Please help me get rid of ads.directrev

Posted 2/16/2013 3:38 AM
#95101
User avatar

designtech Member

Date Joined Nov 2016
Total Posts: 4
Hi, I'd appreciate any help you can give me in trying to help my father-in-law get rid of the directrev ads from his computer. I ran through the instructions here http://forum.bullguard.com/forum/9/Before-posting-a-log_43562.html, and the log files are below. <br/> <br/>Thanks in advance!sdf <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 9:18:33 PM, on 2/15/2013 <br/>Platform: Unknown Windows (WinNT 6.01.3505 SP1) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16464) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe <br/>C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe <br/>C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe <br/>C:\Program Files (x86)\SiteRanker\SiteRankTray.exe <br/>C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>C:\Users\Steven Wells\AppData\Roaming\mjusbsp\magicJack.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=56553746-1375-47e2-817b-809e02a2046d&searchtype=ds&q={searchTerms} <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116&lng=en <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=56553746-1375-47e2-817b-809e02a2046d&searchtype=ds&q={searchTerms} <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=56553746-1375-47e2-817b-809e02a2046d&searchtype=ds&q={searchTerms} <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116&lng=en <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>F2 - REG:system.ini: UserInit=userinit.exe, <br/>O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll <br/>O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll <br/>O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O3 - Toolbar: (no name) - {ece24dcf-8548-4655-b392-47a388721482} - (no file) <br/>O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) <br/>O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe <br/>O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" <br/>O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" <br/>O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~1.EXE <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [cdloader] "C:\Users\Steven Wells\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK <br/>O4 - HKCU\..\Run: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun <br/>O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steven Wells\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver <br/>O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe <br/>O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm <br/>O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm <br/>O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) <br/>O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O13 - Gopher Prefix: <br/>O15 - Trusted Zone: my.magicjack.com <br/>O15 - Trusted Zone: reg.talk4free.com <br/>O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} (VersionControl Class) - http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{14A4C815-30A4-487B-A65C-B991E0733348}: NameServer = 67.90.152.122,67.107.71.186 <br/>O17 - HKLM\System\CS1\Services\Tcpip\..\{14A4C815-30A4-487B-A65C-B991E0733348}: NameServer = 67.90.152.122,67.107.71.186 <br/>O17 - HKLM\System\CS2\Services\Tcpip\..\{14A4C815-30A4-487B-A65C-B991E0733348}: NameServer = 67.90.152.122,67.107.71.186 <br/>O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file) <br/>O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~2\Datamngr\IEBHO.dll <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe <br/>O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\CA\PCPitstopScheduleService.exe <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe <br/>O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe <br/>O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/> <br/>-- <br/>End of file - 13878 bytes <br/> <br/>Malwarebytes Anti-Malware 1.70.0.1100 <br/>www.malwarebytes.org <br/> <br/>Database version: v2013.02.16.01 <br/> <br/>Windows 7 Service Pack 1 x64 NTFS <br/>Internet Explorer 9.0.8112.16421 <br/>Steven Wells :: STEVENWELLS-PC [administrator] <br/> <br/>2/15/2013 8:25:28 PM <br/>mbam-log-2013-02-15 (20-25-28).txt <br/> <br/>Scan type: Full scan (C:\|F:\|Q:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 409542 <br/>Time elapsed: 36 minute(s), 36 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 1 <br/>HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end) <br/> <br/>DDS log files to follow...
Posted 2/16/2013 3:38 AM
#95102
User avatar

