Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Possible virus affecting Word 2007

This is a discussion on Possible virus affecting Word 2007 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey folks, I'm having a problem with Microsoft Word 2007. My system is Windows 7 Ultimate with SP1. yesterday I


 
 
Thread Tools Search this Thread
Old 10-26-2013, 05:34 AM   #1
Registered Member
 
Join Date: Jul 2013
Posts: 18
OS: Windows 7



Hey folks,

I'm having a problem with Microsoft Word 2007.

My system is Windows 7 Ultimate with SP1.

yesterday I was working on my laptop in an Internet cafe and emailed a document to myself through Gmail. When I opened the word document on my desktop later that day word went insane. Here's what is happening:

1. None of my word documents identify as word documents anymore (they no longer have the word icon, although they will open in word).

2. When i attempt to close a word document i receive the msg: "this feature requires MSXML 5.0 to be properly installed). This is followed by an error msg ending in Normal.dotm and a prompt to save a file in "Templates" called "Normal".

3. Any attempt to save a new document prompts me to save it with "1" at the end. So for instance, if I tried to save a file called "Wilbur", the window would close and a new save window opens prompting me to save "Wilbur1".

I have run my anti-virus software several times (avast!) to see if it is a virus. No luck. I have taken steps to delete the "Normal" file in templates, no luck.

I think it may be a macro virus.

Any ideas?

Thanks,

J

p.s. I do not have access at present to a boot CD.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720
Run by Joel at 0:21:04 on 2013-10-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3583.1464 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-25&ent=hp&u=408094F00C64E7A60A04D6526AE0D963
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
uRun: [Google Update] "c:\users\joel\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Search Protection] c:\programdata\search protection\SearchProtection.exe
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareTray.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 200.1.104.36 200.1.104.35
TCP: Interfaces\{5839BC8C-4A06-492E-A0EE-F1687D405608} : DHCPNameServer = 200.1.104.36 200.1.104.35
Filter: text/xml - <Clsid value has no data>
Handler: belarc - <Clsid value has no data>
Handler: grooveLocalGWS - <Clsid value has no data>
Handler: livecall - <Clsid value has no data>
Handler: ms-help - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
AppInit_DLLs= c:\progra~1\nvidia~1\nvstre~1\rxinput.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-9 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-9 369584]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2012-12-14 25488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-9 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-9 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-28 46808]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 497744]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2013-1-24 27760]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-26 40776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-7-30 34592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-9 1806448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-11 1343400]
.
=============== Created Last 30 ================
.
2013-10-26 04:17:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-26 04:16:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-26 04:16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-25 21:50:12 -------- d-----w- c:\users\joel\appdata\roaming\LavasoftStatistics
2013-10-25 21:21:42 -------- d-----w- c:\programdata\Search Protection
2013-10-25 21:21:42 -------- d-----w- c:\programdata\blekko toolbars
2013-10-25 21:21:41 -------- d-----w- c:\users\joel\appdata\local\adawarebp
2013-10-25 21:21:35 -------- d-----w- c:\program files\Toolbar Cleaner
2013-10-25 21:21:31 -------- d-----w- c:\users\joel\appdata\roaming\SecureSearch
2013-10-25 21:20:08 -------- d-----w- c:\program files\common files\Lavasoft
2013-10-25 21:01:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3dcd427f-beef-490f-98c4-d403e2ed152e}\offreg.dll
2013-10-25 20:55:25 -------- d-----w- c:\users\joel\appdata\roaming\Wise Registry Cleaner
2013-10-25 20:55:01 -------- d-----w- c:\program files\Wise
2013-10-23 10:43:41 -------- d-----w- c:\program files\Snail Games USA
2013-10-22 22:51:03 -------- d-----w- c:\program files\common files\WuShu_0.0.1.065
2013-10-22 22:51:01 -------- d-----w- c:\program files\common files\AgeofWushu_download
2013-10-20 22:04:00 -------- d-----w- c:\programdata\RELOADED
2013-10-20 21:58:33 -------- d-----w- c:\program files\Torchlight 2.v 1.25.5.2 + 1 DLC
2013-10-16 21:46:59 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 21:46:59 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 21:46:58 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 21:46:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 21:46:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 21:46:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 21:46:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-11 02:25:14 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-11 02:25:11 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-11 02:25:11 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-11 02:24:57 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 02:24:54 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 02:24:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-11 02:24:48 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-11 02:24:48 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-11 02:24:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-11 02:24:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-11 02:24:44 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-11 02:24:30 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-11 02:24:25 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-11 02:24:25 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-11 02:24:25 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
.
==================== Find3M ====================
.
2013-10-09 01:58:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 01:58:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-15 09:27:04 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 0:21:48.13 ===============
Attached Files
File Type: zip attach.zip (9.0 KB, 5 views)

__________________
Jo-El is offline  
Old 10-30-2013, 06:51 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,647
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have three antivirus programs installed, Ad-Watch, avast!, and ZoneAlarm.

