computer freeze

jonbutch · November 14, 2013

My computer freezes up every once in a while.

flashh4 · November 14, 2013

Howdy Jo and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the Clean button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

NEXT

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

NEXT

MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

    * Then click Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.

Please don't attach the scans / logs, use "copy/paste".

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

Thanks
Chuck

Run these as time permits you !

Each program will produce a log & i will need you to copy & paste it here into your topic !!

jonbutch · November 14, 2013

# AdwCleaner v3.012 - Report created 14/11/2013 at 06:18:10

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : JoAn - JOAN-PC

# Running from : C:\Users\JoAn\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Zynga

Folder Deleted : C:\Users\JoAn\AppData\Local\Conduit

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\Zynga

File Deleted : C:\END

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT243872

jonbutch · November 14, 2013

unkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x86

Ran by JoAn on Thu 11/14/2013 at 6:30:20.20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4529C960-5E21-4B6F-802A-08CC67043474}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B4D34AE6-138D-4EDA-B003-CC968F3E14F6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\JoAn\appdata\local\cre"

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{02D13854-C28D-450F-9DEC-D3510DF9F317}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{053B9556-130F-46B2-A94B-73F21D72E199}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{108218FD-9D0A-45C6-AC85-9B93AC07B6E9}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{13142F40-12BE-4BB1-9BE3-911C86A91463}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{154DCBCA-0D9D-4371-98E0-706C63A43BAB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{1F30D05F-6E23-4147-BB29-8B63164BAFFF}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{20C6C53C-3F1D-41EC-86C0-309FE20BC0B0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{32BB2673-9D65-4791-B8DF-416C1B37FB47}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3568F696-3A9E-4302-85A1-02FD77CAF03C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{38631EF5-2802-427D-8721-027E01BFE326}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3A4B9FCD-C1DF-4099-BC63-DF6060600C9E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C5A8F06-9D87-423C-8BBB-95FC00FD7F50}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C80469B-3925-493F-8D45-53BF1AEA6253}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3F5DF6AB-2016-4BF6-BCCA-38D8115657A6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{43609A0C-B866-4018-9E30-7BD7DA97BC39}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{52034484-0B1D-425F-88AB-82589F172A7D}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{59E51816-6347-47E8-A46F-8028CE5DCABB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5BB34597-9C49-4A72-BBE7-ADBD557FB2E6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5DBD5D01-6CF7-44F3-B9B0-D4E29CAF5E3E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{615DDFDA-0542-446D-9E53-02EA45729562}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6206BDE6-C4F0-4CD1-A990-16B5FB0E9B3B}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{626D93D0-47A5-4B0B-B8BF-87CACB2C01EF}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{64CD6248-1A34-4E4E-97D8-B37CF276EC1E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{670A5B4D-DD68-461B-9BAA-20C9E0D6809E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{676BC263-A013-4FBE-8ACF-2D90FD64F9CC}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{685535F2-9D2F-44FC-A6E6-52B0966ED2C7}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6DDF1C74-083C-418D-B5D8-B0423EAF85E4}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{72AD51B9-7579-4672-8748-3C42816865A0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7BE5D585-0BB3-4FD8-B710-ED8711B546D0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7D10E315-187C-441B-A548-EAB702CA9C1F}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8BBACCF1-6096-4BC2-BCAD-6799ED19811C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8CDC8783-A7D3-44E6-9055-E58644919653}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{901F6FDE-6AAF-475E-822D-BB1E28B3DE83}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9222C060-3A70-47DE-A902-3D15C5AF085A}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{92BB9E7C-BE19-4FED-817B-AE86F990D93C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{97E83BC3-17FC-487E-A0F3-7A39B65FF401}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9815BB70-F05C-47E0-9AC2-AD2B3CC42EA9}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{ABC3FC02-4097-4BE3-8FDB-CEAAF12D810F}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{B3074EE4-3397-42F0-B5E5-DE40450A8C98}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BD8C27A4-45F5-4056-8500-C393DDCC83A5}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BF4E6D1D-04FF-43FF-A62F-57FB65D31C80}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C0765A32-6FFF-41DA-BA0A-013571618413}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C1D6C0C1-8AD6-4E5D-80C1-1BA30AC42EAB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C9B82883-040C-4FD5-B455-18E246200E4D}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{D2ED1257-9C60-4A3A-AFDF-27E13AFFE525}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{DD0D9345-851D-47E4-84BA-3AB1D6DD7675}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E0FBDB52-5FEC-4863-B3C8-6EF156168A69}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E1181BAA-AA1F-45B2-8DA5-7044E99E61DC}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E16E9F6C-D391-4670-B3CE-74372B35CBC6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E9A7C4DF-F46B-4BB4-96D3-9FDF912ABEEE}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{EE153A69-0A29-4B16-AFB2-64DD4F608D8C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{F3C06A47-DFF3-4A38-8C6C-8E97D69F619E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{FBCAE21E-ECFD-4D5E-ADF8-2C7987B7AE9A}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 11/14/2013 at 6:32:58.96

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

flashh4 · November 14, 2013

Jo, looking good, we are removing a bunch of junk !!