designtech Member

Date Joined Nov 2016
Total Posts: 4
DDS (Ver_2012-11-20.01) - NTFS_AMD64 <br/>Internet Explorer: 9.0.8112.16464 <br/>Run by Steven Wells at 21:06:28 on 2013-02-15 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6071.3434 [GMT -6:00] <br/>. <br/>AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA} <br/>SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857} <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>============== Running Processes =============== <br/>. <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Program Files (x86)\Acer\Registration\GREGsvc.exe <br/>C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt <br/>C:\Windows\System32\svchost.exe -k HPZ12 <br/>C:\Windows\System32\svchost.exe -k HPZ12 <br/>C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Program Files\Acer\Acer Updater\UpdaterService.exe <br/>C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE <br/>C:\Windows\system32\svchost.exe -k HPService <br/>C:\Windows\System32\WUDFHost.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe <br/>C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe <br/>C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe <br/>C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe <br/>C:\Program Files (x86)\SiteRanker\SiteRankTray.exe <br/>C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe <br/>C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>C:\Windows\System32\svchost.exe -k LocalServicePeerNet <br/>C:\Users\Steven Wells\AppData\Roaming\mjusbsp\magicJack.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe <br/>C:\Program Files (x86)\Internet Explorer\IELowutil.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\System32\cscript.exe <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = hxxp://www.searchnu.com/406 <br/>uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=56553746-1375-47e2-817b-809e02a2046d&searchtype=ds&q={searchTerms} <br/>mStart Page = about:blank <br/>uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=56553746-1375-47e2-817b-809e02a2046d&searchtype=ds&q={searchTerms} <br/>uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:6266754324&ie=ISO-8859-1&sa=Search&q=%s <br/>mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80116&lng=en <br/>mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116 <br/>mURLSearchHooks: {ece24dcf-8548-4655-b392-47a388721482} - <orphaned> <br/>mWinlogon: Userinit = userinit.exe, <br/>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll <br/>BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll <br/>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll <br/>BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll <br/>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <br/>BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> <br/>EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll <br/>EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll <br/>uRun: [cdloader] "C:\Users\Steven Wells\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK <br/>uRun: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun <br/>uRun: [Facebook Update] "C:\Users\Steven Wells\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver <br/>uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <br/>mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe <br/>mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" <br/>mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" <br/>mRun: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" <br/>mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe <br/>mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~1.EXE <br/>mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent <br/>StartupFolder: C:\Users\STEVEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe <br/>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BILLMI~1.LNK - C:\QUICKENW\BILLMIND.EXE <br/>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>mPolicies-Explorer: NoActiveDesktop = dword:1 <br/>mPolicies-Explorer: NoActiveDesktopChanges = dword:1 <br/>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 <br/>mPolicies-System: ConsentPromptBehaviorUser = dword:3 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm <br/>IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 <br/>IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>TCP: NameServer = 172.16.6.1 <br/>TCP: Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348} : NameServer = 67.90.152.122,67.107.71.186 <br/>TCP: Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348} : DHCPNameServer = 172.16.6.1 <br/>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - <orphaned> <br/>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~2\Datamngr\IEBHO.dll <br/>SSODL: WebCheck - <orphaned> <br/>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome <br/>x64-mStart Page = about:blank <br/>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL <br/>x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll <br/>x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file> <br/>x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> <br/>x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s <br/>x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe <br/>x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe <br/>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <br/>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> <br/>x64-Notify: igfxcui - igfxdev.dll <br/>x64-SSODL: WebCheck - <orphaned> <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-1-29 707528] <br/>R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2012-9-28 145696] <br/>R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-7-20 103504] <br/>R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] <br/>R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] <br/>R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-8 13336] <br/>R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] <br/>R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-8 243232] <br/>R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-10-25 68416] <br/>R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2012-12-10 261056] <br/>R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-20 317440] <br/>R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] <br/>R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-27 1813056] <br/>R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-2 648808] <br/>R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] <br/>R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] <br/>R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] <br/>R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] <br/>R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] <br/>S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-1-29 589000] <br/>S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2012-10-25 82384] <br/>S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?] <br/>S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] <br/>S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2011-6-20 90864] <br/>S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] <br/>S3 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-21 1255736] <br/>S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2013-02-16 02:23:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys <br/>2013-02-16 02:23:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware <br/>2013-02-14 05:05:29 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll <br/>2013-02-14 05:05:29 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll <br/>2013-02-13 18:30:01 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe <br/>2013-02-13 18:30:00 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe <br/>2013-02-13 18:30:00 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe <br/>2013-02-13 18:29:44 3153408 ----a-w- C:\Windows\System32\win32k.sys <br/>2013-02-13 18:29:40 25600 ----a-w- C:\Windows\SysWow64\setup16.exe <br/>2013-02-13 18:29:40 215040 ----a-w- C:\Windows\System32\winsrv.dll <br/>2013-02-13 18:29:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe <br/>2013-02-13 18:29:39 5120 ----a-w- C:\Windows\SysWow64\wow32.dll <br/>2013-02-13 18:29:39 2048 ----a-w- C:\Windows\SysWow64\user.exe <br/>2013-02-13 18:29:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll <br/>2013-02-13 18:29:30 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS <br/>2013-02-13 18:29:30 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys <br/>2013-02-02 23:40:35 -------- d-----w- C:\Program Files\CCleaner <br/>2013-01-29 21:20:10 707528 ----a-w- C:\Windows\System32\drivers\avc3.sys <br/>2013-01-29 21:19:24 589000 ----a-w- C:\Windows\System32\drivers\avckf.sys <br/>2013-01-27 02:09:56 -------- d-----w- C:\Users\Steven Wells\AppData\Roaming\WildTangent <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2013-02-09 23:11:00 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-02-09 23:11:00 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe <br/>2013-01-29 21:18:05 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys <br/>2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll <br/>2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll <br/>2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl <br/>2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe <br/>2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll <br/>2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb <br/>2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll <br/>2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll <br/>2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl <br/>2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe <br/>2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll <br/>2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb <br/>2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll <br/>2012-12-20 19:10:12 741 ----a-w- C:\Windows\SysWow64\lod1.vbs <br/>2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll <br/>2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll <br/>2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll <br/>2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll <br/>2012-12-10 18:58:06 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys <br/>2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll <br/>2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll <br/>2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll <br/>2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll <br/>2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs <br/>2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs <br/>2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs <br/>2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs <br/>2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs <br/>2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs <br/>2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs <br/>2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs <br/>2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs <br/>2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs <br/>2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs <br/>2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs <br/>2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs <br/>2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs <br/>2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll <br/>2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll <br/>2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll <br/>2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll <br/>2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll <br/>2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll <br/>2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe <br/>2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll <br/>2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll <br/>2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll <br/>2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll <br/>2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe <br/>2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll <br/>2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll <br/>2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll <br/>2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll <br/>. <br/>============= FINISH: 21:06:40.11 ===============
Posted 2/18/2013 4:54 AM
#95111
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there, <br/> <br/>Here is what you need to do: <br/> <br/>1. Reboot your computer in Safe Mode with Networking by pressing F8 (or F5 on some computers) before Windows starts (before the Windows logo appears) and choosing Safe Mode with Networking from the following screen. <br/> <br/>2. Download the Combofix tool from [url= http://download.bleepingcomputer.com/sUBs/ComboFix.exe]here[/url]. <br/>Note: Do not mouse click ComboFix's window while it is running. That may cause it to stall. <br/>When finished, it will produce a log for you. The log is automatically saved on C:\ and is named Combofix.txt. <br/> <br/>3. Restart in Normal Mode and post the log. <br/> <br/>Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 2/18/2013 8:40 AM
#95112
User avatar

