Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Cant run Mbam and roguekiller found some bad stuff?

3504 Views 35 Replies 2 Participants Last post by  Mark1956
I have a desktop PC with Vista HP SP2 32bit. The client complains of no internet access at most times and horrible performance. Well I ran adwcleaner and it deleted prolly 200 entries of adware. He had 2 a/v programs, avast and avira. i successfully removed avast but had to use Revo to remove avira as it seemed corrupted. I am now having trouble running MBAM and that worries me as it makes me think something serious is on this bad bay. Can anyone lend a hand? I will upload FRST in a few moments...
Status
Not open for further replies.
1 - 20 of 36 Posts
Hi Andrew, I got your PM, please post both of the logs from FRST and the RogueKiller log and I'll see what I can do.

As you have removed both the Anti Virus programs I would recommend you install: Microsoft Security Essentials if it will let you.
LOL we are on same page...thats exactly what I was planning to do as IMHO, its more lighter and the system is only 2GB of 667 ram and a OLD pentium dual core...WILL DO THANKS BUDDY!!
I'm off back to work in a few minutes, if you could post the FRST logs and RogueKiller I can then give you my first impression.
ok give me 3 minutes :) its still slow even after what ive done so far so...
ok apparently I deleted the stupid roguekiller log so will get that to you later as it took quite a while to run...heres frst 1 and 2 though:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Gloria (administrator) on GLORIA-PC on 16-07-2014 21:13:50
Running from C:\Users\Gloria\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Solid Oak Software, Inc.) C:\Windows\CComSvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Solid Oak Software, Inc.) C:\Windows\WVCSWD.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Solid Oak Software, Inc.) C:\Windows\Cyb10.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
(Weather Warnings LLC) C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Users\Gloria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOVPM1P6\avira_en_av___ws2.exe
(Avira Operations GmbH & Co. KG) C:\Users\Gloria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOVPM1P6\avira_en_av___ws2.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [C2K] => C:\Windows\Cyb10.exe [5010728 2007-11-19] (Solid Oak Software, Inc.)
HKLM\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~1\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\MountPoints2: {57e3b99a-bd8b-11e1-badf-0019d1a08d5e} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\MountPoints2: {8288ee37-ee55-11dd-9344-0019d1a08d5e} - setupSNK.exe
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\MountPoints2: {89030d4a-ec5c-11e0-9861-806e6f6e6963} - C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
HKU\S-1-5-21-2959302338-3947095310-1867549206-1001\...\MountPoints2: {98e6aec6-9705-11dc-94e9-d932578c2835} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk
ShortcutTarget: NETGEAR WG311T Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
Startup: C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2959302338-3947095310-1867549206-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {92109306-D2EE-4C0E-8CC2-2BC73E8DC799} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {92109306-D2EE-4C0E-8CC2-2BC73E8DC799} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§'2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×-(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: Accelerator Plugin -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Winsock: Catalog9 02 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Winsock: Catalog9 03 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Winsock: Catalog9 04 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Winsock: Catalog9 05 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Winsock: Catalog9 38 C:\Windows\system32\lspcs.dll [159744] (Solid Oak)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.130

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-15]
FF HKCU\...\Firefox\Extensions: [{860ACD79-2F77-EEE2-3D92-149C8347B912}] - C:\Program Files\Buzz-it-soft\158.xpi

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2007-10-31] (Apple, Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 CCOMSVC; C:\Windows\CComSvc.exe [2401576 2007-11-19] (Solid Oak Software, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\system32\STacSV.exe [98304 2007-06-27] (IDT, Inc.) [File not signed]
U2 WVCSWDSVC; C:\Windows\WVCSWD.exe [1153320 2007-11-19] (Solid Oak Software, Inc.)
S2 htfmboczez32; C:\Program Files\003\htfmboczez32.exe run options=01110010030000000000000000000000 sourceguid=0866B8A9-2E46-422F-947B-2C563F566A0E [X]

==================== Drivers (Whitelisted) ====================

S3 AR5211; C:\Windows\System32\DRIVERS\WG311T13.sys [456768 2005-09-20] (Atheros Communications, Inc.) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2010-12-03] (MBB Incorporated)
S3 PTDMBus; C:\Windows\System32\DRIVERS\PTDMBus.sys [29952 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMMdm; C:\Windows\System32\DRIVERS\PTDMMdm.sys [41856 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMVsp; C:\Windows\System32\DRIVERS\PTDMVsp.sys [39936 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMWWAN; C:\Windows\System32\DRIVERS\PTDMWWAN.sys [59520 2007-08-17] (DEVGURU Co,LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [105856 2010-12-03] (ZTE Incorporated)
S3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [105856 2010-12-03] (ZTE Incorporated)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S1 kkcysuwk; \??\C:\Windows\system32\drivers\kkcysuwk.sys [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 21:13 - 2014-07-16 21:14 - 00013068 _____ () C:\Users\Gloria\Desktop\FRST.txt
2014-07-16 21:13 - 2014-07-16 21:13 - 01077248 _____ (Farbar) C:\Users\Gloria\Desktop\FRST.exe
2014-07-16 21:13 - 2014-07-16 21:13 - 00000000 ____D () C:\FRST
2014-07-16 21:05 - 2014-07-16 21:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 21:05 - 2014-07-16 21:05 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 21:05 - 2014-07-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 21:05 - 2014-07-16 21:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 21:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-16 21:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-16 21:04 - 2014-07-16 21:04 - 00000000 ____D () C:\Users\Gloria\Desktop\mbam-chameleon-3.1.4.0
2014-07-16 21:03 - 2014-07-16 21:03 - 00002221 _____ () C:\Users\Gloria\Desktop\JRT.txt
2014-07-16 20:56 - 2014-07-16 20:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 20:39 - 2014-07-16 20:51 - 00000000 ____D () C:\AdwCleaner
2014-07-16 20:39 - 2014-07-16 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 20:38 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 20:34 - 2014-07-16 20:34 - 01016261 _____ (Thisisu) C:\Users\Gloria\Desktop\JRT.exe
2014-07-16 20:32 - 2014-07-16 20:33 - 01348263 _____ () C:\Users\Gloria\Desktop\AdwCleaner.exe

==================== One Month Modified Files and Folders =======

2014-07-16 21:14 - 2014-07-16 21:13 - 00013068 _____ () C:\Users\Gloria\Desktop\FRST.txt
2014-07-16 21:13 - 2014-07-16 21:13 - 01077248 _____ (Farbar) C:\Users\Gloria\Desktop\FRST.exe
2014-07-16 21:13 - 2014-07-16 21:13 - 00000000 ____D () C:\FRST
2014-07-16 21:13 - 2014-04-19 18:00 - 00000000 ____D () C:\Users\Gloria\AppData\Local\StormAlerts
2014-07-16 21:08 - 2014-07-16 21:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 21:05 - 2014-07-16 21:05 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 21:05 - 2014-07-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 21:05 - 2014-07-16 21:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 21:05 - 2006-11-02 07:52 - 01984909 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 21:04 - 2014-07-16 21:04 - 00000000 ____D () C:\Users\Gloria\Desktop\mbam-chameleon-3.1.4.0
2014-07-16 21:03 - 2014-07-16 21:03 - 00002221 _____ () C:\Users\Gloria\Desktop\JRT.txt
2014-07-16 21:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-16 20:56 - 2014-07-16 20:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 20:53 - 2006-11-02 05:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 20:51 - 2014-07-16 20:39 - 00000000 ____D () C:\AdwCleaner
2014-07-16 20:46 - 2013-08-02 19:13 - 00095532 _____ () C:\Windows\WVCSWD_Dbg.txt
2014-07-16 20:46 - 2008-01-02 11:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-16 20:46 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 20:46 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 20:46 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 20:45 - 2007-11-06 18:46 - 00410764 _____ () C:\Windows\PFRO.log
2014-07-16 20:44 - 2006-11-02 08:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 20:43 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-07-16 20:39 - 2014-07-16 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 20:34 - 2014-07-16 20:34 - 01016261 _____ (Thisisu) C:\Users\Gloria\Desktop\JRT.exe
2014-07-16 20:33 - 2014-07-16 20:32 - 01348263 _____ () C:\Users\Gloria\Desktop\AdwCleaner.exe
2014-07-16 20:15 - 2006-11-02 07:52 - 00143857 _____ () C:\Windows\setupact.log
2014-07-16 20:13 - 2013-07-21 13:53 - 00000000 ____D () C:\Windows\system32\MRT

