1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Trojan:JS/Medfos.B?

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by malopr, Jul 12, 2014.

  1. malopr

    malopr Established Techie7 Member

    malwarebytes anti-malware will not run so I ran DDS and JRT the first log the JRT followed by the DDS log am in the of buying antivirus program:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Lupita on Sat 07/12/2014 at 13:22:09.78
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name Type Value Data
    ========================================================================================
    videoservice REG_SZ rundll32.exe "c:\users\lupita\appdata\roaming\48d8\videoservice.dll",DllRegisterServer




    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ammyy"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 07/12/2014 at 13:41:55.67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207
    Run by Lupita at 14:25:46 on 2014-07-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2473 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    "svchost.exe"
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    "C:\Windows\SysWOW64\svchost.exe"
    C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Norton Utilities 14\nu.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://applications.marykayintouch.com/Login/Login.aspx?ReturnUrl=%2fcommunity%2fdefault.aspx
    uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
    uRun: [pcreg] C:\Program Files\pcreg\service.exe
    uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    uRun: [videoservice] rundll32.exe "c:\users\lupita\appdata\roaming\48d8\videoservice.dll",DllRegisterServer
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [pcreg] C:\Program Files\pcreg\service.exe
    mRun: [{6e6edf7b-4352-a809-dd6c-4a5380f44db7}] "C:\ProgramData\Microsoft\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}.exe"
    mExplorerRun: [{6e6edf7b-4352-a809-dd6c-4a5380f44db7}] "C:\ProgramData\Microsoft\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}.exe"
    StartupFolder: C:\Users\Lupita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{918D7CA8-06A0-49D5-BB5D-21B5498222A0} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{918D7CA8-06A0-49D5-BB5D-21B5498222A0}\2375942554236383 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{918D7CA8-06A0-49D5-BB5D-21B5498222A0}\659667160254370727563737F6 : DHCPNameServer = 216.228.2.120 216.228.2.148
    TCP: Interfaces\{918D7CA8-06A0-49D5-BB5D-21B5498222A0}\C696E6B6379737 : DHCPNameServer = 68.87.76.182 68.87.78.134
    TCP: Interfaces\{918D7CA8-06A0-49D5-BB5D-21B5498222A0}\E4544574541425 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{C6297AD2-F826-406B-8F1C-D3A3FD91DD4F} : DHCPNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [2014-5-21 61120]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
    R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-8 46376]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-3 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 203264]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-12 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-12 860472]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-12 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-12 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-12 63704]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-4 295424]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-4 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
    S2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe --> C:\Program Files\pcreg\pcreg.exe [?]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-12 61288]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-11 111616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-4 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-5 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-7 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-07-12 20:50:07 -------- d-----w- C:\Users\Lupita\AppData\Local\ElevatedDiagnostics
    2014-07-12 20:22:02 -------- d-----w- C:\Windows\ERUNT
    2014-07-12 20:19:29 -------- d--h--w- C:\dvmexp
    2014-07-12 20:16:25 -------- d-----w- C:\AdwCleaner
    2014-07-12 20:16:07 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-12 20:15:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-07-12 20:15:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-07-12 20:15:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-07-12 20:15:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-12 20:03:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-07-12 20:03:12 -------- d-----w- C:\Users\Lupita\AppData\Local\Programs
    2014-07-12 19:10:41 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4039CBB7-B61E-4E59-A9FE-0F013A292369}\offreg.dll
    2014-07-11 19:26:17 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4039CBB7-B61E-4E59-A9FE-0F013A292369}\mpengine.dll
    2014-07-11 14:15:59 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-07-09 04:05:21 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-07-09 04:05:20 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2014-07-09 04:03:22 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
    2014-07-09 04:03:22 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-07-09 04:03:21 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-07-09 04:03:21 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-07-09 04:02:47 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-07-09 04:02:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-07-09 04:02:47 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-07-09 03:55:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-07-09 03:55:02 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-07-09 03:55:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-07-09 03:36:37 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
    2014-07-08 18:34:38 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
    2014-07-07 18:32:50 -------- d-----w- C:\Users\Lupita\AppData\Local\LogMeIn Rescue Applet
    2014-07-07 18:15:33 -------- d-----w- C:\Windows\pss
    2014-07-07 16:03:27 -------- d-----w- C:\Users\Lupita\AppData\Local\Deployment
    2014-07-07 16:03:27 -------- d-----w- C:\Users\Lupita\AppData\Local\Apps
    2014-06-26 19:28:41 -------- d-----w- C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF
    .
    ==================== Find3M ====================
    .
    2014-07-09 04:12:38 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 04:12:38 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-06 23:40:56 61120 ----a-w- C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 14:26:36.01 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/27/2010 7:20:48 PM
    System Uptime: 7/12/2014 1:34:55 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 143F
    Processor: AMD Phenom(tm) II N930 Quad-Core Processor | Socket S1G4 | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 445 GiB total, 380.591 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 2.969 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP332: 5/31/2014 8:48:57 PM - Windows Update
    RP333: 6/8/2014 1:12:50 PM - Windows Update
    RP334: 6/11/2014 2:56:19 PM - Windows Update
    RP335: 6/12/2014 8:34:04 AM - Windows Update
    RP336: 6/17/2014 7:30:22 PM - Windows Update
    RP337: 6/24/2014 2:32:22 PM - Windows Update
    RP338: 7/2/2014 4:21:45 PM - Windows Update
    RP339: 7/7/2014 1:46:09 PM - Windows Update
    RP340: 7/8/2014 9:21:09 PM - Windows Update
    RP341: 7/11/2014 12:24:49 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    64 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 14 ActiveX
    Adobe Reader 9.5.4 MUI
    Adobe Shockwave Player
    AMD USB Filter Driver
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    Bejeweled 2 Deluxe
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    BufferChm
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    DocMgr
    DocProc
    Dora's Carnival Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    Fax
    GPBaseService2
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP Imaging Device Functions 13.0
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Movies and TV
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Officejet 4500 G510n-z
    HP Photo Creations
    HP Power Plan Utility
    HP Quick Launch
    HP QuickWeb Installer
    HP Setup
    HP Smart Web Printing 4.5
    HP Software Framework
    HP Solution Center 13.0
    HP Tone Control
    HP Update
    HP User Guides 0193
    HP Wireless Assistant
    HPProductAssistant
    HPSSupply
    Hulu Desktop
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 26
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 2.0.2.1012
    MarketResearch
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The New York Fortune
    Network64
    Norton Utilities
    OCR Software by I.R.I.S. 13.0
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    Scan
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    TextTwist 2
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Virtual Families
    Virtual Villagers - The Secret City
    WebReg
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/12/2014 2:17:00 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147467259
    7/12/2014 2:17:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259
    .
    ==== End Of File ===========================
     