Chuck

flashh4 · November 14, 2013

Jo, do not remove these tools/programs we may have to run 1 again ! That way it's already installed. We will remove them when we are threw with the cleaning !

Chuck

jonbutch · November 14, 2013

013/11/14 06:37:50 -0700 JOAN-PC JoAn MESSAGE Executing scheduled update: Daily

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting protection

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Protection started successfully

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting IP protection

2013/11/14 06:38:15 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Starting database refresh

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Stopping IP protection

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.11.14.05

2013/11/14 06:39:49 -0700 JOAN-PC JoAn MESSAGE IP Protection stopped successfully

2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Database refreshed successfully

2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Starting IP protection

2013/11/14 06:39:55 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting protection

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Protection started successfully

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting IP protection

2013/11/14 06:50:16 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

Thank you so much. Is this the last one?

jonbutch · November 14, 2013

warebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.14.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16736

JoAn :: JOAN-PC [administrator]

Protection: Enabled

11/14/2013 6:40:25 AM

mbam-log-2013-11-14 (06-40-25).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 197496

Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 8

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RKEANGH.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RMKWVIY.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RRPC3GZ.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

(end)

jonbutch · November 14, 2013

Thank you.

flashh4 · November 14, 2013

Jo, we have more cleaning to do !! I will let ya know when we have you all clean !

Download DDS and save it to your Desktop. >>> DDS

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

NEXT

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

NEXT

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

Post Next:
1. DDS logs (2)
2. Security Check log
3. RogueKiller log

Thanks
Chuck

jonbutch · November 14, 2013

DS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by JoAn at 7:05:18 on 2013-11-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3067.1838 [GMT -7:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\dllhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\msdtc.exe

C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

jonbutch · November 14, 2013

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/20/2010 7:06:34 AM

System Uptime: 11/14/2013 6:49:42 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0T808J

Processor: Intel® Core2 Duo CPU P7570 @ 2.26GHz | U2E1 | 2267/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 176.262 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP270: 10/19/2013 9:39:10 AM - Scheduled Checkpoint

RP271: 10/27/2013 6:35:47 AM - Scheduled Checkpoint

RP272: 11/3/2013 7:29:17 AM - Scheduled Checkpoint

RP273: 11/10/2013 8:48:19 AM - Scheduled Checkpoint

RP274: 11/12/2013 5:12:44 AM - Installed Java 7 Update 45

RP275: 11/14/2013 3:00:37 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.8)

ArcSoft WebCam Companion 3

AXIS Media Control Embedded

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Dell Support Center

Dell Touchpad

Dell Wireless WLAN Card Utility

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Java 7 Update 45

Java Auto Updater

Java 6 Update 37

Junk Mail filter update

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MiFi4510 Mobile Broadband Drivers

Mobile Broadband Generic Drivers

MSVCRT

NETGEAR Genie

Norton 360

Norton Internet Security

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PowerDVD DX

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

Simple Start Online Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

jonbutch · November 14, 2013

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 37

Java 7 Update 45

Adobe Reader 10.1.8 Adobe Reader out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.48

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

flashh4 · November 14, 2013

Jo,i see you have Norton installed, are you using Norton for your antivirus ??

I need you to go to add/control panel uninstall Javaâ„¢ 6 Update 37 !!

We will make sure all is up to date when done !

Chuck

jonbutch · November 14, 2013

ogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : JoAn [Admin rights]

Mode : Scan -- Date : 11/14/2013 07:25:10

| ARK || FAK || MBR |

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Scheduled tasks : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Startup Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Particular Files / Folders: Â¤Â¤Â¤

Â¤Â¤Â¤ Driver : [LOADED] Â¤Â¤Â¤

[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)

[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)

[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)

[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)

[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)

[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)

[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)

[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)

[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)

[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)

[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)

[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)

[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)

[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)

[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)

[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)

[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)

[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)

[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)

[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)

[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)

[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)

[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)

[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)

[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)

[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)

[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)

[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)

[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)

[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)

[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)

[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)

[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)

[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)

[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)

[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)

[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)

[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)

[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)

jonbutch · November 14, 2013

ok I uninstalled it

jonbutch · November 14, 2013

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 45

Adobe Reader 10.1.8 Adobe Reader out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.48

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

jonbutch · November 14, 2013

ogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : JoAn [Admin rights]

Mode : Remove -- Date : 11/14/2013 07:31:15