Some content of TEMP:
====================
C:\Users\aiden\AppData\Local\Temp\AskSLib.dll
C:\Users\aiden\AppData\Local\Temp\symlcsv1.exe
C:\Users\Gloria\AppData\Local\Temp\1056_HiDefMedia-1.1.12-win32B-276.exe
C:\Users\Gloria\AppData\Local\Temp\781D_install_flashplayer11x32_mssd_aih.exe
C:\Users\Gloria\AppData\Local\Temp\air1055.exe
C:\Users\Gloria\AppData\Local\Temp\air1195.exe
C:\Users\Gloria\AppData\Local\Temp\air18E.exe
C:\Users\Gloria\AppData\Local\Temp\air2F0B.exe
C:\Users\Gloria\AppData\Local\Temp\air32E9.exe
C:\Users\Gloria\AppData\Local\Temp\air3C7F.exe
C:\Users\Gloria\AppData\Local\Temp\air550D.exe
C:\Users\Gloria\AppData\Local\Temp\air6E.exe
C:\Users\Gloria\AppData\Local\Temp\air71A0.exe
C:\Users\Gloria\AppData\Local\Temp\air741A.exe
C:\Users\Gloria\AppData\Local\Temp\air781E.exe
C:\Users\Gloria\AppData\Local\Temp\air88F8.exe
C:\Users\Gloria\AppData\Local\Temp\air93F7.exe
C:\Users\Gloria\AppData\Local\Temp\air9B29.exe
C:\Users\Gloria\AppData\Local\Temp\airB14C.exe
C:\Users\Gloria\AppData\Local\Temp\airE2CA.exe
C:\Users\Gloria\AppData\Local\Temp\airFD1.exe
C:\Users\Gloria\AppData\Local\Temp\airFD5C.exe
C:\Users\Gloria\AppData\Local\Temp\ApnStub.exe
C:\Users\Gloria\AppData\Local\Temp\AskSLib.dll
C:\Users\Gloria\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gloria\AppData\Local\Temp\comver.dll
C:\Users\Gloria\AppData\Local\Temp\contentDATs.exe
C:\Users\Gloria\AppData\Local\Temp\Couponscom.exe
C:\Users\Gloria\AppData\Local\Temp\eject.exe
C:\Users\Gloria\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gloria\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Users\Gloria\AppData\Local\Temp\ICReinstall_Adobe_Reader_setup.exe
C:\Users\Gloria\AppData\Local\Temp\installer.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih_1.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih_2.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih_3.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih[1].exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer12x32ax_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer12x32ax_gtbd_chrd_dn_aaa_aih_1.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer12x32ax_gtbd_chrd_dn_aaa_aih_2.exe
C:\Users\Gloria\AppData\Local\Temp\install_flashplayer12x32ax_gtbd_chrd_dn_aaa_aih_3.exe
C:\Users\Gloria\AppData\Local\Temp\install_reader10_en_chra_awa_aih.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u33-windows-i586-iftw_137b7395.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Users\Gloria\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Users\Gloria\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gloria\AppData\Local\Temp\mssinstaller.exe
C:\Users\Gloria\AppData\Local\Temp\nsdC1C1.exe
C:\Users\Gloria\AppData\Local\Temp\nsr8EA5.exe
C:\Users\Gloria\AppData\Local\Temp\nsuFAA0.exe
C:\Users\Gloria\AppData\Local\Temp\oi_{E039652B-9993-4B01-8850-DA0703C38969}.exe
C:\Users\Gloria\AppData\Local\Temp\PPCToolbar.dll
C:\Users\Gloria\AppData\Local\Temp\safeguard.exe
C:\Users\Gloria\AppData\Local\Temp\ScamGrd.dll
C:\Users\Gloria\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Gloria\AppData\Local\Temp\SendMsg.dll
C:\Users\Gloria\AppData\Local\Temp\setup.exe
C:\Users\Gloria\AppData\Local\Temp\SPSetup.exe
C:\Users\Gloria\AppData\Local\Temp\vbmz6.exe
C:\Users\Gloria\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Gloria\AppData\Local\Temp\VistaUtils.exe
C:\Users\Gloria\AppData\Local\Temp\VisualBeeSilent.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_1.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_10.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_11.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_12.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_2.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_3.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_4.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_5.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_6.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_7.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_8.exe
C:\Users\Gloria\AppData\Local\Temp\ytb_7.0.9.0_1.4.1_ysp_1.2_pub_us_setup_9.exe
C:\Users\Gloria\AppData\Local\Temp\{37329191-3EA5-4EFE-B8A8-D6A773D141F8}-32.0.1700.107_chrome_installer.exe
C:\Users\Gloria\AppData\Local\Temp\{743EF21C-F810-4398-9FD7-A982EC678915}-32.0.1700.107_chrome_installer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-16 20:53

==================== End Of Log ============================
See less See more
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Gloria at 2014-07-16 21:15:08
Running from C:\Users\Gloria\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AIO_Scan (Version: 90.0.177.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{44734179-8A79-4DEE-BB08-73037F065543}) (Version: 1.1.4.7 - Apple Inc.)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 12.1.9.2400 - Avira)
Bonjour (HKLM\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Buzz-it (HKLM\...\F822F123-DDC6-98E2-4A88-B7D5D638D6D6) (Version: - Buzz-it-software) <==== ATTENTION
C5200 (Version: 90.0.177.000 - Hewlett-Packard) Hidden
C5200_doccd (Version: 90.0.177.000 - Hewlett-Packard) Hidden
c5200_Help (Version: 90.0.177.000 - Hewlett-Packard) Hidden
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CouponBar (HKLM\...\CouponBar5.0.0.5) (Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTION
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CYBERsitter 10 (Version: 10.7.11.19 - Solid Oak Software) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.5.1 - DivX, Inc.)
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{034F8C89-C4F4-4731-A32B-F4294C04729F}) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Hewlett-Packard)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
IDT Audio (HKLM\...\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}) (Version: 5.10.5304.0 - IDT)
Intel Audio Studio 2.7 (HKLM\...\{627FAD5F-6785-4B2A-ADE4-F6783D1912ED}) (Version: 2.7.0.7 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{9F70BF98-003C-491D-81FC-FF9792206AF0}) (Version: 7.6.2.9 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216034FF}) (Version: 6.0.390 - Oracle)
LessTabs (HKLM\...\LessTabs) (Version: 1.7.2.0 - LessTabs)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40825 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WG311T Wireless Adapter (HKLM\...\InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}) (Version: 1.00.0000 - NETGEAR)
NETGEAR WG311T Wireless Adapter (Version: 1.00.0000 - NETGEAR) Hidden
OpenOffice.org 2.3 (HKLM\...\{83C03FBE-4492-4133-BBAB-421CD88ADA32}) (Version: 2.3.9221 - OpenOffice.org)
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PANTECH PC USB Modem Software (HKLM\...\{B29B0066-547B-402c-9C0D-090E2F928A01}) (Version: 3.0.4.0823 - PANTECH CO,.LTD)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
PS_AIO_02_ProductContext (Version: 90.0.177.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 90.0.177.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_min (Version: 90.0.177.000 - Hewlett-Packard) Hidden
PSP Max Media Manager Pro (HKLM\...\PSP Max Media Manager Pro_is1) (Version: - )
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickLink Mobile (HKLM\...\QuickLink Mobile) (Version: 4.7.4 - Smith Micro Software, Inc.)
QuickTime (HKLM\...\{08CA9554-B5FE-4313-938F-D4A417B81175}) (Version: 7.50.61.0 - Apple Inc.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
StormAlerts (HKCU\...\StormAlerts) (Version: 1.0.14.0 - Weather Warnings LLC)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Verizon Wireless AC30 Firmware Updates (HKLM\...\{3F46EA41-3D29-4904-97AD-374826F8D9DC}) (Version: 1.0.8 - Smith Micro Software, Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VZAccess Manager (HKLM\...\{39747ABB-43EB-4ECA-9B46-7C6D2B4C7B32}) (Version: 7.7.1.2 - Smith Micro Software Inc.)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
ZTE USB Drivers (HKLM\...\{5C5BB2C4-54F9-4A17-8845-090C7BEC232C}) (Version: 1.0.012 - ZTE)

==================== Restore Points =========================

13-02-2014 03:00:24 Windows Update
21-02-2014 03:46:10 Windows Update
28-03-2014 01:30:28 Scheduled Checkpoint
29-03-2014 13:34:00 Windows Update
01-04-2014 22:01:53 Scheduled Checkpoint
02-04-2014 08:00:38 Windows Update
19-04-2014 23:27:13 Windows Update
17-07-2014 01:17:47 Removed Ad-Aware 2007
17-07-2014 01:21:53 Removed Driver Restore.
17-07-2014 02:00:59 Windows Update
17-07-2014 02:10:19 avast! antivirus system restore point

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {183B2C61-F75A-4E93-A081-D70B4207BE39} - System32\Tasks\RegFixPro Scheduled Scan => C:\Program Files\RegFixPro\RegFixPro.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {48E9199A-7C80-4A6D-A645-445ED8ABDF39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.)
Task: {85EC08C1-C398-4EFC-B692-FCB232608973} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {A1FB0A12-2E6D-4F8D-9BE1-AEEF89500D97} - System32\Tasks\SoftUpdateDaily => C:\Users\Gloria\AppData\Local\SoftUpdate\SoftUpdate.exe [2014-04-19] ()
Task: {A48436E9-0426-446E-8BDD-04B0EEB9163F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A65120A8-F7C9-4211-8D31-ACD53C1CF00B} - System32\Tasks\SoftUpdateLogon => C:\Users\Gloria\AppData\Local\SoftUpdate\SoftUpdate.exe [2014-04-19] ()
Task: {C7965923-999F-4ACE-8471-71AC8BA91BBF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E414729B-8421-405F-A6E7-F8ACB057409B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FE378D73-B046-4E66-8C72-8A5F523EB224} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\RegFixPro Scheduled Scan.job => C:\Program Files\RegFixPro\RegFixPro.exe

==================== Loaded Modules (whitelisted) =============

2006-02-22 11:59 - 2006-02-22 11:59 - 01486848 _____ () C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
2005-08-31 11:43 - 2005-08-31 11:43 - 00098304 _____ () C:\Program Files\NETGEAR\WG311T\WlanDll.dll
2014-02-25 12:47 - 2014-02-25 12:47 - 00612464 _____ () C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe
2014-07-07 13:54 - 2014-07-07 13:54 - 00315472 _____ () C:\Users\Gloria\AppData\Local\Temp\{142be4a8-895b-4ed9-b1ff-11c76357e3df}\.ba1\Avira.OE.Setup.InstallationCore.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: C2K => C:\Windows\Cyb10.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelAudioStudio => "C:\Program Files\Intel Audio Studio 2.7\IntelAudioStudio.exe" TRAY
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 09:10:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8a4f7fce-2fd9-4be4-a374-b64f41bd7a98}

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/16/2014 09:10:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8a4f7fce-2fd9-4be4-a374-b64f41bd7a98}

CodeIntegrity Errors:
===================================
Date: 2014-07-16 21:15:02.343
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:15:01.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:15:01.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:15:00.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:14:59.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:14:59.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:14:58.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 21:14:57.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-25 18:02:59.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-25 18:02:59.305
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2036.35 MB
Available physical RAM: 911.42 MB
Total Pagefile: 4313.96 MB
Available Pagefile: 3202.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.76 MB

==================== Drives ================================

Drive c: (os_install) (Fixed) (Total:74.53 GB) (Free:27.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: 399A047D)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

And he does have a program "cybersitter" on here too just FYI!
See less See more
There is a Proxy set up in Internet Explorer and a couple of highly suspect services.

This fix should get things going, it also includes remnants from Avira and a few other redundant files. When the fix has run post the log. Then follow that with TFC and then try to run Malwarebytes again and post the log if it does.

Please also uninstall the old version of Java, Buzz-it and CouponBar.

We are now going to run FRST in a different way.

  • IMPORTANT---> First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
  • Launch FRST by double clicking on it. DO NOT click on the Scan button or check any of the boxes.
  • You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on FRST to open it again.
  • When the FRST window opens click on the Fix button just once and wait.
  • You will see a message confirming the fix has been run and the log saved, click on OK and the Fixlog will open. Copy & Paste the full log it into your next reply.

NOTE: This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.


NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the big blue button right next to Author: Old Timer which says Download Now @ Author's Site
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons (they will return after the scan).
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.

Attachments

See less See more
Just noticed Avira is shown by FRST as still being there and is listed in the installed programs list, was FRST run before you removed it?
i think so...? and the proxy could be cybersitter?? He connects thru a verizon 4g hotspot thing I think If i remove proxy would it mess that up?
should I still run the fix then??
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Gloria at 2014-07-17 08:54:46 Run:1
Running from C:\Users\Gloria\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~1\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2959302338-3947095310-1867549206-1003\User: Group Policy restriction detected <======= ATTENTION
ProxyServer: http=127.0.0.1:13828
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ÛŸÆîZ§'2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×-(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
Toolbar: HKCU - No Name - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 htfmboczez32; C:\Program Files\003\htfmboczez32.exe run options=01110010030000000000000000000000 sourceguid=0866B8A9-2E46-422F-947B-2C563F566A0E [X]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S1 kkcysuwk; \??\C:\Windows\system32\drivers\kkcysuwk.sys [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
Task: {183B2C61-F75A-4E93-A081-D70B4207BE39} - System32\Tasks\RegFixPro Scheduled Scan => C:\Program Files\RegFixPro\RegFixPro.exe
Task: C:\Windows\Tasks\RegFixPro Scheduled Scan.job => C:\Program Files\RegFixPro\RegFixPro.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Search Scope Monitor => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}'=> Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2959302338-3947095310-1867549206-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§'2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×-(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä*'=> Key not found.
'HKCR\CLSID\ÛŸÆîZ§'2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×-(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä*'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} => value deleted successfully.
'HKCR\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}'=> Key not found.
AntiVirSchedulerService => Error deleting Service
AntiVirService => Error deleting Service
htfmboczez32 => Service deleted successfully.
avgntflt => Unable to stop service
avgntflt => Error deleting Service
avipbb => Service stopped successfully.
avipbb => Service deleted successfully.
avkmgr => Unable to stop service
avkmgr => Service deleted successfully.
ssmdrv => Service stopped successfully.
ssmdrv => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
kkcysuwk => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{183B2C61-F75A-4E93-A081-D70B4207BE39}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{183B2C61-F75A-4E93-A081-D70B4207BE39}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegFixPro Scheduled Scan => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegFixPro Scheduled Scan' => Key deleted successfully.
C:\Windows\Tasks\RegFixPro Scheduled Scan.job => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====
See less See more
Ok so tried MBAM again...and it asks to update then does so...starts to scan and then says some weird error about corrupted database scan was cancelled. I dont know how to fix that one. And TFC froze and failed to run but am attempting 2nd attempt.

EDIT: TFC successfully completed.
RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Gloria [Admin rights]
Mode : Scan -- Date : 07/17/2014 10:19:52

¤¤¤ Bad processes : 4 ¤¤¤
[Suspicious.Path] Cyb10.exe -- C:\Windows\Cyb10.exe[7] -> KILLED [TermProc]
[Suspicious.Path] StormAlerts.exe -- C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe[7] -> KILLED [TermProc]
[Suspicious.Path] StormAlertsApp.exe -- C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe[7] -> KILLED [TermProc]
[Suspicious.Path] (SVC) CCOMSVC -- C:\Windows\CComSvc.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc[7] -> STOPPED

¤¤¤ Registry Entries : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | C2K : C:\Windows\Cyb10.exe -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CCOMSVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WVCSWDSVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCOMSVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WVCSWDSVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CCOMSVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WVCSWDSVC -> FOUND
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-2959302338-3947095310-1867549206-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-2959302338-3947095310-1867549206-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-2959302338-3947095310-1867549206-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2959302338-3947095310-1867549206-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2959302338-3947095310-1867549206-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Suspicious.Path][File] Storm Alerts.lnk -- C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk [[email protected]] C:\Users\Gloria\AppData\Local\STORMA~1\STORMA~4.EXE /restart -> FOUND
[Suspicious.Path][File] StormAlerts.lnk -- C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk [[email protected]] C:\Users\Gloria\AppData\Local\STORMA~1\STORMA~1.EXE -> FOUND

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST380815AS ATA Device +++++
--- User ---
[MBR] 9eb3ab3c8604e379bc65833ef2db9f4a
[BSP] 715d69ba464f2a3da505d63084802029 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76317 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SRT USB USB Device +++++
--- User ---
[MBR] 013992ef5b910dc0ab2c5756ff168d5d
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15479 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_07162014_222303.log
See less See more
Just back home for a quick break, you did the right thing to continue, the Proxy can always be put back on later if the software doesn't do it automatically.

Most of what RogueKiller found is related to the Cybersitter software and the PUM's I think can be left as they are. There is a process for Cybersitter disabled in Msconfig, if that is of any interest, not sure why that should be if the owner uses it.

To tackle Malwarebytes, try running it in Safe Mode, if still no go, uninstall it and then download and install a fresh copy. Malwarebytes
will try safe mode BUT have reinstalled it 2x already :)
Ok, if it won't run in Safe Mode try running this tool first, immediately after running it (without rebooting) try to run Malwarebytes again.

Please post the log from this even if Mbam still won't run.

Please download RKill
There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and select Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please Copy & Paste the entire log in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.
See less See more
sweet...rkill worked running mbam now!!
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/17/2014
Scan Time: 11:58:33 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Gloria

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 235757
Time Elapsed: 6 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe, 3320, , [4009857af08aee48336b3a5910f28e72]
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe, 808, , [4009857af08aee48336b3a5910f28e72]

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2959302338-3947095310-1867549206-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [88c1cc335d1dc175ee7af150c04235cb],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, , [a7a235ca7802e650c17a80c106fcc937],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, , [0a3f9d62403ac17550ecab963ec44eb2],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\CouponAlert_2p.SkinLauncherSettings, , [4ffa768993e748eef666b1c4f60ca55b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\CouponAlert_2p.SkinLauncherSettings.1, , [bf8ae619e3971b1be676c8adb052b44c],
PUP.Optional.StormAlerts.A, HKU\S-1-5-21-2959302338-3947095310-1867549206-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StormAlerts, , [3b0edf20b2c8a98d28b59ef6e1208c74],
Rogue.RegFixPro, HKU\S-1-5-21-2959302338-3947095310-1867549206-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RegFixPro, , [8fbae21d6d0d3afc6ef8fd1063a0629e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 9
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0603201507, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, , [0544d827166491a5306fc2d11ce67789],
Rogue.RegFixPro, C:\Users\Gloria\AppData\Roaming\RegFixPro, , [0940ba4597e3cd69973e661155ad966a],
Rogue.RegFixPro, C:\Users\Gloria\AppData\Roaming\RegFixPro\Log, , [0940ba4597e3cd69973e661155ad966a],
Rogue.RegFixPro, C:\Users\Gloria\AppData\Roaming\RegFixPro\Registry Backups, , [0940ba4597e3cd69973e661155ad966a],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ulx4k4aae2ol2qv4z4gh51privfp4n1l, , [70d98c73dd9d2610e6cbed9b8f73748c],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ulx4k4aae2ol2qv4z4gh51privfp4n1l\1.6.0.0, , [70d98c73dd9d2610e6cbed9b8f73748c],

Files: 35
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsuninstall.exe, , [3b0edf20b2c8a98d28b59ef6e1208c74],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsU.dat, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe.config, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\SAUpdater.exe, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\SAUpdater.exe.config, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlerts.exe.config, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp.exe, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsApp0.dat, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsBrowser.exe, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\StormAlertsBrowser.exe.config, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\uninstall.exe, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0603201507\3777.0.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0603201507\3777.1.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0603201507\3777.2.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.10.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.11.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.12.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.13.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.14.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.15.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.16.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.5.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.6.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.7.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.8.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\StormAlerts\0605134256\3779.9.tmp, , [4009857af08aee48336b3a5910f28e72],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk, , [0544d827166491a5306fc2d11ce67789],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk, , [ed5cc9368ceec0765c44553efe0434cc],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk, , [fc4d9c6378020630861b761df210966a],
Rogue.RegFixPro, C:\Users\Gloria\AppData\Roaming\RegFixPro\Log\2008 Sep 15 - 10_37_28 AM_526.log, , [0940ba4597e3cd69973e661155ad966a],
Rogue.RegFixPro, C:\Users\Gloria\AppData\Roaming\RegFixPro\Registry Backups\2008-09-15_10-38-22.reg, , [0940ba4597e3cd69973e661155ad966a],
PUP.Optional.StormAlerts.A, C:\Users\Gloria\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ulx4k4aae2ol2qv4z4gh51privfp4n1l\1.6.0.0\user.config, , [70d98c73dd9d2610e6cbed9b8f73748c],

Physical Sectors: 0
(No malicious items detected)

(end)
See less See more
Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/17/2014 11:54:57 AM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\STacSV.exe (PID: 620) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 07/17/2014 11:56:15 AM
Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)
See less See more
1 - 20 of 36 Posts
Status
Not open for further replies.
Top