  2. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Hello and welcome to Techie7.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please run MBAM in Safe Mode with NetWorking.
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    [​IMG] Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Malwarebytes' Anti-Rootkit
    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  3. malopr

    malopr Established Techie7 Member

    Hello Superdave
    Malwarebytes Anti-Malware will not run in safe mode with networking. do you want me to run the other programs
     
  4. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Yes, please.
     
  5. malopr

    malopr Established Techie7 Member

    here are the logs:
    # AdwCleaner v3.215 - Report created 12/07/2014 at 13:16:28
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Lupita - LUPITA-PC
    # Running from : C:\Users\Lupita\Desktop\adwcleaner_3.215.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : SupraSavingsService64
    Service Found : vxlsnyaiet64

    ***** [ Files / Folders ] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Uninstall.exe
    Folder Found : C:\Program Files (x86)\Bench
    Folder Found : C:\Program Files\003
    Folder Found : C:\Program Files\pcreg
    Folder Found : C:\Program Files\SupraSavings
    Folder Found : C:\Users\Lupita\Documents\PC Speed Maximizer

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Supra Savings
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\Software\DeviceVM
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : [x64] HKLM\SOFTWARE\DeviceVM
    Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKLM\SOFTWARE\Supra Savings
    Key Found : [x64] HKLM\SOFTWARE\suprasavings

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    *************************

    AdwCleaner[R0].txt - [2354 octets] - [12/07/2014 13:16:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2414 octets] ##########
    # AdwCleaner v3.215 - Report created 12/07/2014 at 13:18:01
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Lupita - LUPITA-PC
    # Running from : C:\Users\Lupita\Desktop\adwcleaner_3.215.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : SupraSavingsService64
    Service Deleted : vxlsnyaiet64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\Bench
    Folder Deleted : C:\Program Files\003
    Folder Deleted : C:\Program Files\pcreg
    Folder Deleted : C:\Program Files\SupraSavings
    Folder Deleted : C:\Users\Lupita\Documents\PC Speed Maximizer
    File Deleted : C:\Uninstall.exe
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
    Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
    Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
    Key Deleted : [x64] HKLM\SOFTWARE\suprasavings

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    *************************

    AdwCleaner[R0].txt - [2522 octets] - [12/07/2014 13:16:28]
    AdwCleaner[S0].txt - [2311 octets] - [12/07/2014 13:18:01]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2371 octets] ##########

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.07.13.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17207
    Lupita :: LUPITA-PC [administrator]

    7/13/2014 3:58:07 PM
    mbar-log-2014-07-13 (15-58-07).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 304355
    Time elapsed: 44 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [611bd6456a577ba5cf2e993f2c0e00a3]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  6. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Don't be surprised if this fails to run.
    Download Security Check by screen317 from one of the following links and save it to your desktop.
    Link 1
    Link 2
    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.
    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    *************************************************
    ESET Online Scan
    Scan your computer with the ESET FREE Online Virus Scan
    * Click the ESET Online Scanner button.
    * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
    * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
    * Place a check mark next to YES, I accept the Terms of Use.
    * Click the Start button.
    * Accept any security warnings from your browser.
    * Leave the check mark next to Remove found threats and place a check next to Scan archives.
    * Click the Start button.
    * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
    * When the scan completes, click List of found threats.
    * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
    * Click the Back button then click Finish.
    In your next reply please include the ESET Online Scan Log
     
  7. malopr

    malopr Established Techie7 Member

    Here are the logs:

    Results of screen317's Security Check version 0.99.85
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 26
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````


    C:\Users\All Users\Microsoft\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}.exe a variant of Win32/Kryptik.CCTK trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RedUS96[1].exe Win32/Conduit.SearchProtect.M potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\003\vxlsnyaiet64.exe.vir a variant of Win64/Adware.Adpeak.C application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\pcreg\a.exe.vir Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\pcreg\pcreg.exe.vir a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\pcreg\service.exe.vir Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
    C:\ProgramData\Microsoft\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}\{6e6edf7b-4352-a809-dd6c-4a5380f44db7}.exe a variant of Win32/Kryptik.CCTK trojan cleaned by deleting (after the next restart) - quarantined
    C:\temp\embededstub_new2.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
    C:\temp\guardian.exe a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
    C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\temp\red.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\temp\t.msi a variant of Win32/AdWare.Adpeak.I application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64S0ICCU\main[1].htm JS/Kryptik.ARJ trojan cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Local\Temp\file_to_run551053.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\file_to_run551106.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\file_to_run55122.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\jar_cache3437752483403398413.tmp multiple threats cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Local\Temp\notepad.exe a variant of Generik.LNTXLMS trojan cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nscF09A.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsg213A.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsgA25A.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsgD31A.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nshCB6D.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsl2159.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsmB84C.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsmB8E5.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsx9F6D.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\speedmax_15831.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Local\Temp\updater_146952.exe Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\mgsfmsuml\mgsfmsuml.dll a variant of Generik.LNTXLMS trojan cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsb8650\SpSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsc7FAB.tmp\spdownloader.exe Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsgB06D\SpSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nsmABDA.tmp\MiniStubUtils.dll Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\Local\Temp\nssFCF6.tmp\StubUtils.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
    C:\Users\Lupita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\32a0270-47f0e3b1 a variant of Win32/Kryptik.CCTK trojan cleaned by deleting - quarantined
    C:\Users\Lupita\AppData\Roaming\48D8\videoservice.dll a variant of Generik.LNTXLMS trojan cleaned by deleting (after the next restart) - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RedUS96[1].exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    C:\Windows\Temp\file_1975.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
    Operating memory multiple threats
     
  8. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Looking over your log it seems you don't have any antivirus software.
    Before we continue download and install a free antivirus.
    Remember to only install one antivirus!


    1) Avast! Home Edition
    2) AVG Free Edition
    3) Avira AntiVir Personal
    4) MicroSoft Security Essentials All versions and all languages.
    5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
    6) PC Tools AntiVirus Free Edition
    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
    ***********************************************
    Update Your Java (JRE)
    Old versions of Java have vulnerabilities that malware can use to infect your system.

    First Verify your Java Version
    If there are any other version(s) installed then update now.
    Get the new version (if needed)
    If your version is out of date install the newest version of the Sun Java Runtime Environment.
    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Be sure to close ALL open web browsers before starting the installation.
    Remove any old versions
    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.
    Additional Note:
    The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    ********************************************
    Did you ever get MBAM to run?
    Malwarebytes' Anti-Rootkit
    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  9. malopr

    malopr Established Techie7 Member

    Installed AVG, MBAN still will not run , updated Java and ran Malwarebytes' Anti-Rootkit did no produce reports cause no malicious programs were found.
     
  10. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Ok. How's your computer running now? Any other issues?
     
  11. malopr

    malopr Established Techie7 Member

    no more pop ups and internet explorer loads faster and I don't have to click on the icon for internet explore several times on the task bar to get it started.
     
  12. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    Ok, let's do some clean up.
    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create Registry backup
    • Purge System Restore Points
    • Re-set system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.
    *******************************************
    Click Start> Computer> right click the C Drive and choose Properties> enter
    Click Disk Cleanup from there.
    [​IMG]
    Click OK on the Disk Cleanup Screen.
    Click Yes on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    ****************************************
    Go to Microsoft Windows Update and get all critical updates.
    ----------
    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!
     
  13. malopr

    malopr Established Techie7 Member

    Is my PC clean of Trojan horse and any other viruses and also should I delete the malwarebyte anti malware program or is there any thing I can do to get it to work
     
  14. Superdave

    Superdave Super Moderator Techie7 Moderator Head Security

    As clean as I can make it. the Delfix program should remove all the tools we used but you can download MBAM again and keep it on your computer. Update it and run it on a regular basis.