Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Conduit.SearchProtect. Crashing. MixDJ toolbar, Live Support


  • This topic is locked This topic is locked
3 replies to this topic

#1 aLuffabo

aLuffabo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 30 August 2013 - 02:24 PM

Hello, 

 

Thank you very much for your service!  I seem to be infected with the Win 32 virus.  I have tried ending processes and removing manually through remove programs, but with no luck as it won't allow me to end the processes.  It has also downloaded and added several things; Severe Weather Alerts, Live Support, Mix DJ toolbar.  It also crashed recently, no blue screen but just a flat power-down. My google chrome bookmarks have also been removed.  The computer is running extremely slowly, and I also have the feeling something is wrong with my Windows updates, as I do the updates and when I reboot they are still there.  Some of the updates show an error message and won't download.

 

Thanks in advance!

 

 

 

 DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Brit at 14:12:44 on 2013-08-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6055.3080 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\Brit\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Lexmark S510 Series\LMADHmon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Users\Brit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Brit\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Brit\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\LiveSupport\LiveSupport.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Users\Brit\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Brit\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3298580&octid=CT3298580&SearchSource=61&CUI=UN28119139932088813&UM=2&UP=SP333ED57D-ED4E-43C2-913E-A84210889E4D
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Brit\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Web Layers: {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files (x86)\Web Layers\WebLayersbho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Spotify Web Helper] "C:\Users\Brit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [PCShowServer] "C:\Users\Brit\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [LMab1err] "C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe"
uRun: [LMADHmon] "C:\Program Files (x86)\Lexmark S510 Series\LMADHmon.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SearchProtect] C:\Users\Brit\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll",RunConduitFloatingPlugin bpfboklmeiefoedekjeigdcnfbpjeaii
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LMADHmon] "C:\Program Files (x86)\Lexmark S510 Series\LMADHmon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Brit\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\Brit\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\Brit\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\Brit\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://sav.mlxchange.com/5.2.07.13523/Control/FileCruiser.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://sav.mlxchange.com/5.2.07.13523/Control/Specfile.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://cor.mlxchange.com/5.2.07.13523/Control/MLSClientUtils.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://sav.mlxchange.com/5.2.07.13523/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://sav.mlxchange.com/5.2.07.13523/Control/IRCWebPrint.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://cor.mlxchange.com/5.2.07.13523/Control/IRCSharc.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://cor.mlxchange.com/5.2.07.13523/Control/WebDog.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://sav.mlxchange.com/5.2.07.13523/Control/AspCustomCtrls.cab
TCP: NameServer = 192.168.175.1 64.89.100.2 192.168.175.1
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD} : DHCPNameServer = 192.168.175.1 64.89.100.2 192.168.175.1
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\055647562737F6E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\24279647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\C496E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\C696E6B63797370284F6D69656 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\F4E697873456461627 : DHCPNameServer = 66.90.130.101 216.82.201.11
TCP: Interfaces\{3F88EA36-0ED0-42AD-820E-3F516D067BFD}\F4E697873456461627D27657563747 : DHCPNameServer = 66.90.130.101 216.82.201.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [LMADHmon] "C:\Program Files (x86)\Lexmark S510 Series\LMADHmon.exe"
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-31 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-31 189936]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-2-21 25576]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-31 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-31 378944]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-2-21 13824]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-31 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-31 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-13 46808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-8-26 573952]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Brit\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-8-29 107520]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-25 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 682344]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-21 2655768]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-25 258896]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-15 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-10-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-10-11 180736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-21 409192]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29:43;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-24 246256]
S2 Update Web Layers;Update Web Layers;C:\Program Files (x86)\Web Layers\updateWebLayers.exe [2013-8-26 206624]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-9-3 35840]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-14 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2011-2-21 166704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-14 57856]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-10 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-30 18:53:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7374EACD-85C9-471B-A568-DD1C2A8CB3C7}\offreg.dll
2013-08-30 18:16:27 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7374EACD-85C9-471B-A568-DD1C2A8CB3C7}\mpengine.dll
2013-08-30 18:09:06 -------- d-----w- C:\Windows\System32\MRT
2013-08-30 18:08:10 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-30 18:08:10 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-30 18:08:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-30 18:08:10 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-30 18:08:10 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-30 18:08:10 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-30 18:08:10 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-30 18:08:10 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-30 18:07:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-30 18:07:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-30 18:07:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-30 18:07:15 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-30 18:06:48 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-30 18:06:48 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-30 18:06:47 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-30 18:06:36 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-29 19:30:16 -------- d-----w- C:\Program Files (x86)\LiveSupport
2013-08-29 19:29:52 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-08-29 19:29:46 -------- d-----w- C:\Users\Brit\AppData\Roaming\DefaultTab
2013-08-29 19:29:42 -------- d-----w- C:\Users\Brit\AppData\Local\Weather_Notifications,_LL
2013-08-29 19:29:40 -------- d-----w- C:\Users\Brit\AppData\Local\SevereWeatherAlerts
2013-08-29 19:29:35 -------- d-----w- C:\Program Files (x86)\Web Layers
2013-08-29 19:29:16 -------- d-----w- C:\Users\Brit\AppData\Local\Conduit
2013-08-29 19:29:07 -------- d-----w- C:\Users\Brit\AppData\Local\CRE
2013-08-29 19:29:06 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-29 19:28:32 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-29 19:28:24 -------- d-----w- C:\Users\Brit\AppData\Roaming\SearchProtect
2013-08-24 16:11:03 -------- d-----w- C:\Program Files\iPod
2013-08-24 16:11:02 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 16:11:02 -------- d-----w- C:\Program Files\iTunes
2013-08-24 16:11:02 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-08-29 19:28:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 19:28:37 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-01 04:28:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-01 04:27:59 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-01 04:27:59 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-28 01:04:44 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-28 01:04:44 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-24 22:41:14 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 14:13:18.22 ===============
 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 31 August 2013 - 10:59 AM

Hello aLuffabo,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner log
Roguekiller log
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 02 September 2013 - 05:12 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 2-3 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 04 September 2013 - 03:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users