Jump to content


Photo
- - - - -

Cant get rid of Nav-links


  • This topic is locked This topic is locked
14 replies to this topic

#1 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 28 August 2013 - 07:31 PM

My browser IE is infected with Nav-Links.com spyware/adware, whatever it is. Its very annoying. Ive tried and searched for ways to get rid of it, and found nothing that helped.  Im told it may have been installed with the latest  Flash update. I cannot find anything even closely related to it in the listed browser add ons, or in my programs list. can anybody help end this nightmare? Id be gratefull.



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 August 2013 - 08:10 AM

Hello Shelz! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 29 August 2013 - 01:44 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.25.2
Run by Shelley at 13:34:44 on 2013-08-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8040.5915 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\jmesoft\ServiceLoader.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\AOL\1318235837\ee\aolsoftware.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Shelley\Downloads\FixMouseLMB.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: <No Name>: {7C5D7930-FACC-4A25-AE26-51DDA83F3D75} - C:\Program Files (x86)\CoolLyrics\coolrcs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: YRefresher: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll
TB: YRefresher: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1318235837\ee\AOLSoftware.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.








TCP: NameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{FB7A7826-D2D7-4355-9C69-FA45D8D83D7B} : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\8heaag8n.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google


FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-10-10 04:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-8-13 57952]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-8-13 20832]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-10-1 45856]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-8-13 13408]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-3 701512]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-2-29 104960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-13 2655768]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\System32\drivers\ArcSoftKsUFilter.sys [2012-2-29 19968]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-8-13 57856]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-3 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe --> C:\Windows\jmesoft\Service.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\System32\drivers\lgandbus64.sys [2010-12-7 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\System32\drivers\lganddiag64.sys [2010-12-7 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\System32\drivers\lgandgps64.sys [2010-12-7 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\System32\drivers\lgandmodem64.sys [2010-12-7 34304]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 DCamUSBNovatek;USB2.0 UVC Camera;C:\windows\System32\drivers\nvtcam.sys [2010-7-14 2746624]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-26 1432400]
S3 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-30 339776]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-10 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~3\Office10\FRONTPG.EXE
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-08-26 02:53:16 58096 ----a-w- C:\Users\Shelley\crap cleaner registry backup 8-25-13_20130825_215238.reg
2013-08-11 13:02:23 -------- d-----w- C:\Program Files (x86)\SnowFox Software
.
==================== Find3M  ====================
.
2013-08-23 23:52:15 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-23 23:52:15 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-29 10:42:30 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2013-07-20 06:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-07-04 01:51:38 10285040 ----a-w- C:\Users\Shelley\mbam-setup-1.75.0.1300.exe
2013-07-03 18:04:35 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 18:04:35 867240 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2013-07-03 18:04:35 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-03 18:02:55 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-07-03 18:02:55 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-07-03 18:02:55 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-06-29 15:19:21 12872 ----a-w- C:\windows\System32\bootdelete.exe
2013-06-29 00:24:00 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2013-06-18 21:15:50 43216 ----a-w- C:\windows\System32\cmdcsr.dll
2013-06-13 21:34:16 451096 ----a-w- C:\windows\System32\drivers\vsdatant.sys
.
============= FINISH: 13:37:00.07 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2011 3:26:30 AM
System Uptime: 8/29/2013 4:58:10 AM (9 hours ago)
.
Motherboard: LENOVO |  | To be filled by O.E.M.
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 655.76 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\8&167055AC&0&0000
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\8&167055AC&0&0000
Service: mouhid
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
==== System Restore Points ===================
.
RP152: 8/7/2013 6:41:16 AM - Scheduled Checkpoint
RP153: 8/14/2013 12:48:26 PM - Scheduled Checkpoint
RP154: 8/22/2013 5:59:24 AM - Scheduled Checkpoint
RP155: 8/29/2013 6:57:07 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
3D Snowy Cottage Full Screen Saver
3D Spooky Halloween Screensaver 1.0
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
AIM 7
AM-DeadLink 3.3
Amigabit Disk Defrag 1.0.0
Animated Screensaver Maker
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft Panorama Maker 6
ArcSoft ShowBiz
ArcSoft WebCam Companion 3
Ashampoo Burning Studio 11 v.11.0.2
Ashampoo Photo Optimizer 3 v.3.13
Ashampoo Photo Optimizer 4 v.4.0.3
Audacity 1.3.14 (Unicode)
Autodesk Inventor 2013 Quick Uninstaller
Autodesk Inventor Professional 2013
Autodesk Inventor Professional 2013 English
Autodesk Inventor Professional 2013 English Language Pack
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Low Resolution Image Library 2013
Autodesk Sync
AVG 2013
Backcountry Gallery Screen Saver
Batch Picture Resizer 4.0
BitPim 1.0.7
Bonjour
Bucksbee Loyalty Plugin 100815.b for Chrome
BufferChm
C309g-m
CCleaner
CDRWIN 8
Clean Disk Security 7.94
ConvertXtoDVD 4.1.19.365
D3DX10
Decoder
Defraggler
DesignPro 5
Destinations
DeviceDiscovery
DVDFab 8.1.2.8 (15/10/2011) Qt Beta
Eco Materials Adviser for Autodesk Inventor 2013
Elf Bowling The Last Insult
eReg
FastStone Capture 6.2
FastStone Photo Resizer 3.1
FlashFXP v3
Flickr Uploadr 3.2.1
Flixster Collections
FormatFactory 2.95
FVD Suite 2.6.9
Genesys USB Mass Storage Device
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Halloween Screensaver Full
Hewlett-Packard ACLM.NET v1.1.0.0
HP Button Manager
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HP Webcam User's Guide
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Image Resizer Powertoy Clone for Windows (64 bit)
IncrediMail
IncrediMail 2.0
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Junk Mail filter update
Lenovo Driver and Application Installation
Lenovo Dynamic Brightness System
Lenovo EE Boot Optimizer
Lenovo Eye Distance System
Lenovo Power2Go
Lenovo Rescue System
Lenovo Tinian Fn PS/2 Keyboard Driver
LG United Mobile Drivers
Living 3D Dinosaurs Full Screen Saver
Living 3D Dolphins Full Screen Saver
Living Snow Globes Full Screen Saver
Logitech MouseWare 9.79.1
Logitech SetPoint 6.52
LVT
Magic DVD Copier V7.1.1
MailWasherPro
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 8.0.1 (x86 en-US)
MP4 To MP3 Converter V3.0.4
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
Music NFO Builder v1.20
Music NFO Builder version 1.21a
My 3D Christmas Tree Full Screen Saver
Network64
Nikon Message Center 2
Nikon Movie Editor
NirSoft IE PassView
ooVoo
Opera 12.14
Pando
PDF Editor
Photo Notifier and Animation Creator
PhotoMail Maker
PhotoScape
Picasa 3
Picture Collage Maker 3.2.8
Picture Control Utility x64
PostAssistant v009
PS_AIO_06_C309g-m_SW_Min
Quicken Basic 99
QuickTime
QuickTransfer
RAR Password Unlocker 4.2.0.0
Realtek High Definition Audio Driver
Scan
Scrabble3D
SeaStorm 3D Screensaver 1.5
Shape Shifter
Shop for HP Supplies
Simpo PDF to Word
Skype™ 6.6
SmartWebPrinting
SnowFox Total Video Converter 3.3.1.0
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Switch Sound File Converter
Ten Pin Championship Bowling Pro
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
VBA (2627.01)
VC 9.0 Runtime
ViewNX 2
Viewpoint Media Player
Visual Business Cards 4
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Weatheradio Software
WebReg
Webshots Desktop
WinAVI Video Converter 9.0
Window Washer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Winter 3D Screensaver 1.0
WinZip 15.0
Wireless-N Home Surveillance Camera
Yahoo! Toolbar
Your Uninstaller! 7
Yrefresher 1.10
YTD Video Downloader 3.9
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
8/29/2013 4:59:33 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/29/2013 4:59:03 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/29/2013 4:59:03 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/29/2013 4:58:43 AM, Error: Service Control Manager [7000]  - The Secure II Driver service failed to start due to the following error:  This driver has been blocked from loading
8/29/2013 4:58:43 AM, Error: Service Control Manager [7000]  - The JME Keyboard Driver service failed to start due to the following error:  The system cannot find the file specified.
8/29/2013 4:58:43 AM, Error: Application Popup [1060]  - \??\C:\windows\SysWow64\Drivers\LxrSII1d.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/28/2013 10:07:07 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB7A7826-D2D7-4355-9C69-FA45D8D83D7B}. The master browser is stopping or an election is being forced.
8/26/2013 5:10:02 AM, Error: LEqdUsb [12289]  - WDF call failed.
.
==== End Of File ===========================

 



#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 August 2013 - 09:00 AM

Step 1

I notice that you are using more than one antivirus program.
  • AVG 2013
  • ZoneAlarm Antivirus
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. I recommend you to uninstall: ZoneAlarm Antivirus .

Also, uninstall Viewpoint Media Player and then reboot your system.


Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 30 August 2013 - 08:19 PM

The AVG Virus Scanner is actually only a partial install. I uninstalled it awhile back but kept the web scanner...the only part of it that is installed right now is the web browsing/web link scanner.....would that make a difference? I kept the ZA virus scanner instead of AVG, as it seemed to find viruses that AVG didnt. Also the viewpoint media player is part of my aol software...it is used for all the different themes & wallpapers within aol.When I delete the viewpoint player, none of the themes work.



#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 31 August 2013 - 10:02 AM

Okay, make sure you know about that: Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 31 August 2013 - 03:09 PM

I have had junkware programs remove viewpoint before, and when they do, my aol themes are gone and do not work. So I always have to install it again. So what do I do now about the nav links?



#8 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 31 August 2013 - 03:33 PM

Attached File  AdwCleanerS0.txt   2.7KB   3 downloads

Attached File  JRT.txt   7.03KB   5 downloads

 

 

 

 

 I wanted to show this from aol viewpoint

 

Attached File  2013-08-31_152553.jpg   57.77KB   0 downloads



#9 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 31 August 2013 - 03:42 PM

Results from MBAM

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database

version: v2013.08.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shelley :: SHELLEY-PC [administrator]

Protection: Enabled

8/31/2013 3:34:30 PM
mbam-log-2013-08-31 (15-34-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 257459
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 31 August 2013 - 05:22 PM

If you are okay with information I send you, you could install it again.

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 01 September 2013 - 07:51 AM

Things seem to be better now, So far I havent seen an instance of the nav=links,,,,but it was sometimes intermittant. I guess we shall see.

Thank you so much



#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 September 2013 - 12:30 PM

but it was sometimes intermittant


What exactly? Viewpoint or something else?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 Shelz

Shelz

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 03 September 2013 - 01:52 PM

Not the viewpoint, I didnt have a problem with that. Like I said previously, that is actually part of my AOL software for themes. The problem was with the Nav-links that was showing up on web pages in IE, and also other types of ads, were intermittent problem....but they were a problem more often then not. So far I havent seen the ads and nav links for awhile now, so maybe they are gone....I sure hope so. Maybe the ADwcleaner got rid of it all.....I know MBAM was not finding any problems at any time on my computer.



#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 September 2013 - 02:34 AM

Awesome! :)

Step 1
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 07 September 2013 - 08:22 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users