Even though Ad-Watch and ZoneAlarm aren't running, they can still conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel, then reboot your computer.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Search Assistant WebSearch 1.74<<Please read this

----------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Search Protect by conduit<<Please read this

Also delete the following Folders if they still exist:

C:\Program Files\SearchProtect
C:\ProgramData\Search Protection

------------------------------------------------------

I see you have Weatherbug installed on your system. This application is not spyware but is ad-supported, containing both banner and pop-up ads. Please read here

Although this is entirely up to you, we recommend uninstalling it and downloading an ad-free alternative from here

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-30-2013, 07:44 AM   #3
Registered Member
 
Join Date: Jul 2013
Posts: 18
OS: Windows 7



It appears that you have three antivirus programs installed, Ad-Watch, avast!, and ZoneAlarm.

Even though Ad-Watch and ZoneAlarm aren't running, they can still conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel, then reboot your computer.

I couldn't find Ad-Watch or ZoneAlarm on my system.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Search Assistant WebSearch 1.74<<Please read this

Doesn't seem to exist.
----------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Search Protect by conduit<<Please read this

Also delete the following Folders if they still exist:

C:\Program Files\SearchProtect
C:\ProgramData\Search Protection

Doesn't seem to exist.

------------------------------------------------------

I see you have Weatherbug installed on your system. This application is not spyware but is ad-supported, containing both banner and pop-up ads. Please read here

Although this is entirely up to you, we recommend uninstalling it and downloading an ad-free alternative from here

Doesn't seem to exist on my system.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------[/QUOTE]

# AdwCleaner v3.010 - Report created 30/10/2013 at 10:34:42
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Joel - JOEL-PC
# Running from : C:\Users\Joel\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Users\Joel\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\zg2zehxj.default\adawaretb
File Deleted : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\zg2zehxj.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\zg2zehxj.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2467 octets] - [30/10/2013 10:33:22]
AdwCleaner[S0].txt - [2440 octets] - [30/10/2013 10:34:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2500 octets] ##########
__________________
Jo-El is offline  
Old 10-30-2013, 09:09 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,647
OS: XP SP3; Win7 32/64-bit



Hello Jo-El. Sorry, I was looking at the wrong log. You do have remnants of Ad-Watch still running on your machine.

------------------------------------------------------

Advanced SystemCare6
CCleaner
Wise Registry Cleaner 7.88


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling Advanced SystemCare6 and Wise Registry Cleaner 7.88via Programs and Features in your Control Panel.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-30-2013, 09:42 PM   #5
Registered Member
 
Join Date: Jul 2013
Posts: 18
OS: Windows 7



Chemist,

Here is the Combo log.

ComboFix 13-10-30.01 - Joel 10/31/2013 0:23.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3583.2930 [GMT -4:00]
Running from: c:\users\Joel\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joel\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-31 )))))))))))))))))))))))))))))))
.
.
2013-10-31 04:31 . 2013-10-31 04:34 -------- d-----w- c:\users\Joel\AppData\Local\temp
2013-10-31 04:31 . 2013-10-31 04:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-30 20:21 . 2013-10-30 20:21 -------- d-----w- c:\users\Joel\AppData\Roaming\Apple Computer
2013-10-30 14:39 . 2013-10-31 04:34 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCD427F-BEEF-490F-98C4-D403E2ED152E}\offreg.dll
2013-10-30 14:32 . 2013-10-30 14:35 -------- d-----w- C:\AdwCleaner
2013-10-27 14:42 . 2013-10-31 02:30 -------- d-----w- c:\program files\World of Warcraft
2013-10-26 12:39 . 2013-10-26 15:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-26 12:38 . 2013-10-26 12:38 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-26 04:16 . 2013-10-26 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-26 04:16 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-25 21:50 . 2013-10-25 21:50 -------- d-----w- c:\users\Joel\AppData\Roaming\Lavasoft
2013-10-25 21:21 . 2013-10-25 21:21 -------- d-----w- c:\users\Joel\AppData\Local\adawarebp
2013-10-25 21:21 . 2013-10-25 21:21 -------- d-----w- c:\users\Joel\AppData\Roaming\SecureSearch
2013-10-25 21:20 . 2013-10-25 21:20 -------- d-----w- c:\program files\Common Files\Lavasoft
2013-10-25 21:19 . 2013-10-25 21:19 -------- d-----w- c:\programdata\Lavasoft
2013-10-23 10:43 . 2013-10-23 10:43 -------- d-----w- c:\program files\Snail Games USA
2013-10-22 22:51 . 2013-10-23 00:53 -------- d-----w- c:\program files\Common Files\WuShu_0.0.1.065
2013-10-22 22:51 . 2013-10-22 22:51 -------- d-----w- c:\program files\Common Files\AgeofWushu_download
2013-10-20 22:04 . 2013-10-20 22:04 -------- d-----w- c:\programdata\RELOADED
2013-10-20 21:58 . 2013-10-21 20:13 -------- d-----w- c:\program files\Torchlight 2.v 1.25.5.2 + 1 DLC
2013-10-16 21:46 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 21:46 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 21:46 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 21:46 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 21:46 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 21:46 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 21:46 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-11 02:25 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-11 02:25 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-11 02:25 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-11 02:24 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 02:24 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 02:24 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-11 02:24 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-11 02:24 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-11 02:24 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-11 02:24 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-11 02:24 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-11 02:24 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-11 02:24 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-11 02:24 . 2012-11-28 22:57 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-11 02:24 . 2012-11-28 22:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 01:58 . 2012-09-20 18:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 01:58 . 2012-03-06 13:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 09:27 . 2013-01-15 09:27 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-18 2162008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-09-27 18:46 559696 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 16:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R0 mpxaat;mpxaat;c:\windows\System32\drivers\caku.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 497744]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-06-15 27760]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-05-14 34592]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-06-15 1806448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 01:58]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 23:34]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 23:34]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115836282-1761667776-2708679875-1000Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 23:34]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115836282-1761667776-2708679875-1000UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 23:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_6&idate=2013-10-25&ent=hp&u=408094F00C64E7A60A04D6526AE0D963
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 200.1.104.36 200.1.104.35
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-GizmoDriveDelegate - c:\program files\Gizmo\gizmo.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6e,b9,e1,21,f8,47,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,30,ff,b2,e7,f1,6c,47,89,49,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,30,ff,b2,e7,f1,6c,47,89,49,a1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2792)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-10-31 00:39:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-31 04:39
.
Pre-Run: 7,444,021,248 bytes free
Post-Run: 7,280,009,216 bytes free
.
- - End Of File - - 650CBEE8859C9D90A455536E7FA629B7
A36C5E4F47E84449FF07ED3517B43A31
__________________
Jo-El is offline  
Old 10-31-2013, 04:17 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,647
OS: XP SP3; Win7 32/64-bit



Hello again, Jo-El. How is the machine behaving?

------------------------------------------------------

Please uninstall Ad-Aware via Programs and Features in your Control Panel:

Quote:
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Reboot once done.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-08-2013, 07:45 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,647
OS: XP SP3; Win7 32/64-bit



Still with us, Jo-El?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-08-2013, 01:00 PM   #8
Registered Member
 
Join Date: Jul 2013
Posts: 18
OS: Windows 7



Chemist,

Apologies for not replying sooner. I handed my machine over to my tech guy to upgrade the hard drive and reinstall the operating system. As of the last scans the problem with Microsoft Word have not been rectified.
__________________
Jo-El is offline  
Old 11-08-2013, 01:07 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,647
OS: XP SP3; Win7 32/64-bit



Thanks for letting us know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-08-2013, 01:17 PM   #10
Registered Member
 
Join Date: Jul 2013
Posts: 18
OS: Windows 7



Thanks for the assistance. You guys provide an awesome online resource.

__________________
Jo-El is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD a few minutes after startup
Hello forum: For a while now (almost 3 weeks) I've constantly been experiencing a BSOD only a few minutes after startup. The BSOD is of type 7F with first argument 0x00000008. One thing I've noticed is that the computer only crashes if the network is enabled. If I disable the wireless assistant,...
rohanb BSOD, App Crashes And Hangs 1 06-17-2012 03:23 PM
Virus Spyware Removal Help
Google Redirect Virus I have access to installation CD's. I am a computer teacher, and have experience with spyware/virus removal, but this one is a tough. Thanks in advance. --------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24...
robla64 Resolved HJT Threads 21 02-28-2012 10:14 AM
Help with Coupon Bar??
My wife's lap top is an ASUS and recently after looking for coupons online it started to run extremely slow. We have Trend Mirco installed, but it found nothing. I then tried SPYBot and a few other tools to try to find out was causing the problems. SPYBOT found 11 registry errors caused by Coupon...
wwreith Inactive Malware Help Topics 19 08-10-2011 12:37 AM
Unknown threat...
Yesterday i've searched for a cooking recipe on a russian website and when i clicked on a link that Google showed me as a search result i found out that my antivirus (Avira) found something like JAVA/Exdoer.BV then antivirus sent it to quarantine and deleted. When i closed and reenter Firefox i...
Alonzo Resolved HJT Threads 24 06-18-2011 12:22 PM
Bsod xp 64
My system specs are: Windows XP x64 service pack 2 AMD athlon dual core 5200+ 2.6 GHZ Nvidia 260 gtx 4 GB ram nforce 570 SLI motherboard I have been having BSOD occur during gaming while the computer was idling and during internet surfing. Internet surfing/ dling driver updates:
Randy22 Windows XP Support 16 02-22-2011 08:11 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:39 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts