Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Family member downloaded nasty bug on livestreaming site. (more inside)


  • This topic is locked This topic is locked
21 replies to this topic

#1 Kinglit

Kinglit

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 20 October 2013 - 11:24 AM

Popup ad audio is heard even when browers are closed. One look on the task mangager shows several instances of Google Crome (which I never use and appear to be the source of the popup ad audio) being used and taking up a majority of the CPU. When I open a new window an extra one pops up with an ad.

 

DDS LOG FILE

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000  BrowserJavaVersion: 10.21.2
Run by trace at 12:34:03 on 2013-10-20
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.1918.364 [GMT -4:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE
C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Morgan\m3jpegV3\MMTray.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\hp\kbd\kbd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Program Files\McAfee Security Scan\3.0.318\McUicnt.exe
c:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\trace\AppData\Local\GCC\Controller.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.xfinity.com/?cid=xfstart_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
uProxyServer = :0
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: ElectroLyrics-16: {11111111-1111-1111-1111-110411411152} - c:\program files\electrolyrics-16\ElectroLyrics-16-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: WordOv: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\trace\appdata\local\wordov\temp.dat
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: NJStarBHO Class: {E74F179F-F6CC-4BE0-9638-DEA49583953F} - c:\program files\njstar communicator\NJStarBHO32.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Octoshape Streaming Services] "c:\users\trace\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [googletalk] c:\users\trace\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\trace\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [CloneCDTray] "c:\program files\elaborate bytes\clonecd\CloneCDTray.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO} /NO_DEFPS
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [MMTray] "c:\program files\morgan\m3jpegv3\MMTray.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\trace\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\trace\appdata\roaming\micros~1\windows\startm~1\programs\startup\social~1.lnk - c:\program files\socialbox\Socialbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: incontacthiring.com
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1C517DEB-59CF-4806-A1BA-A71265252F3D} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\trace\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\trace\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\users\trace\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-10-09 01:44; {b9acf540-acba-11e1-8ccb-001fd0e08bd4}; c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
FF - ExtSQL: 2013-10-20 00:00; gmijq@bnasdndblib.com; c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\gmijq@bnasdndblib.com
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-14 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-14 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-14 108088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-29 53328]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-14 88840]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-12-9 207360]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-29 138680]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-29 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-29 352920]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-5-22 20640]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2009-7-1 223128]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-8-14 815160]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .vbe: VBEFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2013-10-20 15:24:44    --------    d-----w-    c:\users\trace\appdata\local\GCC
2013-10-20 15:24:09    --------    d-----w-    c:\program files\ElectroLyrics-16
2013-10-20 15:23:52    --------    d-----w-    c:\users\trace\appdata\local\WordOv
2013-10-20 15:23:46    --------    d-----w-    c:\users\trace\appdata\local\SwvUpdater
2013-10-18 22:53:46    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{3612c4b7-6abc-4e92-b2c8-2cf9e2ba1835}\offreg.dll
2013-10-18 06:06:03    7796464    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{3612c4b7-6abc-4e92-b2c8-2cf9e2ba1835}\mpengine.dll
2013-10-10 01:09:52    --------    d-----w-    c:\program files\Belarc
2013-10-01 07:04:59    3215256    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-10-01 07:04:59    301464    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-10-01 07:04:59    274840    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-10-01 07:04:52    1090952    ----a-w-    c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-10-01 07:04:49    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-10-01 07:04:47    116632    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-10-01 07:04:43    271256    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-10-01 07:04:42    74648    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-10-01 07:04:42    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M  ====================
.
2013-10-09 00:51:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 00:51:17    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-05 10:56:32    88840    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-09-03 18:35:12    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-14 20:27:16    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
.
============= FINISH: 12:36:18.44 ===============
 

 

 

 

HIJACK THIS LOG FILE

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:40 PM, on 10/20/2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Morgan\m3jpegV3\MMTray.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Program Files\McAfee Security Scan\3.0.318\McUicnt.exe
c:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\trace\AppData\Local\GCC\Controller.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfstart_eg_self_main
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: CrossriderApp0044152 - {11111111-1111-1111-1111-110411411152} - C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: WordOv - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\trace\AppData\Local\WordOv\temp.dat
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: NJCommunicator Plugin for IE9 - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\Windows\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Morgan\m3jpegV3\MMTray.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Comcast_McciTrayApp] "C:\Program Files\Comcast\pcTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [googletalk] C:\Users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Socialbox.lnk = C:\Program Files\Socialbox\Socialbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.incontacthiring.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Giraffic - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Google Update Service (gupdate1c9976ea5c9c3b0) (gupdate1c9976ea5c9c3b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\app\trace\product\11.1.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Unknown owner - C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE
O23 - Service: Oracle ORCL VSS Writer Service (OracleVssWriterORCL) - Unknown owner - C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16551 bytes

Attached Files


Edited by Kinglit, 20 October 2013 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 20 October 2013 - 01:11 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean! 
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  • icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #3 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 20 October 2013 - 09:02 PM

    Booted in Safe Mode

     

    FRST LOG FILE

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
    Ran by trace (administrator) on TRACE-PC on 20-10-2013 21:18:25
    Running from G:\
    Microsoft® Windows Vista™ Ultimate  Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 7
    Boot Mode: Safe Mode (with Networking)

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-12] (CyberLink Corp.)
    HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
    HKLM\...\Run: [HP Software Update] - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
    HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
    HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
    HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-09-12] ()
    HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateReg] - C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
    HKLM\...\Run: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [81000 2009-11-24] (ALWIL Software)
    HKLM\...\Run: [USBToolTip] - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
    HKLM\...\Run: [USB2Check] - RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
    HKLM\...\Run: [CloneCDElbyCDFL] - C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
    HKLM\...\Run: [CloneCDTray] - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [73728 2002-12-02] (Elaborate Bytes AG)
    HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)
    HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM\...\Run: [Jet Detection] - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
    HKLM\...\Run: [DevconDefaultDB] - C:\Windows\READREG /PSCONV={NO} /NO_DEFPS
    HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [MMTray] - C:\Program Files\Morgan\m3jpegV3\MMTray.exe [53248 2001-11-08] (Morgan Multimedia)
    HKLM\...\Run: [DivX Download Manager] - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
    HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [Comcast_McciTrayApp] - C:\Program Files\Comcast\pcTrayApp.exe [1939968 2012-01-18] (Alcatel-Lucent)
    HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-08-18] (RealNetworks, Inc.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
    HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
    HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKCU\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
    HKCU\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2012-06-26] (Veoh Networks)
    HKCU\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1347584 2007-08-29] (AWS Convergence Technologies, Inc.)
    HKCU\...\Run: [PMCRemote] - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [226576 2008-09-04] (Pinnacle Systems)
    HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
    HKCU\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)
    HKCU\...\Run: [ooVoo.exe] - C:\Program Files\ooVoo\oovoo.exe [22631608 2011-05-18] (ooVoo LLC)
    HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
    HKCU\...\Run: [googletalk] - C:\Users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    HKCU\...\Run: [Google Update] - C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-06] (Google Inc.)
    HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\Run: [HPADVISOR] - [x]
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\Run: [HPADVISOR] - [x]
    AppInit_DLLs: c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll [ 2013-01-31] ()
    Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
    ShortcutTarget: Socialbox.lnk -> C:\Program Files\Socialbox\Socialbox.exe ()

    ==================== Internet (Whitelisted) ====================

    ProxyServer: :0
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfstart_eg_self_main
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
    SearchScopes: HKLM - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKCU - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
    SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-bho.dll (PassWizard)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: WordOv - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\trace\AppData\Local\WordOv\temp.dat ()
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: NJStarBHO Class - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)
    BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default
    FF user.js: detected! => C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\user.js
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @veoh.com/VeohTVPlugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll No File
    FF Plugin: @veoh.com/VeohWebPlayer - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\trace\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\trace\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\trace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 - C:\Users\trace\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
    FF SearchPlugin: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\bing-zugo.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bProtect.xml
    FF Extension: No Name - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com
    FF Extension: WordOv - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\gmijq@bnasdndblib.com
    FF Extension: Move Media Player - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\moveplayer@movenetworks.com
    FF Extension: No Name - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\nostmp
    FF Extension: Veoh Video Compass - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\searchrecs@veoh.com
    FF Extension: Yahoo! Toolbar - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF Extension: No Name - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
    FF Extension: No Name - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
    FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\gmijq@bnasdndblib.com
    FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
    FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
    FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKCU\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
    FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder

    Chrome:
    =======
    CHR Extension: (DivX HiQ) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0
    CHR Extension: (WordOv) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0
    CHR Extension: (ElectroLyrics-16) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
    CHR Extension: (NJStar Chromate - NJStar Communicator Plugin for Chrome) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf\3.0.2_0
    CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0
    CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
    CHR HKLM\...\Chrome\Extension: [jlklhlmekdhcfmndodpbjmgpepoeiiaf] - C:\Program Files\NJStar Communicator\PLUGIN\NJChromate-3.0.2.crx
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

    ========================== Services (Whitelisted) =================

    S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
    S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
    S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
    S2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-11-24] (ALWIL Software)
    S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-11-24] (ALWIL Software)
    S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-11-24] (ALWIL Software)
    S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-11-24] (ALWIL Software)
    S2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
    S2 gupdate1c9976ea5c9c3b0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-25] (Google Inc.)
    S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
    S2 OracleDBConsoleorcl; C:\app\trace\product\11.1.0\db_1\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation)
    S4 OracleJobSchedulerORCL; c:\app\trace\product\11.1.0\db_1\Bin\extjob.exe [102400 2007-10-03] ()
    S2 OracleServiceORCL; c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation)
    S2 OracleVssWriterORCL; C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe [163840 2007-10-03] ()
    S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
    S2 OracleOraDb11g_home1TNSListener; C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR  [x]

