Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This machine has gotten bit again.


  • Please log in to reply
11 replies to this topic

#1 sawz

sawz

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 23 December 2013 - 12:02 PM

My machine started to run sluggish and I ran the AVG only to find a trojan horse crypt 2 . BXBO the avg can not remove or fix please advise next steps Thanks , sawzalot.



BC AdBot (Login to Remove)

 


#2 bhorne

bhorne

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 23 December 2013 - 12:27 PM

You may want to run the AVG or any other Anti-virus software in safe-mode. It may let you remove the virus then.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:27 PM

Posted 23 December 2013 - 09:24 PM

Hello -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.

 

Next -

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.

    Windows Vista to 8 Right Click and select Run as administrator

  • Click on Clean.
  • Confirm each time with OK.
  • You will be  restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Thank You -



#4 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 December 2013 - 10:26 AM

Here is the first check

 

Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2014  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player 11.9.900.170 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#5 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 December 2013 - 10:34 AM

2nd check

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Robert (administrator) on 24-12-2013 at 10:30:05
Running from "C:\Users\Robert\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 6E-0F-6E-6A-7F-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 4C-0F-6E-6A-7F-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a02e:32f8:b327:1ae3%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 24, 2013 8:25:54 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 25, 2013 8:25:59 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 323751790
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-5C-45-72-64-31-50-61-3A-CF
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.nj.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c3f:1fad:ba07:cf07(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c3f:1fad:ba07:cf07%23(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4006:800::1002
   74.125.226.197
   74.125.226.192
   74.125.226.200
   74.125.226.199
   74.125.226.195
   74.125.226.201
   74.125.226.194
   74.125.226.193
   74.125.226.198
   74.125.226.196
   74.125.226.206

Pinging google.com [74.125.226.206] with 32 bytes of data:
Reply from 74.125.226.206: bytes=32 time=18ms TTL=54
Reply from 74.125.226.206: bytes=32 time=16ms TTL=54

Ping statistics for 74.125.226.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 18ms, Average = 17ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=68ms TTL=48
Reply from 98.138.253.109: bytes=32 time=119ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 119ms, Average = 93ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...6e 0f 6e 6a 7f 72 ......Microsoft Virtual WiFi Miniport Adapter
 12...4c 0f 6e 6a 7f 72 ......Atheros AR9285 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.104     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.104    281
    192.168.1.104  255.255.255.255         On-link     192.168.1.104    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.104    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.104    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.104    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 23     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 23     58 2001::/32                On-link
 23    306 2001:0:9d38:6abd:1c3f:1fad:ba07:cf07/128
                                    On-link
 12    281 fe80::/64                On-link
 23    306 fe80::/64                On-link
 23    306 fe80::1c3f:1fad:ba07:cf07/128
                                    On-link
 12    281 fe80::a02e:32f8:b327:1ae3/128
                                    On-link
  1    306 ff00::/8                 On-link
 23    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/24/2013 08:47:20 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/23/2013 02:19:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgscana.exe, version: 14.0.0.4110, time stamp: 0x5213dd87
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x2b8
Faulting application start time: 0xavgscana.exe0
Faulting application path: avgscana.exe1
Faulting module path: avgscana.exe2
Report Id: avgscana.exe3

Error: (12/23/2013 01:40:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgscana.exe, version: 14.0.0.4110, time stamp: 0x5213dd87
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x4b0
Faulting application start time: 0xavgscana.exe0
Faulting application path: avgscana.exe1
Faulting module path: avgscana.exe2
Report Id: avgscana.exe3

Error: (12/23/2013 08:54:42 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 177514

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 177514

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11466

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11466

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (12/23/2013 07:14:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:12:16 PM on ?12/?23/?2013 was unexpected.

Error: (12/23/2013 01:09:13 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/23/2013 01:09:09 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (12/23/2013 01:09:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Microsoft Office Sessions:
=========================
Error: (12/24/2013 08:47:20 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/23/2013 02:19:53 PM) (Source: Application Error)(User: )
Description: avgscana.exe14.0.0.41105213dd87ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e42b801cf000fb3a5cf41C:\Program Files (x86)\AVG\AVG2014\avgscana.exeC:\Windows\SYSTEM32\ntdll.dll32ceeb5f-6c07-11e3-9675-8ae2b0748d6c

Error: (12/23/2013 01:40:49 PM) (Source: Application Error)(User: )
Description: avgscana.exe14.0.0.41105213dd87ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e44b001cf000a43174aa1C:\Program Files (x86)\AVG\AVG2014\avgscana.exeC:\Windows\SYSTEM32\ntdll.dllbd6cfc92-6c01-11e3-9675-8ae2b0748d6c

Error: (12/23/2013 08:54:42 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 177514

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 177514

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11466

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11466

Error: (12/22/2013 10:00:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2013-03-31 20:29:27.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:26.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:25.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:25.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:24.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:24.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:23.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:07.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:06.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-31 20:29:06.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader 9.5.2 MUI (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0416.541.8279)
Catalyst Control Center Graphics Full Existing (Version: 2010.0416.541.8279)
Catalyst Control Center Graphics Full New (Version: 2010.0416.541.8279)
Catalyst Control Center Graphics Light (Version: 2010.0416.541.8279)
Catalyst Control Center Graphics Previews Common (Version: 2010.0416.541.8279)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0416.541.8279)
Catalyst Control Center InstallProxy (Version: 2010.0416.541.8279)
Catalyst Control Center Localization All (Version: 2010.0416.541.8279)
CCC Help Chinese Standard (Version: 2010.0416.0540.8279)
CCC Help Chinese Traditional (Version: 2010.0416.0540.8279)
CCC Help Czech (Version: 2010.0416.0540.8279)
CCC Help Danish (Version: 2010.0416.0540.8279)
CCC Help Dutch (Version: 2010.0416.0540.8279)
CCC Help English (Version: 2010.0416.0540.8279)
CCC Help Finnish (Version: 2010.0416.0540.8279)
CCC Help French (Version: 2010.0416.0540.8279)
CCC Help German (Version: 2010.0416.0540.8279)
CCC Help Greek (Version: 2010.0416.0540.8279)
CCC Help Hungarian (Version: 2010.0416.0540.8279)
CCC Help Italian (Version: 2010.0416.0540.8279)
CCC Help Japanese (Version: 2010.0416.0540.8279)
CCC Help Korean (Version: 2010.0416.0540.8279)
CCC Help Norwegian (Version: 2010.0416.0540.8279)
CCC Help Polish (Version: 2010.0416.0540.8279)
CCC Help Portuguese (Version: 2010.0416.0540.8279)
CCC Help Russian (Version: 2010.0416.0540.8279)
CCC Help Spanish (Version: 2010.0416.0540.8279)
CCC Help Swedish (Version: 2010.0416.0540.8279)
CCC Help Thai (Version: 2010.0416.0540.8279)
CCC Help Turkish (Version: 2010.0416.0540.8279)
ccc-core-static (Version: 2010.0416.541.8279)
ccc-utility64 (Version: 2010.0416.541.8279)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Construction Master Pro
Contents (Version: 1.6.0.286)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.116)
Corel VideoStudio Pro X3 (Version: 1.6.0.286)
CyberLink DVD Suite (Version: 7.0.3003)
DeviceIO (Version: 1.6.0.286)
Digital Copy
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4121)
DVDInfoPro 7.1.0.7
DYOS Kitchen Release 0.29
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Update Helper (Version: 1.3.22.3)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.5.1)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.2.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Movies and TV (Version: 1.0.0.10)
HP MediaSmart Music (Version: 4.1.4215)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart Webcam (Version: 4.1.3024)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.9.0)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.4.4)
HP Setup (Version: 8.1.4186.3400)
HP SimplePass Identity Protection (Version: 5.20.233)
HP Software Framework (Version: 4.1.6.1)
HP Support Assistant (Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.9.0)
Hulu Desktop (Version: 0.9.13)
ICA (Version: 1.6.0.286)
ICA (Version: 1.6.1.116)
IDT Audio (Version: 1.0.6288.0)
IPM_PSP_Pro (Version: 1.00.0000)
IPM_VS_Pro (Version: 13.0)
ISCOM (Version: 1.6.0.286)
ISCOM (Version: 1.6.1.116)
iTunes (Version: 11.0.2.26)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
KuroReader
LabelPrint (Version: 2.5.2907)
LightScribe System Software (Version: 1.18.15.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Picasa 3 (Version: 3.9)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PowerDirector (Version: 8.0.3003)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PureHD (Version: 1.6.0.286)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Recovery Manager (Version: 5.5.3023)
Roxio CinemaNow 2.0 (Version: 1.0.284)
SCR3xxx Smart Card Reader (Version: 8.41)
Setup (Version: 1.6.0.286)
Setup (Version: 1.6.1.116)
Share (Version: 1.6.0.286)
Share64 (Version: 1.6.0.286)
SUPERAntiSpyware (Version: 5.0.1142)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Times Reader (Version: 2.061)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Validity Sensors DDK (Version: 4.1.139.0)
VIO (Version: 1.6.0.286)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VSClassic (Version: 1.6.0.286)
VSPro (Version: 1.6.0.286)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
WordPerfect Office 11 (Version: 11.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 3834.9 MB
Available physical RAM: 1576.33 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5151.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:574.63 GB) (Free:501.89 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.25 GB) (Free:3.09 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\HP

Administrator            Guest                    Robert                  

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



#6 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 December 2013 - 10:39 AM

3rd check

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/24/2013 10:37:58 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/24/2013 10:38:37 AM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:27 PM

Posted 24 December 2013 - 04:50 PM

Results from ...............

 

Download Malwarebytes' Anti-Malware Free (aka MBAM)

Please download AdwCleaner by Xplode onto your desktop.

 

Uninstall Bonjour (ITunes)

Error: (12/22/2013 10:03:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 177514

 

Multiple errors with the program -

 

Thank You -


Edited by noknojon, 24 December 2013 - 04:54 PM.


#8 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 December 2013 - 08:33 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Robert :: HP [administrator]

12/24/2013 8:12:40 PM
mbam-log-2013-12-24 (20-12-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251818
Time elapsed: 13 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.

Files Detected: 20
C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nsaE769.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nsf431B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nsf6491.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nsf6D68.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nsfCDEE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nskADD3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nslC537.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nslDE35.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\nspA569.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\RegClean10.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\dlm741.tmp\copy1-SetupGreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\dlm741.tmp\SetupGreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Robert\Downloads\China Man bleep his Daughter(WWW.GOSSIPPME.COM).exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Robert\Downloads\setup.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.

(end)



#9 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 December 2013 - 08:55 PM

# AdwCleaner v3.016 - Report created 24/12/2013 at 20:48:48
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robert - HP
# Running from : C:\Users\Robert\Documents\AdwCleaner new.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Robert\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Robert\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Robert\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Robert\Documents\Mobogenie
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qvzh6v88.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qvzh6v88.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qvzh6v88.default\user.js
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qvzh6v88.default\prefs.js ]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ry_1955");
Line Deleted : user_pref("extensions.helperbar.installationid", "2ceac9c7-a217-bb6a-c71b-50774bbb5e4b");
Line Deleted : user_pref("extensions.helperbar.installdate", "29/11/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");

*************************

AdwCleaner[R0].txt - [4766 octets] - [24/12/2013 20:47:00]
AdwCleaner[S0].txt - [4525 octets] - [24/12/2013 20:48:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4585 octets] ##########



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:27 PM

Posted 24 December 2013 - 10:20 PM

Update Malwarebytes Anti-Malware and now be sure to select Full Scan.

The Quick Scan removed a fair bit, but more is needed -

 

Next -

Download Kaspersky TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear.
  • Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.
    Please copy and paste the contents of that file here.

Thank You -

 

Edited to add -

Dealply - Wikipedia
To Remove DealPly follow the uninstall instructions.
Please follow these steps:
1. Click here to get the Uninstall program
(please note that the file will appear in the "download area" in your browser's bottom-left corner)
 2. Save the file to your Desktop
 3. Double-click the file icon and run it
 4. Follow the on-screen instructions


Edited by noknojon, 24 December 2013 - 10:35 PM.


#11 sawz

sawz
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 26 December 2013 - 08:01 PM

full scan-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Robert :: HP [administrator]

12/26/2013 3:37:29 PM
mbam-log-2013-12-26 (15-37-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 476709
Time elapsed: 2 hour(s), 22 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:27 PM

Posted 26 December 2013 - 09:43 PM

I attempted to "loosen it" with => Download Kaspersky TDSSKiller

 

The description is from Wiki, but it is not very objective about their hidden download installs.

 

And finally followed with => To Remove DealPly follow the uninstall instructions.

The last part is from the DealPly (scam site) uninstall directions.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users