Itunes\AppData\Local\temp
2014-03-22 17:14 . 2014-03-22 17:14 -------- d-----w- c:\users\Connor itunes\AppData\Local\temp
2014-03-20 07:38 . 2014-03-22 16:49 0 ----a-w- c:\users\Clare\AppData\Local\WavXMapDrive.bat
2014-03-20 07:30 . 2014-03-20 07:15 24064 ----a-w- c:\windows\zoek-delete.exe
2014-03-20 07:15 . 2014-03-20 07:27 -------- d-----w- C:\zoek_backup
2014-03-20 07:03 . 2014-03-20 07:03 -------- d-----w- C:\_OTL
2014-03-19 18:20 . 2014-03-19 18:20 -------- d-----w- C:\MGADiagToolOutput
2014-03-19 18:20 . 2014-03-19 18:20 -------- d-----w- c:\programdata\Office Genuine Advantage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 22:28 . 2014-02-01 16:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 22:28 . 2011-08-22 16:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-01 17:31 . 2014-02-01 17:31 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-01 17:31 . 2014-02-01 17:31 185344 ----a-w- c:\windows\system32\elshyph.dll
2014-02-01 17:31 . 2014-02-01 17:31 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-01 17:31 . 2014-02-01 17:31 1767936 ----a-w- c:\windows\system32\wininet.dll
2014-02-01 17:31 . 2014-02-01 17:31 158720 ----a-w- c:\windows\system32\msls31.dll
2014-02-01 17:31 . 2014-02-01 17:31 523264 ----a-w- c:\windows\system32\vbscript.dll
2014-02-01 17:31 . 2014-02-01 17:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-01 17:31 . 2014-02-01 17:31 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-02-01 17:31 . 2014-02-01 17:31 138752 ----a-w- c:\windows\system32\wextract.exe
2014-02-01 17:31 . 2014-02-01 17:31 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-01 17:31 . 2014-02-01 17:31 12800 ----a-w- c:\windows\system32\mshta.exe
2014-02-01 17:31 . 2014-02-01 17:31 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-01 17:31 . 2014-02-01 17:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-01 17:31 . 2014-02-01 17:31 38400 ----a-w- c:\windows\system32\imgutil.dll
2014-02-01 17:31 . 2014-02-01 17:31 2877952 ----a-w- c:\windows\system32\jscript9.dll
2014-02-01 17:31 . 2014-02-01 17:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-01 17:31 . 2014-02-01 17:31 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-01 17:31 . 2014-02-01 17:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-01 17:31 . 2014-02-01 17:31 361984 ----a-w- c:\windows\system32\html.iec
2014-02-01 17:31 . 2014-02-01 17:31 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-02-01 17:31 . 2014-02-01 17:31 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-01 17:31 . 2014-02-01 17:31 23040 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-01 17:31 . 2014-02-01 17:31 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-01 17:30 . 2014-02-01 17:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-02-01 17:30 . 2014-02-01 17:30 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-01 17:30 . 2014-02-01 17:30 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-02-01 17:30 . 2014-02-01 17:30 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-01 17:30 . 2014-02-01 17:30 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-02-01 17:30 . 2014-02-01 17:30 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-02-01 17:30 . 2014-02-01 17:30 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-02-01 17:30 . 2014-02-01 17:30 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-01 17:30 . 2014-02-01 17:30 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-02-01 17:30 . 2014-02-01 17:30 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-02-01 17:30 . 2014-02-01 17:30 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-01 17:30 . 2014-02-01 17:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-01 17:30 . 2014-02-01 17:30 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-02-01 17:30 . 2014-02-01 17:30 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-02-01 17:30 . 2014-02-01 17:30 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-01 17:30 . 2014-02-01 17:30 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-02-01 17:30 . 2014-02-01 17:30 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-01 17:30 . 2014-02-01 17:30 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-02-01 17:29 . 2014-02-01 17:29 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 14:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe" [2012-07-24 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 147328]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-19 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICF]
2013-09-02 06:44 3331920 ----a-w- c:\program files\Internet Content Filter\mfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-08-07 213232]
S1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\Drivers\NEOFLTR_700_16899.SYS [2010-10-23 84336]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-08-07 169320]
S2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files\Internet Content Filter\mfeicfcore.exe [2013-09-02 2048504]
S2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2013-09-02 1654520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-08-07 172416]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 540288]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-22 29472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-08-07 365224]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - Avgldx86
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-01 22:28]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:02]
.
2014-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\users\Clare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\wvauth.DLL
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
.
Completion time: 2014-03-22 17:16:30
ComboFix-quarantined-files.txt 2014-03-22 17:16
.
Pre-Run: 190,471,864,320 bytes free
Post-Run: 189,994,872,832 bytes free
.
- - End Of File - - D8B25D57B632959824DA5E5D2C0E0AED
A36C5E4F47E84449FF07ED3517B43A31
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 22nd, 2014, 9:27 pm