    ==================== Drivers (Whitelisted) ====================

    R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
    S2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2009-11-24] (ALWIL Software)
    S2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2009-11-24] (ALWIL Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23120 2009-11-24] (ALWIL Software)
    S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [114768 2009-11-24] (ALWIL Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [48560 2009-11-24] (ALWIL Software)
    S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
    S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
    S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-14] (Avira Operations GmbH & Co. KG)
    S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software)
    R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-20] (Microsoft Corporation)
    S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
    R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [15360 2002-11-28] (Elaborate Bytes AG)
    S2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG)
    R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22016 2002-11-28] (Elaborate Bytes AG)
    S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
    S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
    S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)
    S3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
    R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-07-09] (DiBcom)
    S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
    S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
    S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
    S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2009-07-01] (Alcohol Soft Co., Ltd.)
    S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
    S2 ASPI32; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S2 MCSTRM; No ImagePath
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]
    S4 sptd; System32\Drivers\sptd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-10-20 21:18 - 2013-10-20 21:18 - 00000000 ____D C:\FRST
    2013-10-20 12:36 - 2013-10-20 12:41 - 00022859 _____ C:\Users\trace\Desktop\dds.txt
    2013-10-20 12:36 - 2013-10-20 12:36 - 00013417 _____ C:\Users\trace\Desktop\attach.txt
    2013-10-20 12:33 - 2013-10-20 12:33 - 00688992 ____R (Swearware) C:\Users\trace\Downloads\dds.com
    2013-10-20 12:22 - 2013-10-20 12:22 - 00016553 _____ C:\Users\trace\Desktop\hijackthis OCTOBER 20 2013.txt
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001962 _____ C:\Windows\Tasks\ElectroLyrics-16-chromeinstaller.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001888 _____ C:\Windows\Tasks\ElectroLyrics-16-firefoxinstaller.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001352 _____ C:\Windows\Tasks\ElectroLyrics-16-updater.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001258 _____ C:\Windows\Tasks\ElectroLyrics-16-codedownloader.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001158 _____ C:\Windows\Tasks\ElectroLyrics-16-enabler.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Users\trace\AppData\Local\GCC
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Program Files\ElectroLyrics-16
    2013-10-20 11:23 - 2013-10-20 11:24 - 00000000 ____D C:\Users\trace\AppData\Local\WordOv
    2013-10-20 11:23 - 2013-10-20 11:23 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
    2013-10-20 11:23 - 2013-10-20 11:23 - 00000000 ____D C:\Users\trace\AppData\Local\SwvUpdater
    2013-10-20 11:22 - 2013-10-20 11:22 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(3).exe
    2013-10-20 11:18 - 2013-10-20 11:22 - 00000000 _____ C:\END
    2013-10-20 11:17 - 2013-10-20 11:17 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(2).exe
    2013-10-20 08:47 - 2013-10-20 08:47 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(1).exe
    2013-10-20 08:44 - 2013-10-20 08:44 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295.exe
    2013-10-10 21:36 - 2013-10-13 22:33 - 00000000 ____D C:\Users\trace\Desktop\CIS JAVA HOMEWORK FILES
    2013-10-10 18:55 - 2013-10-10 18:55 - 00000453 _____ C:\Users\trace\Downloads\Letter for Verification of Attendance.txt
    2013-10-09 21:09 - 2013-10-09 21:09 - 00001863 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
    2013-10-09 21:09 - 2013-10-09 21:09 - 00000000 ____D C:\Program Files\Belarc
    2013-10-09 21:08 - 2013-10-09 21:08 - 03248080 _____ C:\Users\trace\Downloads\advisorinstaller.exe
    2013-10-04 21:42 - 2013-10-04 21:42 - 00000134 _____ C:\Users\trace\Desktop\Internet Explorer Troubleshooting.url
    2013-10-02 13:47 - 2013-10-02 13:47 - 00037086 _____ C:\Users\trace\Desktop\NME WORK AT HOME ApplyPrint.aspx
    2013-10-02 13:47 - 2013-10-02 13:47 - 00000000 ____D C:\Users\trace\Desktop\NME WORK AT HOME ApplyPrint_files
    2013-10-01 03:04 - 2013-10-01 03:06 - 00000000 ____D C:\Program Files\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2013-10-20 21:18 - 2013-10-20 21:18 - 00000000 ____D C:\FRST
    2013-10-20 21:03 - 2008-12-13 00:18 - 00113664 _____ C:\Users\trace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-10-20 21:01 - 2011-01-07 12:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-20 20:59 - 2006-11-02 08:45 - 00006144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-10-20 20:59 - 2006-11-02 08:45 - 00006144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-10-20 20:58 - 2008-01-20 21:37 - 01179286 _____ C:\Windows\WindowsUpdate.log
    2013-10-20 20:58 - 2006-11-02 09:00 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-10-20 20:58 - 2006-11-02 09:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-10-20 20:51 - 2012-10-11 19:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-10-20 20:51 - 2012-08-10 12:16 - 00000000 ____D C:\Program Files\Giraffic
    2013-10-20 20:50 - 2012-08-10 12:16 - 00000000 ____D C:\ProgramData\Giraffic
    2013-10-20 13:42 - 2012-06-06 18:55 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job
    2013-10-20 13:25 - 2009-06-30 21:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-10-20 12:41 - 2013-10-20 12:36 - 00022859 _____ C:\Users\trace\Desktop\dds.txt
    2013-10-20 12:36 - 2013-10-20 12:36 - 00013417 _____ C:\Users\trace\Desktop\attach.txt
    2013-10-20 12:33 - 2013-10-20 12:33 - 00688992 ____R (Swearware) C:\Users\trace\Downloads\dds.com
    2013-10-20 12:22 - 2013-10-20 12:22 - 00016553 _____ C:\Users\trace\Desktop\hijackthis OCTOBER 20 2013.txt
    2013-10-20 12:08 - 2010-12-27 10:21 - 00000820 _____ C:\Windows\Tasks\Google Software Updater.job
    2013-10-20 11:25 - 2010-11-22 10:25 - 00000821 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001962 _____ C:\Windows\Tasks\ElectroLyrics-16-chromeinstaller.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001888 _____ C:\Windows\Tasks\ElectroLyrics-16-firefoxinstaller.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001352 _____ C:\Windows\Tasks\ElectroLyrics-16-updater.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001258 _____ C:\Windows\Tasks\ElectroLyrics-16-codedownloader.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00001158 _____ C:\Windows\Tasks\ElectroLyrics-16-enabler.job
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Users\trace\AppData\Local\GCC
    2013-10-20 11:24 - 2013-10-20 11:24 - 00000000 ____D C:\Program Files\ElectroLyrics-16
    2013-10-20 11:24 - 2013-10-20 11:23 - 00000000 ____D C:\Users\trace\AppData\Local\WordOv
    2013-10-20 11:23 - 2013-10-20 11:23 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
    2013-10-20 11:23 - 2013-10-20 11:23 - 00000000 ____D C:\Users\trace\AppData\Local\SwvUpdater
    2013-10-20 11:22 - 2013-10-20 11:22 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(3).exe
    2013-10-20 11:22 - 2013-10-20 11:18 - 00000000 _____ C:\END
    2013-10-20 11:17 - 2013-10-20 11:17 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(2).exe
    2013-10-20 08:47 - 2013-10-20 08:47 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(1).exe
    2013-10-20 08:44 - 2013-10-20 08:44 - 00202880 _____ (Amonétié Ltd) C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295.exe
    2013-10-19 05:42 - 2012-06-06 18:55 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job
    2013-10-16 18:02 - 2011-01-14 15:13 - 00000410 ____H C:\Windows\Tasks\Norton Security Scan for trace.job
    2013-10-16 03:25 - 2009-06-30 21:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-10-15 17:10 - 2008-08-25 09:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-10-13 22:33 - 2013-10-10 21:36 - 00000000 ____D C:\Users\trace\Desktop\CIS JAVA HOMEWORK FILES
    2013-10-13 21:37 - 2013-08-26 22:23 - 00000000 ____D C:\Users\trace\.grasp_settings
    2013-10-13 19:07 - 2008-11-30 23:08 - 00000052 _____ C:\Windows\system32\DOErrors.log
    2013-10-12 04:26 - 2010-01-22 18:04 - 00000689 _____ C:\Windows\m3jpeg.ini
    2013-10-12 04:26 - 2008-12-27 20:48 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
    2013-10-10 18:55 - 2013-10-10 18:55 - 00000453 _____ C:\Users\trace\Downloads\Letter for Verification of Attendance.txt
    2013-10-10 04:20 - 2008-12-01 04:31 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-10-10 04:03 - 2013-07-19 03:10 - 00000000 ____D C:\Windows\system32\MRT
    2013-10-10 03:52 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2013-10-09 21:09 - 2013-10-09 21:09 - 00001863 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
    2013-10-09 21:09 - 2013-10-09 21:09 - 00000000 ____D C:\Program Files\Belarc
    2013-10-09 21:08 - 2013-10-09 21:08 - 03248080 _____ C:\Users\trace\Downloads\advisorinstaller.exe
    2013-10-09 02:02 - 2013-08-19 18:08 - 00000747 _____ C:\Users\trace\Desktop\Future_Presents_FBG_The_Movie-(DatPiff.com) - Shortcut.lnk
    2013-10-09 02:02 - 2013-08-19 18:08 - 00000745 _____ C:\Users\trace\Desktop\old-man-at-computer-2011-05 - Shortcut.lnk
    2013-10-08 20:51 - 2012-10-11 19:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-10-08 20:51 - 2012-06-24 05:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-10-08 13:22 - 2013-08-25 17:55 - 00000000 ____D C:\Users\trace\Desktop\Desktop files 2
    2013-10-06 20:38 - 2008-11-30 07:47 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleFortrace.job
    2013-10-05 05:24 - 2009-01-22 13:04 - 00000000 ____D C:\ProgramData\Google Updater
    2013-10-05 05:22 - 2008-12-21 20:12 - 00000416 _____ C:\Windows\Tasks\PCConfidential.job
    2013-10-04 21:54 - 2012-04-25 11:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-10-04 21:43 - 2009-08-20 06:52 - 00053899 _____ C:\Windows\ie8_main.log
    2013-10-04 21:42 - 2013-10-04 21:42 - 00000134 _____ C:\Users\trace\Desktop\Internet Explorer Troubleshooting.url
    2013-10-04 20:26 - 2010-05-07 23:15 - 00000000 ____D C:\Users\trace\LP SRW Alpha
    2013-10-04 19:55 - 2006-11-02 06:33 - 00723960 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-10-04 19:49 - 2012-04-23 09:40 - 00003882 _____ C:\Windows\IE9_main.log
    2013-10-03 22:15 - 2008-12-21 20:13 - 00000000 ____D C:\Users\trace\AppData\Local\WeatherBug
    2013-10-02 13:47 - 2013-10-02 13:47 - 00037086 _____ C:\Users\trace\Desktop\NME WORK AT HOME ApplyPrint.aspx
    2013-10-02 13:47 - 2013-10-02 13:47 - 00000000 ____D C:\Users\trace\Desktop\NME WORK AT HOME ApplyPrint_files
    2013-10-02 13:45 - 2013-06-17 22:02 - 00000508 _____ C:\Users\trace\Desktop\job 2013 UPDATE.txt
    2013-10-01 03:06 - 2013-10-01 03:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

    Some content of TEMP:
    ====================
    C:\Users\trace\AppData\Local\temp\ose00000.exe
    C:\Users\trace\AppData\Local\temp\vlc-2.0.6-win32.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-10-20 21:07

    ==================== End Of Log ============================

     

    Attached Files



    #4 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 21 October 2013 - 11:27 AM

    Please do this next:

    icon11.gif  You have more than one antivirus (AV) program running.  Your logs show both avast! and Avira running.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.  Please remove one of the AV applications via Control Panel > Programs > Uninstall a program.

    icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

    • Execute TDSSKiller.exe by doubleclicking on it.
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
    • Then click Continue > Reboot now
    • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
    • Post that log, please.

    Please include the following in your next post:

    • TDSSKiller log

     


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #5 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 22 October 2013 - 04:22 PM

    There's no Cure, Continue or Reboot now options on the app (not log file either). Also it didn't detect anything malicious, which is obvious BS

     

     

    Would it have something to do with me running it on Safe Mode?


    Edited by Kinglit, 22 October 2013 - 04:24 PM.


    #6 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 23 October 2013 - 04:26 PM

    Safe mode wouldn't make a difference.  Please do this next:

     
    icon11.gif  Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
  • icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • Please include the following in your next post:
    • MBAM log
  • AdwCleaner log

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #7 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 24 October 2013 - 08:50 PM

    MBAM LOG FILE

     

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.23.10

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    trace :: TRACE-PC [administrator]

    Protection: Enabled

    10/23/2013 8:58:21 PM
    mbam-log-2013-10-23 (20-58-21).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 517881
    Time elapsed: 7 hour(s), 9 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 29
    HKCR\CLSID\{11111111-1111-1111-1111-110411411152} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0044152.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0044152.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0044152.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0044152.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550455415552} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440444414452} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Typelib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKCR\Typelib\{8AD815FC-607B-419F-8B70-D345A507A54E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411152} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordOv (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKCU\Software\InstalledBrowserExtensions\PassWizard (PUP.Optional.Lyrics.A) -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411152} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411152} (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ElectroLyrics-16 (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKLM\Software\ElectroLyrics-16 (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data:  -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files\ElectroLyrics-16 (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv (PUP.Optional.WordOV) -> Quarantined and deleted successfully.

    Files Detected: 47
    C:\Program Files\ElectroLyrics-16\44152.crx (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\44152.xpi (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-bg.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-bho.dll (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-buttonutil.dll (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-buttonutil.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-chromeinstaller.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-codedownloader.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-enabler.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-firefoxinstaller.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-helper.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16-updater.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\ElectroLyrics-16.ico (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\Installer.log (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\Uninstall.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\background.html (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\ElectroLyrics-16\utils.exe (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Program Files\Uninstall Information\ib_uninst_361\uninstall.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files\Uninstall Information\ib_uninst_442\uninstall.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files\Uninstall Information\ib_uninst_455\uninstall.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv\.build (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv\.user (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv\eula.txt (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv\temp.dat (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\WordOv\uninst.exe (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\BAUnQaPO.exe.part (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\Ndc+lJHe.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\jW2oBGrz.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\m8ZTRE47.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\qVpvw63e.exe.part (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
    C:\Users\trace\AppData\Local\temp\usppJ8Uc.exe.part (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(1).exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(2).exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295(3).exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\trace\Downloads\VLCMediaPlayer__3793_il2295.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L8P6ZM6S\updater-startnow-200-2.5-g[1].exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\ElectroLyrics-16-chromeinstaller.job (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\ElectroLyrics-16-codedownloader.job (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\ElectroLyrics-16-enabler.job (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\ElectroLyrics-16-firefoxinstaller.job (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\ElectroLyrics-16-updater.job (PUP.Optional.ElectroLyrics.A) -> Quarantined and deleted successfully.
    C:\_OTL\MovedFiles\02102013_171421\C_Program Files\StartNow Toolbar\ToolbarUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

    (end)

     

    ADWCLEANER LOG

     

    # AdwCleaner v3.010 - Report created 24/10/2013 at 20:42:58
    # Updated 20/10/2013 by Xplode
    # Operating System : Windows Vista ™ Ultimate Service Pack 1 (32 bits)
    # Username : trace - TRACE-PC
    # Running from : C:\Users\trace\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\bProtect.xml
    File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bProtector_extensions.rdf
    File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\invalidprefs.js
    File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\user.js
    File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
    Folder Found : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
    Folder Found : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Found C:\Program Files\registry mechanic
    Folder Found C:\ProgramData\bProtectorForWindows
    Folder Found C:\ProgramData\Free Ride Games
    Folder Found C:\Users\trace\AppData\Local\SwvUpdater
    Folder Found C:\Users\trace\AppData\LocalLow\boost_interprocess
    Folder Found C:\Users\trace\AppData\Roaming\registry mechanic
    Folder Found C:\Users\trace\AppData\Roaming\StartNow Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
    Key Found : HKCU\Software\installedbrowserextensions
    Key Found : HKCU\Software\InstalledThirdPartyPrograms
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
    Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\Software\InstalledThirdPartyPrograms
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6001.18000


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\prefs.js ]

    Line Found : user_pref("extensions.crossrider.bic", "141d678c9c451ff91b4bbe7ceb4aae6d");

    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage

    *************************

    AdwCleaner[R0].txt - [6533 octets] - [24/10/2013 20:42:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6593 octets] ##########
     

    Attached Files



    #8 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 26 October 2013 - 08:43 AM

    Please do this next:

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.

    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      <-Uncheck any items in the list that relate to software you wish to keep->
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

    Please include the following in your next post:
    • AdwCleaner log
    • ESET log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 29 October 2013 - 09:41 PM

    Sorry for the wait,

     

    ADWCLEANER LOG

     

    # AdwCleaner v3.010 - Report created 26/10/2013 at 16:38:28

    # Updated 20/10/2013 by Xplode

    # Operating System : Windows Vista ™ Ultimate Service Pack 1 (32 bits)

    # Username : trace - TRACE-PC

    # Running from : C:\Users\trace\Desktop\AdwCleaner.exe

    # Option : Clean

    ***** [ Services ] *****

     

    ***** [ Files / Folders ] *****

     

    Folder Deleted : C:\ProgramData\bProtectorForWindows

    Folder Deleted : C:\ProgramData\Free Ride Games

    Folder Deleted : C:\Program Files\registry mechanic

    Folder Deleted : C:\Users\trace\AppData\Local\SwvUpdater

    Folder Deleted : C:\Users\trace\AppData\LocalLow\boost_interprocess

    Folder Deleted : C:\Users\trace\AppData\Roaming\registry mechanic

    Folder Deleted : C:\Users\trace\AppData\Roaming\StartNow Toolbar

    Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    Folder Deleted : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

    Folder Deleted : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

    File Deleted : C:\END

    File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bProtector_extensions.rdf

    File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\invalidprefs.js

    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\bProtect.xml

    File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\user.js

    File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****

     

    ***** [ Registry ] *****

     

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24C4394D-0CB7-4D55-874E-83503DB1D146}

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24C4394D-0CB7-4D55-874E-83503DB1D146}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    Key Deleted : HKCU\Software\installedbrowserextensions

    Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

    Key Deleted : HKCU\Software\YahooPartnerToolbar

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

    Key Deleted : HKLM\Software\InstalledThirdPartyPrograms

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

     

    ***** [ Browsers ] *****

     

    -\\ Internet Explorer v7.0.6001.18000

     

    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\prefs.js ]

    Line Deleted : user_pref("extensions.crossrider.bic", "141d678c9c451ff91b4bbe7ceb4aae6d");

    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [6673 octets] - [24/10/2013 20:42:58]

    AdwCleaner[S0].txt - [6646 octets] - [26/10/2013 16:38:28]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6706 octets] ##########

     

     

    LOGESET LOG

     

    C:\AdwCleaner\Quarantine\C\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.crx.vir    Win32/bProtector.E application
    C:\AdwCleaner\Quarantine\C\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe.vir    a variant of Win32/bProtector.A application
    C:\AdwCleaner\Quarantine\C\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll.vir    a variant of Win32/bProtector.A application
    C:\AdwCleaner\Quarantine\C\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe.vir    a variant of Win32/bProtector.A application
    C:\AdwCleaner\Quarantine\C\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-18.0.dll.vir    a variant of Win32/bProtector.B application
    C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
    C:\Program Files\Winferno\PC Confidential\PCConfidential.exe    Win32/Adware.PCConfidential application
    C:\Program Files\Winferno\PC Confidential\PCCST.exe    Win32/Adware.PCConfidential application
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Reactivate.exe.vir    a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir    a variant of Win32/Toolbar.Zugo application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\101_cortica_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\102_dealply_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\103_intext_5_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\104_jollywallet_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\105_corticas_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\107_coupish_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\108_icm_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\116_ads_only_5_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\117_coupons_intext_ads_5_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\119_similar_web_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\120_luck_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\123_intext_adv_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\125_arcadi2_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\126_revizer_ws_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\127_revizer_p_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\128_superfish_pricora_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\129_widdit_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\135_arcadi3_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\138_getdeal_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\155_ibario_pops_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\159_cortica_rollover_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\170_icm1_5_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\171_arcadi2_sourceID_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Local\temp\NyAY2F+V.exe.part    Win32/DownloadAdmin.G application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\101_cortica_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\102_dealply_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\104_jollywallet_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\105_corticas_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\107_coupish_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\119_similar_web_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\120_luck_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\123_intext_adv_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\125_arcadi2_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\128_superfish_pricora_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\129_widdit_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\135_arcadi3_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\138_getdeal_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\155_ibario_pops_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\159_cortica_rollover_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\170_icm1_5_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\171_arcadi2_sourceID_m.js    JS/Toolbar.Crossrider.A application
    C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js    JS/Toolbar.Crossrider.A application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L8P6ZM6S\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Windows\temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Windows\temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
    C:\_OTL\MovedFiles\02102013_171421\C_Program Files\StartNow Toolbar\Toolbar32.dll    a variant of Win32/Toolbar.Zugo application
     

     

    Attached Files



    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 31 October 2013 - 06:46 PM

    How is your computer running now?  Those ESET detections are all related to potentially unwanted (due to toolbars or adware) freeware apps or extensions you have installed in Chrome and Firefox.  If you want to clean those up the best way would be to uninstall them through the browser.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 31 October 2013 - 09:37 PM

    Nothings changed. Last night the Pop-Up ad-like noises came back



    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 01 November 2013 - 08:30 PM

    Is this happening in all of your browsers?  If not, which ones are affected and which are not.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 01 November 2013 - 08:52 PM

    Firefox is acting up again. It's almost like I did nothing. Chrome is showing up again on Task Manager

     

    Do you recommend ComboFix? Or do you want me to rescan it?



    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:01 PM

    Posted 03 November 2013 - 12:16 AM

    Open Firefox and in the Help menu find and select "Restart with addons disabled"  Surf with it a bit in that mode and let me know if you still have the issues.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 Kinglit

    Kinglit
    • Topic Starter

    • Members
    • 34 posts
    • OFFLINE
    •  
    • Local time:09:01 PM

    Posted 03 November 2013 - 05:28 PM

    Chrome DEFINITELY had become infected. More than five instances of it were running in Task Manager! Not only that but something was taking up a ridiculous amount of room on my HDD to the point where I had next to no room left. I uninstalled Chrome in safe mode (my hdd went back to it's original space size), went ahead and uninstalled Firefox as well because once again something was taking up room in my HDD, though not nearly as bad as when I had Chrome (my HDD space went from 13gb to 10 in the span of a few minutes).

     

    Right now I'm retracing the steps you gave me and rescanning with Malwarebytes' Anti-Malware


    Edited by Kinglit, 03 November 2013 - 05:32 PM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users