IgorS Member

Date Joined Nov 2016
Total Posts: 7
Its a detail information I found here.
Posted 2/18/2013 4:10 PM
#95113
User avatar

designtech Member

Date Joined Nov 2016
Total Posts: 4
Good morning; <br/> <br/>When I start the computer in Safe Mode, I don't have access to email or facebook, etc. No way could I pull up this page to download your recommended program. <br/> <br/>What's next?
Posted 2/19/2013 2:56 AM
#95114
User avatar

designtech Member

Date Joined Nov 2016
Total Posts: 4
Say, Fellows. <br/>I appreciate your help in getting rid of the ad files popping up at just about every third click! <br/>I am just about to hit 62 and didn't follow the exact instructions for starting in "Safe Mode" - I forgot the networking option. After getting that right I downloaded the combofix file and it brought up a warning that I had a virus checking program still scanning the PC. So, I went and uninstalled it. I still got a warning box but this time it said I would be running the exe file at my own risk. Well, I clicked on the "X" and guess what? Yep it started the combofix program. But it all seems to be free of the stupid pop-up ads that have been plaguing me. <br/> <br/>Thanks Again and I will be recommending BullGuard to my friends! <br/>Steven E. Wells <br/> <br/>PS: Tried to upload your log file and got a msg saying I could not use MIME.....
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 12:59 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.