Hello Walshie100,

Browsing seems much better now, no big pauses and much more responsive.
Nice! It is the first the good news after a long bad luck! :D But we are not finished yet...

ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer, Google Chrome, or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 23rd, 2014, 7:18 am

Hi,
The performance is sooo much better when browsing.
Eset found two threats as follows:

C:\Users\Clare\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Clare\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

Thanks v m.
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 23rd, 2014, 2:20 pm

Hello Walshie100,

The performance is sooo much better when browsing.
I am glad to read it! :D Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\Clare\Downloads\ccsetup323.exe
    C:\Users\Clare\Downloads\ccsetup409.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Then:
As you have Malwarebytes' Anti-Malware (MBAM) installed on your computer , could you please do a scan using these settings:

Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
  1. Make sure you are connected to the Internet - the MBAM version 1.70.0.1100 is out of date and you will need to update it.
  2. Launch Malwarebytes, then click > Settings Tab > Scanner Settings > Under action for PUP > make sure Show in Results List and Check for removal is selected.
  3. Then under Update Tab please click Check for Updates - you need to update both engine (most recent version is 1.75.0.1330) and database.
    On the Scanner tab:
    1. Make sure the "Perform Full Scan" option is selected.
    2. Then click on the Scan button.
    3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    6. Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later if needed.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 23rd, 2014, 4:49 pm

Hi,
Contents of the OTL txt file is here:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Clare\Downloads\ccsetup323.exe not found.
File\Folder C:\Users\Clare\Downloads\ccsetup409.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Clare
->Temp folder emptied: 1098641 bytes
->Temporary Internet Files folder emptied: 3265222 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 291 bytes

User: Connor itunes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Connors Itunes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58313 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03232014_204209

Files\Folders moved on Reboot...
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



I'll post the Mbam outcome is a short while once it has run.
Thanks v m.
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 23rd, 2014, 6:38 pm

Hi,
The MaB scan complete with no threats found:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
Clare :: CLARE-PC [administrator]

23/03/2014 20:50:12
mbam-log-2014-03-23 (20-50-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426130
Time elapsed: 1 hour(s), 40 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks,
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 23rd, 2014, 8:13 pm

Hello Walshie100,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

You have a couple of important applications which are out of date. I meant your AntiVirus software (AVG 2011) and Adobe Reader (v. 9.5.5).

Step 1.
Update Adobe Reader
Your version of Adobe Reader 9.5.5 is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files - you can use the Acrobat software for your other needs.

Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Adobe Reader 9.5.5
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader XI - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u51) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Check "Accept License Agreement "
  3. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-7u51-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 5.
ComboFix - Cleanup
Time for some housekeeping
  1. Click on Start, then click the Start Search box on the Start Menu..
  2. Copy and paste the following into the text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    [b][color=darkred]Combofix /Uninstall[/color][/b]
  3. Click the OK button.

Step 6.
Remove all used tools and their log files not removed by OTL if they remain on your desktop.
  • DDS
  • SystemLook
  • Zoek

Then:
Please don't forget to enable and update all your defense software!
I can recommend you to install Avast Free Antivirus or Microsoft Security Essentials instead of your current AVG 2011.

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

P.S. I hope you can obtain your new guitar! ;)

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 24th, 2014, 4:09 am

Hi,
Thanks so much for all your help and patience!
I really appreciate it!
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Cypher » March 24th, 2014, 12:28 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware