Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm being Keylogged - Emails hacked into multiple times.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Dark Noel

Dark Noel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 22 April 2013 - 01:37 PM

My emails have been hacked into multiple times now. Normally from the same location. I've changed my password several times, created recovery questions and everything, but whoever it was still managed to get through. I have proof I've been hacked by my mail sign in location log. I think someone has planted a keylogger. In honesty I don't have an anti-virus software, I'm not sure what to do...

 

Heres the log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.11.2
Run by Austinaj6688 at 14:28:31 on 2013-04-22
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8070.5890 [GMT -4:00]
.
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\windows\system32\dashost.exe
C:\windows\SysWOW64\schtasks.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\SysWOW64\schtasks.exe
C:\windows\system32\dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhostex.exe
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/405
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Savevid Toolbar powered by Search-Results: {13be918c-a6b4-40d3-9b2a-04920e8755ed} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
BHO: DataMngr: {34DEE7AD-47D7-45e9-91FC-3E511083493F} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Savevid Toolbar powered by Search-Results: {13be918c-a6b4-40d3-9b2a-04920e8755ed} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Austinaj6688\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_04BBDA3855B7778D88D7F0C3FC8B719D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\AUSTIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AD4D5FCA-0F9F-4BBB-9EE2-B6991CDE172B} : DHCPNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: DataMngr: {34DEE7AD-47D7-45e9-91FC-3E511083493F} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Austinaj6688\AppData\Roaming\Mozilla\Firefox\Profiles\6mm3ksjo.default\
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Austinaj6688\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-21 12:10; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF - ExtSQL: !HIDDEN! 2013-02-22 11:58; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-8-27 92536]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-1-1 2547816]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-2-22 100864]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-7-19 35232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-27 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-28 682344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe [2013-2-27 144520]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 364416]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-21 968880]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-3-28 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2012-8-27 1951304]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-20 683664]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1403000.024\ccsetx64.sys [2013-2-27 168096]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-25 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130124.001\IDSviA64.sys [2013-1-24 513184]
S3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1403000.024\symds64.sys [2013-2-27 493656]
S3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1403000.024\symefa64.sys [2013-2-27 1139800]
S3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1403000.024\ironx64.sys [2013-2-27 224416]
S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1403000.024\symnets.sys [2013-2-27 432800]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1403000.024\symelam.sys [2013-2-27 23448]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-22 04:44:04    4041728    ----a-w-    C:\windows\System32\win32k.sys
2013-04-22 04:43:56    6991592    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-04-22 04:39:57    375808    ----a-w-    C:\windows\SysWow64\ReAgent.dll
2013-04-22 04:39:57    1011200    ----a-w-    C:\windows\System32\reseteng.dll
2013-04-14 06:14:08    --------    d-----w-    C:\Program Files (x86)\Common Files\McAfee
2013-04-14 06:13:39    --------    d-----w-    C:\Program Files\Common Files\McAfee
2013-04-14 06:13:32    --------    d-----w-    C:\ProgramData\Internet Content Filter
2013-04-12 00:33:36    --------    d-----w-    C:\Users\Austinaj6688\AppData\Roaming\uTorrent
2013-04-07 19:08:05    --------    d-----w-    C:\Program Files (x86)\FreeDocumentsViewer
2013-04-06 18:24:38    --------    d-----w-    C:\ProgramData\Blizzard Entertainment
2013-04-06 18:24:38    --------    d-----w-    C:\Program Files (x86)\World of Warcraft
2013-04-06 18:24:38    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-04-06 18:23:15    --------    d-----w-    C:\ProgramData\Battle.net
2013-03-28 21:46:21    --------    d-----w-    C:\Program Files (x86)\Microsoft XNA
2013-03-28 20:23:07    --------    d-----w-    C:\Users\Austinaj6688\AppData\Roaming\Malwarebytes
2013-03-28 20:22:48    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-03-28 20:22:47    24176    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-03-28 20:22:47    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-28 20:22:40    --------    d-----w-    C:\Users\Austinaj6688\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-04-02 22:08:01    78176    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01    692576    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-21 16:09:31    39768    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2013-03-02 10:57:48    337128    ----a-w-    C:\windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46    77544    ----a-w-    C:\windows\System32\drivers\storahci.sys
2013-03-02 10:57:46    332520    ----a-w-    C:\windows\System32\drivers\storport.sys
2013-03-02 10:57:46    283880    ----a-w-    C:\windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20    148712    ----a-w-    C:\windows\System32\drivers\tpm.sys
2013-03-02 10:45:19    194792    ----a-w-    C:\windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10    125160    ----a-w-    C:\windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39    495336    ----a-w-    C:\windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38    69864    ----a-w-    C:\windows\System32\drivers\pdc.sys
2013-03-02 10:39:32    327912    ----a-w-    C:\windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37    2231528    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36    411880    ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08    34304    ----a-w-    C:\windows\SysWow64\wuapp.exe
2013-03-02 08:23:43    83968    ----a-w-    C:\windows\SysWow64\wudriver.dll
2013-03-02 08:23:43    125952    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30    893952    ----a-w-    C:\windows\SysWow64\winmde.dll
2013-03-02 08:23:30    1338880    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28    601088    ----a-w-    C:\windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28    504320    ----a-w-    C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19    8857088    ----a-w-    C:\windows\SysWow64\twinui.dll
2013-03-02 08:23:19    246784    ----a-w-    C:\windows\SysWow64\ubpm.dll
2013-03-02 08:23:04    356352    ----a-w-    C:\windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04    100864    ----a-w-    C:\windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36    357888    ----a-w-    C:\windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32    5091840    ----a-w-    C:\windows\SysWow64\mstscax.dll
2013-03-02 08:22:18    361984    ----a-w-    C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17    850944    ----a-w-    C:\windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56    550912    ----a-w-    C:\windows\SysWow64\drvstore.dll
2013-03-02 08:21:52    36352    ----a-w-    C:\windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40    309760    ----a-w-    C:\windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39    2033664    ----a-w-    C:\windows\SysWow64\authui.dll
2013-03-02 08:21:32    145408    ----a-w-    C:\windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59    448512    ----a-w-    C:\windows\System32\SettingSync.dll
2013-03-02 02:44:59    128512    ----a-w-    C:\windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:41    455168    ----a-w-    C:\windows\System32\netcfgx.dll
2013-03-02 02:44:41    117248    ----a-w-    C:\windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38    5978624    ----a-w-    C:\windows\System32\mstscax.dll
2013-03-02 02:44:30    468992    ----a-w-    C:\windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29    1048576    ----a-w-    C:\windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08    703488    ----a-w-    C:\windows\System32\drvstore.dll
2013-03-02 02:44:07    150016    ----a-w-    C:\windows\System32\discan.dll
2013-03-02 02:44:05    49152    ----a-w-    C:\windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59    1933312    ----a-w-    C:\windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56    389120    ----a-w-    C:\windows\System32\BCP47Langs.dll
2013-03-02 02:43:55    2302464    ----a-w-    C:\windows\System32\authui.dll
2013-03-02 02:43:51    2146304    ----a-w-    C:\windows\System32\actxprxy.dll
2013-03-02 02:43:50    156160    ----a-w-    C:\windows\System32\powercfg.cpl
2013-03-02 02:15:53    26112    ----a-w-    C:\windows\System32\drivers\mouhid.sys
2013-03-01 04:56:18    30720    ----a-w-    C:\windows\System32\drivers\monitor.sys
2013-02-22 20:34:04    9808    ----a-w-    C:\Users\Austinaj6688\AppData\Roaming\BabMaint.exe
2013-02-21 10:30:16    1766912    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\windows\System32\wininet.dll
2013-02-21 10:15:00    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-02-19 09:53:00    534528    ----a-w-    C:\windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59    39936    ----a-w-    C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40    444416    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:19    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-02-12 00:17:50    20992    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2013-02-07 01:33:01    754176    ----a-w-    C:\windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11    622080    ----a-w-    C:\windows\System32\drivers\srv2.sys
2013-02-05 22:29:09    370688    ----a-w-    C:\windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48    247808    ----a-w-    C:\windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36    215552    ----a-w-    C:\windows\System32\drivers\mrxsmb20.sys
2013-02-02 11:19:44    496872    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44    446184    ----a-w-    C:\windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:33    61672    ----a-w-    C:\windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54    1933544    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54    993512    ----a-w-    C:\windows\System32\drivers\ndis.sys
2013-02-02 09:42:07    2207232    ----a-w-    C:\windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58    375808    ----a-w-    C:\windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55    80896    ----a-w-    C:\windows\SysWow64\tasklist.exe
2013-02-02 08:40:55    79360    ----a-w-    C:\windows\SysWow64\taskkill.exe
2013-02-02 08:40:36    155136    ----a-w-    C:\windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35    370688    ----a-w-    C:\windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27    131072    ----a-w-    C:\windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26    410624    ----a-w-    C:\windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22    197632    ----a-w-    C:\windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22    10792448    ----a-w-    C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:39:59    325632    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-02-02 08:39:47    18432    ----a-w-    C:\windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34    55296    ----a-w-    C:\windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34    15872    ----a-w-    C:\windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34    12288    ----a-w-    C:\windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33    115712    ----a-w-    C:\windows\SysWow64\netprofm.dll
2013-02-02 08:39:15    157696    ----a-w-    C:\windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54    567808    ----a-w-    C:\windows\SysWow64\duser.dll
2013-02-02 08:24:19    107520    ----a-w-    C:\windows\System32\taskkill.exe
2013-02-02 08:24:19    102400    ----a-w-    C:\windows\System32\tasklist.exe
2013-02-02 08:23:44    228352    ----a-w-    C:\windows\System32\XpsRasterService.dll
2013-02-02 08:23:43    475136    ----a-w-    C:\windows\System32\WWanAPI.dll
2013-02-02 08:23:37    611840    ----a-w-    C:\windows\System32\wpd_ci.dll
.
============= FINISH: 14:28:46.09 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 23 April 2013 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
===

Run the DDS tool again and post a fresh log.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 29 April 2013 - 07:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 07 May 2013 - 09:08 AM

Topic reopened.

Please post a fresh DDS log and run the other two tools requested in my first reply.

#5 Dark Noel

Dark Noel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 07 May 2013 - 10:05 AM

Thank you for reopening, I'm going to post seperately for ease of seperation. This one includes DDS/Attach.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.11.2
Run by Austinaj6688 at 10:58:12 on 2013-05-07
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8070.6280 [GMT -4:00]
.
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskhost.exe
C:\windows\system32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Savevid Toolbar powered by Search-Results: {13be918c-a6b4-40d3-9b2a-04920e8755ed} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO: DataMngr: {34DEE7AD-47D7-45e9-91FC-3E511083493F} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll
TB: Savevid Toolbar powered by Search-Results: {13be918c-a6b4-40d3-9b2a-04920e8755ed} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Austinaj6688\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_04BBDA3855B7778D88D7F0C3FC8B719D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\AUSTIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AD4D5FCA-0F9F-4BBB-9EE2-B6991CDE172B} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  C:\PROGRA~3\Wincert\WIN32C~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: DataMngr: {34DEE7AD-47D7-45e9-91FC-3E511083493F} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Austinaj6688\AppData\Roaming\Mozilla\Firefox\Profiles\6mm3ksjo.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Austinaj6688\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Austinaj6688\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: !HIDDEN! 2013-02-22 11:58; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-8-27 92536]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-2-22 100864]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-7-19 35232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-27 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-28 682344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe [2013-2-27 144520]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 364416]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-3-28 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2012-8-27 1951304]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-20 683664]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1403000.024\ccsetx64.sys [2013-2-27 168096]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-25 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130124.001\IDSviA64.sys [2013-1-24 513184]
S3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1403000.024\symds64.sys [2013-2-27 493656]
S3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1403000.024\symefa64.sys [2013-2-27 1139800]
S3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1403000.024\ironx64.sys [2013-2-27 224416]
S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1403000.024\symnets.sys [2013-2-27 432800]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1403000.024\symelam.sys [2013-2-27 23448]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-07 05:19:23    --------    d-----w-    C:\Users\Austinaj6688\AppData\Roaming\PerformerSoft
2013-05-07 05:17:48    304    ----a-w-    C:\windows\DeleteOnReboot.bat
2013-05-07 05:09:09    --------    d--h--w-    C:\windows\AxInstSV
2013-04-25 05:28:55    --------    d-----w-    C:\Users\Austinaj6688\AppData\Local\PMB Files
2013-04-25 05:28:55    --------    d-----w-    C:\ProgramData\PMB Files
2013-04-25 05:27:36    --------    d-----w-    C:\Program Files (x86)\Pando Networks
2013-04-25 05:27:30    --------    d-----w-    C:\Users\Austinaj6688\.swt
2013-04-22 20:57:35    26520    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-22 04:44:04    4041728    ----a-w-    C:\windows\System32\win32k.sys
2013-04-22 04:43:56    6991592    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-04-22 04:39:57    375808    ----a-w-    C:\windows\SysWow64\ReAgent.dll
2013-04-22 04:39:57    1011200    ----a-w-    C:\windows\System32\reseteng.dll
2013-04-14 06:14:08    --------    d-----w-    C:\Program Files (x86)\Common Files\McAfee
2013-04-14 06:13:39    --------    d-----w-    C:\Program Files\Common Files\McAfee
2013-04-14 06:13:32    --------    d-----w-    C:\ProgramData\Internet Content Filter
2013-04-12 00:33:36    --------    d-----w-    C:\Users\Austinaj6688\AppData\Roaming\uTorrent
2013-04-07 19:08:05    --------    d-----w-    C:\Program Files (x86)\FreeDocumentsViewer
.
==================== Find3M  ====================
.
2013-04-02 22:08:01    78176    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01    692576    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-21 16:09:31    39768    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2013-03-02 10:57:48    337128    ----a-w-    C:\windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46    77544    ----a-w-    C:\windows\System32\drivers\storahci.sys
2013-03-02 10:57:46    332520    ----a-w-    C:\windows\System32\drivers\storport.sys
2013-03-02 10:57:46    283880    ----a-w-    C:\windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20    148712    ----a-w-    C:\windows\System32\drivers\tpm.sys
2013-03-02 10:45:19    194792    ----a-w-    C:\windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10    125160    ----a-w-    C:\windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39    495336    ----a-w-    C:\windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38    69864    ----a-w-    C:\windows\System32\drivers\pdc.sys
2013-03-02 10:39:32    327912    ----a-w-    C:\windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37    2231528    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36    411880    ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08    34304    ----a-w-    C:\windows\SysWow64\wuapp.exe
2013-03-02 08:23:43    83968    ----a-w-    C:\windows\SysWow64\wudriver.dll
2013-03-02 08:23:43    125952    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30    893952    ----a-w-    C:\windows\SysWow64\winmde.dll
2013-03-02 08:23:30    1338880    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28    601088    ----a-w-    C:\windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28    504320    ----a-w-    C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19    8857088    ----a-w-    C:\windows\SysWow64\twinui.dll
2013-03-02 08:23:19    246784    ----a-w-    C:\windows\SysWow64\ubpm.dll
2013-03-02 08:23:04    356352    ----a-w-    C:\windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04    100864    ----a-w-    C:\windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36    357888    ----a-w-    C:\windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32    5091840    ----a-w-    C:\windows\SysWow64\mstscax.dll
2013-03-02 08:22:18    361984    ----a-w-    C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17    850944    ----a-w-    C:\windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56    550912    ----a-w-    C:\windows\SysWow64\drvstore.dll
2013-03-02 08:21:52    36352    ----a-w-    C:\windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40    309760    ----a-w-    C:\windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39    2033664    ----a-w-    C:\windows\SysWow64\authui.dll
2013-03-02 08:21:32    145408    ----a-w-    C:\windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59    448512    ----a-w-    C:\windows\System32\SettingSync.dll
2013-03-02 02:44:59    128512    ----a-w-    C:\windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:41    455168    ----a-w-    C:\windows\System32\netcfgx.dll
2013-03-02 02:44:41    117248    ----a-w-    C:\windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38    5978624    ----a-w-    C:\windows\System32\mstscax.dll
2013-03-02 02:44:30    468992    ----a-w-    C:\windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29    1048576    ----a-w-    C:\windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08    703488    ----a-w-    C:\windows\System32\drvstore.dll
2013-03-02 02:44:07    150016    ----a-w-    C:\windows\System32\discan.dll
2013-03-02 02:44:05    49152    ----a-w-    C:\windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59    1933312    ----a-w-    C:\windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56    389120    ----a-w-    C:\windows\System32\BCP47Langs.dll
2013-03-02 02:43:55    2302464    ----a-w-    C:\windows\System32\authui.dll
2013-03-02 02:43:51    2146304    ----a-w-    C:\windows\System32\actxprxy.dll
2013-03-02 02:43:50    156160    ----a-w-    C:\windows\System32\powercfg.cpl
2013-03-02 02:15:53    26112    ----a-w-    C:\windows\System32\drivers\mouhid.sys
2013-03-01 04:56:18    30720    ----a-w-    C:\windows\System32\drivers\monitor.sys
2013-02-21 10:30:16    1766912    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\windows\System32\wininet.dll
2013-02-21 10:15:00    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-02-19 09:53:00    534528    ----a-w-    C:\windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59    39936    ----a-w-    C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40    444416    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:19    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-02-12 00:17:50    20992    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2013-02-07 01:33:01    754176    ----a-w-    C:\windows\SysWow64\actxprxy.dll
.
============= FINISH: 10:58:30.79 ===============
 

 

Attached Files



#6 Dark Noel

Dark Noel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 07 May 2013 - 10:06 AM

CHECKUP

 

 Results of screen317's Security Check version 0.99.63  
   x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Anti-Virus 2013        
Windows Defender           
Norton Internet Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 AVG PC TuneUp   
 AVG PC TuneUp Language Pack (en-US)
 Java 7 Update 11  
 Java version out of Date!
 Adobe Flash Player     11.6.602.180  
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#7 Dark Noel

Dark Noel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 07 May 2013 - 10:09 AM

Adware Cleaner

 

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 11:06:53
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Austinaj6688 - HAPPY-PC
# Boot Mode : Normal
# Running from : C:\Users\Austinaj6688\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\Users\Austinaj6688\AppData\Roaming\Mozilla\Firefox\Profiles\6mm3ksjo.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
File Deleted : C:\windows\Tasks\PC Performer_DEFAULT.job
Folder Deleted : C:\Program Files (x86)\search results toolbar
Folder Deleted : C:\Users\Austinaj6688\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Austinaj6688\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKLM\Software\PerformerSoft

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Austinaj6688\AppData\Roaming\Mozilla\Firefox\Profiles\6mm3ksjo.default\prefs.js

[OK] File is clean.

File : C:\Users\Ada\AppData\Roaming\Mozilla\Firefox\Profiles\lch8p50f.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Austinaj6688\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.21] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.23] : keyword = "babylon.com",
Deleted [l.25] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110801&tt=0113_4&babsrc=SP_ss&[...]
Deleted [l.2253] : homepage = "hxxp://www.searchnu.com/405",
Deleted [l.2491] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/405", "hxxp://search.babylon.com/?aff[...]

*************************

AdwCleaner[S1].txt - [21094 octets] - [07/05/2013 01:17:39]
AdwCleaner[S2].txt - [2093 octets] - [07/05/2013 11:06:53]

########## EOF - C:\AdwCleaner[S2].txt - [2153 octets] ##########
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 07 May 2013 - 11:02 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please let me know what problem persists.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 13 May 2013 - 09:51 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 19 May 2013 - 08:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users