Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups all the time on computer [Solved]

Started by Sharon Lee , Aug 16 2014 07:20 AM

  • This topic is locked This topic is locked

#106
Sharon Lee
Posted 09 September 2014 - 12:46 PM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

All right, I now know what happened before.  My computer would not let the download go through so the admistrator took over and a blue box came up in the left corner and finished the scan.  Then it saved it to my C disk.  I have tried and tried to get just what you wanted.  I hope this is right.  Bad day..Not good news about my husband.  I am glad I am taxing my mind for right now I don't want to think.

 

 

ComboFix 14-09-09.01 - Sharon 09/09/2014  12:49:52.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.9207.7618 [GMT -4:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-09 to 2014-09-09  )))))))))))))))))))))))))))))))
.
.
2014-09-09 16:52 . 2014-09-09 16:52    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-09-09 16:15 . 2014-09-09 16:15    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\offreg.dll
2014-09-09 16:14 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\mpengine.dll
2014-09-08 18:47 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-05 14:51 . 2014-09-05 14:51    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-08-31 16:52 . 2014-08-31 16:52    --------    d-----w-    c:\users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50 . 2014-08-31 16:50    --------    d-----w-    c:\program files (x86)\Nova Development
2014-08-29 14:33 . 2014-08-19 17:33    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59 . 2013-12-21 09:39    600064    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-29 00:59 . 2013-12-21 07:56    523776    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-08-28 23:34 . 2014-09-01 23:42    --------    d-----w-    c:\programdata\Yahoo!
2014-08-28 00:55 . 2014-08-28 00:55    226304    ----a-w-    c:\windows\system32\elshyph.dll
2014-08-28 00:43 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-28 00:43 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-28 00:43 . 2014-08-23 00:59    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-26 16:14 . 2014-08-26 16:14    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-08-26 16:13 . 2014-08-26 16:13    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:13 . 2014-08-26 16:13    --------    d-----w-    c:\program files (x86)\Java
2014-08-26 16:00 . 2014-08-26 16:02    --------    d-----w-    C:\AdwCleaner
2014-08-18 19:22 . 2014-08-18 19:35    --------    d-----w-    c:\program files (x86)\VS Revo Group
2014-08-18 17:24 . 2014-09-09 12:26    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-18 17:24 . 2014-05-12 11:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 17:24 . 2014-05-12 11:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-08-17 22:20 . 2014-08-18 17:47    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-08-17 22:20 . 2014-08-18 17:46    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2014-08-17 15:36 . 2014-08-17 15:36    --------    d-----w-    c:\users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35 . 2014-08-17 15:37    --------    d-----w-    c:\programdata\SparkTrust
2014-08-16 21:02 . 2014-08-23 00:07    --------    d-----w-    c:\users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01 . 2014-08-16 21:01    --------    d-----w-    c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29 . 2014-08-16 20:45    --------    d-----w-    C:\FRST
2014-08-16 15:35 . 2014-08-16 15:35    --------    d-----w-    c:\users\Sharon\AppData\Roaming\Apple Computer
2014-08-16 15:35 . 2014-09-04 11:13    --------    d-----w-    c:\programdata\ProductData
2014-08-16 15:34 . 2014-08-16 20:59    --------    d-----w-    c:\programdata\IObit
2014-08-16 15:33 . 2014-08-16 15:35    --------    d-----w-    c:\program files (x86)\IObit
2014-08-16 15:02 . 2014-08-16 20:48    --------    d-----w-    c:\program files (x86)\TotalSystemCare
2014-08-16 02:17 . 2014-08-16 02:17    --------    d-----w-    c:\users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17 . 2014-08-16 02:33    --------    d-----w-    c:\programdata\MyTurboPC.com
2014-08-15 16:22 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-15 16:22 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-15 16:22 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-15 16:22 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-15 16:22 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-15 11:58 . 2014-06-25 02:05    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-08-15 11:57 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-15 11:57 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-15 11:57 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-08-15 11:57 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-13 15:13 . 2014-09-01 12:43    --------    d-----w-    c:\users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27 . 2010-05-26 15:41    511328    ----a-w-    c:\windows\system32\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41    470880    ----a-w-    c:\windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41    276832    ----a-w-    c:\windows\system32\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41    248672    ----a-w-    c:\windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41    1998168    ----a-w-    c:\windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27 . 2010-05-26 15:41    2401112    ----a-w-    c:\windows\system32\D3DX9_43.dll
2014-08-12 20:27 . 2014-08-12 20:41    --------    d-----w-    c:\users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:27 . 2014-07-25 14:01    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-08-12 20:27 . 2014-07-25 14:01    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-08-12 20:27 . 2014-07-25 14:01    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-08-12 20:27 . 2014-07-25 14:01    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-08-12 20:27 . 2014-08-12 20:27    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-08-12 20:26 . 2014-07-02 17:44    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-08-12 20:22 . 2014-08-12 20:22    --------    d-----w-    C:\NVIDIA
2014-08-11 23:55 . 2014-08-11 23:55    --------    d-----w-    c:\program files\Microsoft Silverlight
2014-08-11 23:55 . 2014-08-11 23:55    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 17:33 . 2014-05-16 21:08    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-15 16:26 . 2014-05-15 21:31    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-15 00:53 . 2014-05-16 01:35    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53 . 2014-05-16 01:35    699568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 20:48 . 2014-05-15 21:20    75040    ----a-w-    c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-05-15 21:20    61912    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-21 03:03    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-03-21 03:03    16122344    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-03-21 03:03    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-21 03:02    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-21 03:02    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-21 03:02    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 18:55 . 2014-05-15 21:21    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-15 21:21    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-15 21:21    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-15 21:21    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-15 21:21    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-05-15 21:21    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 16:33    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 16:33    646144    ----a-w-    c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe" [2010-04-09 144672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe [2010-12-20 365960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 00:53]
.
2014-09-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-05-18 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?hps=249
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-09  12:54:24
ComboFix-quarantined-files.txt  2014-09-09 16:54
ComboFix2.txt  2014-09-06 20:17
ComboFix3.txt  2014-08-26 16:23
.
Pre-Run: 443,445,035,008 bytes free
Post-Run: 443,364,966,400 bytes free
.
- - End Of File - - A1CFD5914E7E018F790F408D6C21754E
A36C5E4F47E84449FF07ED3517B43A31
 

I have others saved.  Could not find cf scrip on the desktop this time.  I am tireing am I not?  I do the best I can and can do no more.  Sorry that this has turned out to be such a mess.


  • 0

Advertisements

#107
Sharon Lee
Posted 09 September 2014 - 04:55 PM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

Maybe this one worked.  I did it over again and this one may do the trick.

 

Folder::
c:\programdata\SparkTrust
c:\users\Sharon\AppData\Roaming\SparkTrust
c:\programdata\d84b8fff6566939a
c:\users\Sharon\AppData\Local\Packages
c:\users\Sharon\AppData\Local\Comodo
c:\users\Sharon\AppData\Roaming\ProductData
c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
c:\programdata\ProductData
c:\programdata\IObit
c:\program files (x86)\IObit
c:\program files (x86)\TotalSystemCare
c:\users\Sharon\AppData\Roaming\MyTurboPC.com
c:\programdata\MyTurboPC.com

DDS::
uStart Page = hxxp://rr.com/

DirLook::
C:\AdwCleaner
C:\FRSTFolder::
c:\programdata\SparkTrust
c:\users\Sharon\AppData\Roaming\SparkTrust
c:\programdata\d84b8fff6566939a
c:\users\Sharon\AppData\Local\Packages
c:\users\Sharon\AppData\Local\Comodo
c:\users\Sharon\AppData\Roaming\ProductData
c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
c:\programdata\ProductData
c:\programdata\IObit
c:\program files (x86)\IObit
c:\program files (x86)\TotalSystemCare
c:\users\Sharon\AppData\Roaming\MyTurboPC.com
c:\programdata\MyTurboPC.com

DDS::
uStart Page = hxxp://rr.com/

DirLook::
C:\AdwCleaner
C:\FRSTComboFix 14-09-09.01 - Sharon 09/09/2014  12:49:52.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.9207.7618 [GMT -4:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-09 to 2014-09-09  )))))))))))))))))))))))))))))))
.
.
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-09-09 16:15 . 2014-09-09 16:15 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\offreg.dll
2014-09-09 16:14 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\mpengine.dll
2014-09-08 18:47 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-05 14:51 . 2014-09-05 14:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-31 16:52 . 2014-08-31 16:52 -------- d-----w- c:\users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50 . 2014-08-31 16:50 -------- d-----w- c:\program files (x86)\Nova Development
2014-08-29 14:33 . 2014-08-19 17:33 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-08-29 00:59 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-28 23:34 . 2014-09-01 23:42 -------- d-----w- c:\programdata\Yahoo!
2014-08-28 00:55 . 2014-08-28 00:55 226304 ----a-w- c:\windows\system32\elshyph.dll
2014-08-28 00:43 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 00:43 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 00:43 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 16:14 . 2014-08-26 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-26 16:13 . 2014-08-26 16:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:13 . 2014-08-26 16:13 -------- d-----w- c:\program files (x86)\Java
2014-08-26 16:00 . 2014-08-26 16:02 -------- d-----w- C:\AdwCleaner
2014-08-18 19:22 . 2014-08-18 19:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-18 17:24 . 2014-09-09 12:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 17:24 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 17:24 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 22:20 . 2014-08-18 17:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-17 22:20 . 2014-08-18 17:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-08-17 15:36 . 2014-08-17 15:36 -------- d-----w- c:\users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35 . 2014-08-17 15:37 -------- d-----w- c:\programdata\SparkTrust
2014-08-16 21:02 . 2014-08-23 00:07 -------- d-----w- c:\users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01 . 2014-08-16 21:01 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29 . 2014-08-16 20:45 -------- d-----w- C:\FRST
2014-08-16 15:35 . 2014-08-16 15:35 -------- d-----w- c:\users\Sharon\AppData\Roaming\Apple Computer
2014-08-16 15:35 . 2014-09-04 11:13 -------- d-----w- c:\programdata\ProductData
2014-08-16 15:34 . 2014-08-16 20:59 -------- d-----w- c:\programdata\IObit
2014-08-16 15:33 . 2014-08-16 15:35 -------- d-----w- c:\program files (x86)\IObit
2014-08-16 15:02 . 2014-08-16 20:48 -------- d-----w- c:\program files (x86)\TotalSystemCare
2014-08-16 02:17 . 2014-08-16 02:17 -------- d-----w- c:\users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17 . 2014-08-16 02:33 -------- d-----w- c:\programdata\MyTurboPC.com
2014-08-15 16:22 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 16:22 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 16:22 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 16:22 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 16:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 11:58 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-15 11:57 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 11:57 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 11:57 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 11:57 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 15:13 . 2014-09-01 12:43 -------- d-----w- c:\users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-12 20:27 . 2014-08-12 20:41 -------- d-----w- c:\users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:27 . 2014-07-25 14:01 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-12 20:27 . 2014-07-25 14:01 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-12 20:27 . 2014-07-25 14:01 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-12 20:27 . 2014-07-25 14:01 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-12 20:27 . 2014-08-12 20:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-12 20:26 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-12 20:22 . 2014-08-12 20:22 -------- d-----w- C:\NVIDIA
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 17:33 . 2014-05-16 21:08 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-15 16:26 . 2014-05-15 21:31 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-15 00:53 . 2014-05-16 01:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53 . 2014-05-16 01:35 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 20:48 . 2014-05-15 21:20 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-05-15 21:20 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-21 03:03 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-03-21 03:03 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-03-21 03:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-21 03:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-21 03:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-21 03:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 18:55 . 2014-05-15 21:21 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-15 21:21 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-15 21:21 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-15 21:21 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-15 21:21 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-05-15 21:21 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 16:33 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 16:33 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe" [2010-04-09 144672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe [2010-12-20 365960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 00:53]
.
2014-09-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-05-18 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?hps=249
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-09  12:54:24
ComboFix-quarantined-files.txt  2014-09-09 16:54
ComboFix2.txt  2014-09-06 20:17
ComboFix3.txt  2014-08-26 16:23
.
Pre-Run: 443,445,035,008 bytes free
Post-Run: 443,364,966,400 bytes free
.
- - End Of File - - A1CFD5914E7E018F790F408D6C21754E
A36C5E4F47E84449FF07ED3517B43A31


  • 0

#108
Naathim
Posted 10 September 2014 - 12:12 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Nope, it won't.
 
 
But this time ComboFix is located here:

Running from: c:\users\Sharon\Downloads\ComboFix.exe


Try to move the textfile with the script (CFScript) to your downloads folder, so it will be next to ComboFix. Next drag and drop CFScript onto the 51a5bf3d99e8a-ComboFixlogo16.png icon.


  • 0

#109
Sharon Lee
Posted 10 September 2014 - 04:35 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
That is what I have been doing. For some reason Combo fix will not continue on my computer and it goes to the side and finishes up the scan. I have tried it over and over. I have no icon on my desktop. I have a bunch of downloads but no icon. So I tried to move ComboFix to the desktop and then drag CfScript over to drop on top of Combofix many times and thought I had done it. But nope. I am following your instructions to the letter and trying so hard to get this to work. For some reason Combofix will not complete to download so it goes on the desktop. Will be gone most of the day again for going to take my husband for another test. I will try to get back on this evening. I so wish this would go right. Sorry it won't co-operate with me. This machine does not like me. You get up very early or stay up very late for I am up very early this morning.
  • 0

#110
Naathim
Posted 10 September 2014 - 04:39 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Well, I don't know what may cause this...
 
 
See if you are able to download and run this tool:


RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


  • 0

#111
Sharon Lee
Posted 10 September 2014 - 06:21 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

This is what I am getting.  Have to go now but will try it again later.

 

This Connection is Untrusted

You have asked Firefox to connect securely to us.data.toolbar.yahoo.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

us.data.toolbar.yahoo.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)


  • 0

#112
Sharon Lee
Posted 10 September 2014 - 06:27 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sharon [Admin rights]
Mode : Scan -- Date : 09/10/2014  08:26:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 22 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52230;https=127.0.0.1:52230  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52230;https=127.0.0.1:52230  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com...0CBF2E5BF4=  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com...0CBF2E5BF4=  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] uh4rokfq.default-1408223660292 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> FOUND
[PUM.HomePage][FIREFX:Config] uh4rokfq.default-1408223660292 : user_pref("browser.startup.homepage", "http://www.trovi.com...0CBF2E5BF4="); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500620AS ATA Device +++++
--- User ---
[MBR] 695b68375fa931947d1a67d259872a28
[BSP] d85e4d572115a4302d5fe2993520609d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


  • 0

#113
Sharon Lee
Posted 10 September 2014 - 06:28 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

This is what I am getting.  Have to go now but will try it again later.

 

This Connection is Untrusted

You have asked Firefox to connect securely to us.data.toolbar.yahoo.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

us.data.toolbar.yahoo.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

Got this one before I left.  Sure hope it works.


  • 0

#114
Naathim
Posted 10 September 2014 - 06:31 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

:thumbsup:

We will re-run this tool, but this time instead of ony scanning, we will ask it to delete this things. Follow the instructions thoroughly :)

RogueKiller.png Fix with RogueKiller

Please re-run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, the Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


  • 0

#115
Sharon Lee
Posted 10 September 2014 - 04:05 PM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sharon [Admin rights]
Mode : Remove -- Date : 09/10/2014  18:02:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rr.com/  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rr.com/  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] uh4rokfq.default-1408223660292 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> NOT SELECTED
[PUM.HomePage][FIREFX:Config] uh4rokfq.default-1408223660292 : user_pref("browser.startup.homepage", "https://www.yahoo.com/?hps=249"); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500620AS ATA Device +++++
--- User ---
[MBR] 695b68375fa931947d1a67d259872a28
[BSP] d85e4d572115a4302d5fe2993520609d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_09102014_082601.log - RKreport_SCN_09102014_180203.log


  • 0

Advertisements

#116
Sharon Lee
Posted 10 September 2014 - 07:03 PM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

Hello, I did a Malwarebytes Anti-Malware Scan and 18 threats tonight.   Unreal!   I hope I did the other right.  I wanted to ask you if I should delete all 18 of the threats.   You know this could be a good thing, right?  At least we know it works.  At times I would just like to have everything off here and start from scratch but I am not up to that now.  So, I will just be thankful for what does work.  Can I put two card shops on this machine?  I have a new one I want to try but would like to keep the old one on also.  If I sit here long enough I am quite sure I can think of much more to ask you but I won't.  Thank you for all your time.  You are a patient man.


  • 0

#117
Naathim
Posted 10 September 2014 - 11:55 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Hello, I did a Malwarebytes Anti-Malware Scan and 18 threats tonight. Unreal! I hope I did the other right. I wanted to ask you if I should delete all 18 of the threats. You know this could be a good thing, right?

I really can't tell anything without seeing a logfile from this scan. I need to know what were the findings to tell you if they were ok to go.

However, please refrain from self-fixes. First of all I need you to re-run RogueKiller, but after Scan I wanted you to mark things for deletion, choose Delete and after deletion to present the report. Instead that logfile is full of NOT SELECTED entries.

  • Re-run RogueKiller.
  • Pick the Scan option.
  • After the scan make sure that items on the lower tabs are checked for deletion.
  • Click Delete.
  • After deletion click Report and present it here :)

  • 0

#118
Sharon Lee
Posted 11 September 2014 - 07:07 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

This should be it. 

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sharon [Admin rights]
Mode : Remove -- Date : 09/11/2014  09:04:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> REPLACED (http://go.microsoft..../?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> REPLACED (http://go.microsoft..../?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rr.com/  -> REPLACED (http://go.microsoft..../?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rr.com/  -> REPLACED (http://go.microsoft..../?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> REPLACED (http://go.microsoft..../?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3116716917-3147519053-889370201-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> REPLACED (http://go.microsoft....k/?LinkId=54896)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP4T0L0-6 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\tcpip.sys)

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] uh4rokfq.default-1408223660292 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> NOT SELECTED
[PUM.HomePage][FIREFX:Config] uh4rokfq.default-1408223660292 : user_pref("browser.startup.homepage", "https://www.yahoo.com/?hps=249"); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500620AS ATA Device +++++
--- User ---
[MBR] 695b68375fa931947d1a67d259872a28
[BSP] d85e4d572115a4302d5fe2993520609d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_09102014_180226.log - RKreport_SCN_09102014_082601.log - RKreport_SCN_09102014_180203.log - RKreport_SCN_09112014_085813.log


  • 0

#119
Naathim
Posted 12 September 2014 - 02:36 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Very good! RogueKiller removed some amount of trash. :)


Sharon, I need to inform you that I personally will be unavailable until Monday or Tuesday due to some family commitments, but I've asked a friend of mine to keep an eye here so she will continue working with you until all your issues are solved. I'll post when back again :)


For now please try to download and run FRST again:


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


If unsuccesful, please try to generate a new DDS report:


EXEfile7.png Scan with DDS

Please download DDS by sUBs and save it to your desktop.

  • Right-click on EXEfile7.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the console make sure that Attach option is checked and click Start.
  • You will be presented with a black window containing information about the scanning.
  • Upon completion you will be prompted and two logfiles will appear: DDS.txt and Attach.txt.

Please include their content in your next reply.


  • 0

#120
Sharon Lee
Posted 12 September 2014 - 06:43 AM

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

Hello, that is fine.  I will try to do the Farbar recovery again and also  scan with DDS.   I thank you for your time and for getting someone else to help me.  That was very nice of you.  See you Monday or Tuesday.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP