Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups, redirects, ads, to unoffical java or video player download!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Seek and Destroy

Seek and Destroy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 06 January 2014 - 12:40 PM

Three days ago I downloaded Google Chrome and ever since my computer has had numerous popups stating the following message;

 

Error: Windows has detected you must update Java Immediately 

I will then be redirected to an unofficial website.

 

Error: Website has detected that you need to update video player

I will then be redirected to an unofficial website

 

I will also get random video ad/ audio pop ups in bottom right hand corner of screen or in background

 

Chrome has since been uninstalled and I reset internet explorer settings, but I am still having the same issues.

 

Have run the following programs;

 

Norton 360 and only find cookies

RKill

AdwCleaner

Junkware removal tool

Emsisoft Web Malware Scanner

Eset Online Anti-Virus Scanner

 

Malwarebytes is still detecting PUPS after all other scans.

 

Was directed to post here for further assistance. Have logs of all scans if needed.

 

Thank you in advance for any assistance.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by The Big Wiggs at 11:07:53 on 2014-01-06
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8088.5816 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\valWBFPolicyService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\The Big Wiggs\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Users\The Big Wiggs\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: PassShow: {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
uRun: [Google+ Auto Backup] "C:\Users\The Big Wiggs\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\THEBIG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\The Big Wiggs\Documents\RCA Detective\RCADetective.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\16474777966696 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\24563747245797 : DHCPNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\35973616D6F62756D27657563747 : DHCPNameServer = 192.168.1.1 192.168.33.1
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\35E47457563747 : DHCPNameServer = 172.16.30.1
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{71CC6DF3-D04C-49F6-B669-C9DB70C87EB2}\95D43414027457563747 : DHCPNameServer = 192.168.88.8 8.8.8.8 74.114.235.46
TCP: Interfaces\{7AF80D79-CDF3-43D5-B2C6-19EAEA5CDEB1} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1501000.012\SymDS64.sys [2013-12-31 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1501000.012\SymEFA64.sys [2013-12-31 1147480]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2014-1-5 26176]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1501000.012\ccSetx64.sys [2013-12-31 162392]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-12-6 92536]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSviA64.sys [2014-1-3 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1501000.012\Ironx64.sys [2013-12-31 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1501000.012\symnets.sys [2013-12-31 590936]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-6-7 1641768]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-4 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-5 418376]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-12-31 264360]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-4 364416]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-31 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-20 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-5 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-4 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-4 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-4 43832]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1501000.012\SymELAM.sys [2013-12-31 23568]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-5 701512]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-1-5 57024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-4 41272]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-10-28 204568]
.
=============== Created Last 30 ================
.
2014-01-06 02:34:13 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-06 02:34:04 -------- d--h--w- C:\Windows\AxInstSV
2014-01-06 01:22:04 -------- d-----w- C:\EEK
2014-01-06 00:39:59 -------- d-----w- C:\Windows\ERUNT
2014-01-06 00:17:36 -------- d-----w- C:\AdwCleaner
2014-01-05 19:41:52 -------- d-----w- C:\Users\The Big Wiggs\AppData\Roaming\Malwarebytes
2014-01-05 19:41:42 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 19:41:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 19:41:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 20:58:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-04 20:35:52 -------- d-----w- C:\ProgramData\Oracle
2014-01-03 13:52:35 -------- d-----w- C:\Users\The Big Wiggs\.android
2014-01-03 13:52:33 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\cache
2014-01-03 13:52:31 -------- d-----w- C:\Users\The Big Wiggs\AppData\Roaming\newnext.me
2014-01-03 13:52:31 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\genienext
2014-01-03 13:52:17 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits
2014-01-03 13:52:07 -------- d-----w- C:\Program Files (x86)\PassShow
2014-01-03 13:50:26 -------- d-----w- C:\Program Files (x86)\Magicwand
2014-01-03 13:50:15 303616 ----a-w- C:\Windows\IsUninst.exe
2014-01-03 02:27:10 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\Apps
2014-01-03 02:27:09 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\Deployment
2014-01-01 00:16:12 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2014-01-01 00:11:58 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-12-31 17:43:01 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519B0F3F-DC42-4D50-BB1B-797016740080}\mpengine.dll
2013-12-31 15:26:46 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-31 03:47:43 915968 ----a-w- C:\Windows\System32\MPSSVC.dll
2013-12-31 03:47:43 86016 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-12-31 03:47:43 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll
2013-12-31 03:47:43 588288 ----a-w- C:\Windows\System32\SHCore.dll
2013-12-31 03:47:43 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2013-12-31 03:47:43 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2013-12-31 03:47:43 227840 ----a-w- C:\Windows\System32\WebClnt.dll
2013-12-31 03:47:43 199168 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-12-31 03:47:43 104448 ----a-w- C:\Windows\System32\davclnt.dll
2013-12-31 03:47:43 100696 ----a-w- C:\Windows\System32\drivers\disk.sys
2013-12-31 03:47:42 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2013-12-31 03:33:37 -------- d-----w- C:\Users\The Big Wiggs\AppData\Roaming\HewlettPackard
2013-12-18 20:17:47 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\Programs
2013-12-18 20:16:40 -------- d-----w- C:\Users\The Big Wiggs\AppData\Local\Google
2013-12-18 04:03:44 4583424 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-16 23:15:41 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-16 23:15:39 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
==================== Find3M  ====================
.
2014-01-01 00:12:49 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-06 21:50:59 224256 ----a-w- C:\Windows\System32\HPToneCtrls64.dll
2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-28 07:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 07:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-19 05:45:45 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH: 11:08:31.67 ===============
 

Attached Files


Edited by Seek and Destroy, 06 January 2014 - 12:48 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 11 January 2014 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.

#3 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2014 - 09:08 AM

Here are first two logs going to restart, run other, and attach in a few minutes. Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 03
Ran by The Big Wiggs (administrator) on SUNORAHFARM on 11-01-2014 08:01:43
Running from C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Users\The Big Wiggs\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Audiovox Accessories Corp.) C:\Users\The Big Wiggs\Documents\RCA Detective\RCADetective.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Users\The Big Wiggs\AppData\Local\Temp\1389448389\ChromeHelperProc.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
(We-Care.com) C:\ProgramData\WeCareReminder\ReminderHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-12-06] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CommonToolkitTray] - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1497120 2013-07-08] (SPAMfighter ApS)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [YTBChrInst] - C:\Users\THEBIG~1\AppData\Local\Temp\1389448389\ChromeHelperProc.exe [55064 2013-10-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google+ Auto Backup] - C:\Users\The Big Wiggs\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3635152 2013-12-17] (Google Inc.)
Startup: C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\The Big Wiggs\Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20140102,20029,0,25,6944
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {6EB414F9-08BD-46EE-87D9-D67046FB77A8} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140102,20028,0,25,0
SearchScopes: HKCU - {6EB414F9-08BD-46EE-87D9-D67046FB77A8} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140102,20028,0,25,0
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
BHO-x32: ArcadeParlor Games - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Extension: () - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej\1.0.0_0
CHR Extension: (Google Docs) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (PassShow) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0
CHR Extension: (Website Logon) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0
CHR Extension: (Google Wallet) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Gmail) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dhogjnnleghndloamdkljhnhdchpcijl] - C:\Program Files (x86)\PassShow\150.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

U2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
U2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
U3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
U2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-01-06] (Emsisoft GmbH)
U1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
U1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
U3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-06] (Emsisoft GmbH)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-31] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-31] (Symantec Corporation)
U1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140110.001\IDSvia64.sys [521944 2013-12-31] (Symantec Corporation)
U3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140110.017\ENG64.SYS [126040 2013-12-31] (Symantec Corporation)
U3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140110.017\EX64.SYS [2099288 2013-12-31] (Symantec Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
U3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
U1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
U0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
U0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
U0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
U3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-31] (Symantec Corporation)
U1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
U1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-11 07:58 - 2014-01-11 07:58 - 00000000 ____D C:\FRST
2014-01-11 07:54 - 2014-01-11 07:55 - 00000000 ____D C:\ProgramData\WeCareReminder
2014-01-11 07:54 - 2014-01-11 07:54 - 00003482 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-The Big Wiggs-Notification
2014-01-11 07:54 - 2014-01-11 07:54 - 00002804 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-The Big Wiggs-Startup
2014-01-11 07:54 - 2014-01-11 07:54 - 00000424 _____ C:\Windows\Tasks\SLOW-PCfighter64-The Big Wiggs-Notification.job
2014-01-11 07:54 - 2014-01-11 07:54 - 00000422 _____ C:\Windows\Tasks\SLOW-PCfighter64-The Big Wiggs-Startup.job
2014-01-11 07:54 - 2014-01-11 07:54 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00002048 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\FileAssociationManager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\ProgramData\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2014-01-11 07:52 - 2014-01-11 07:52 - 00003192 _____ C:\Windows\System32\Tasks\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000328 _____ C:\Windows\Tasks\ArcadeParlor.job
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Yahoo!
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Mozilla
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\ProgramData\Yahoo!
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2014-01-07 18:02 - 2014-01-07 18:02 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\NPE
2014-01-06 11:08 - 2014-01-06 11:08 - 00019775 _____ C:\Users\The Big Wiggs\Desktop\dds.txt
2014-01-06 11:08 - 2014-01-06 11:08 - 00009686 _____ C:\Users\The Big Wiggs\Desktop\attach.txt
2014-01-06 11:05 - 2014-01-06 11:05 - 00688992 ____R (Swearware) C:\Users\The Big Wiggs\Downloads\dds.com
2014-01-06 09:23 - 2014-01-06 09:23 - 00001012 _____ C:\Users\The Big Wiggs\Desktop\ESETScan.txt
2014-01-05 20:34 - 2014-01-05 20:34 - 00000000 ___HD C:\Windows\AxInstSV
2014-01-05 20:34 - 2014-01-05 20:34 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 19:23 - 2014-01-05 19:23 - 00000546 _____ C:\Users\The Big Wiggs\Desktop\Emsisoft Emergency Kit.lnk
2014-01-05 19:22 - 2014-01-05 19:22 - 00000000 ____D C:\EEK
2014-01-05 18:51 - 2014-01-05 18:51 - 00001190 _____ C:\Users\The Big Wiggs\Desktop\JRT.txt
2014-01-05 18:39 - 2014-01-05 18:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 18:17 - 2014-01-05 18:25 - 00000000 ____D C:\AdwCleaner
2014-01-05 18:15 - 2014-01-05 18:15 - 00002738 _____ C:\Users\The Big Wiggs\Desktop\Rkill.txt
2014-01-05 18:15 - 2014-01-05 18:15 - 00000000 ____D C:\Users\The Big Wiggs\Desktop\rkill
2014-01-05 13:41 - 2014-01-05 13:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Malwarebytes
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-05 13:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-04 14:58 - 2014-01-04 14:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-04 14:35 - 2014-01-04 14:58 - 00000000 ____D C:\ProgramData\Oracle
2014-01-04 14:33 - 2014-01-04 14:34 - 00005521 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-03 08:15 - 2014-01-03 08:15 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-03 07:52 - 2014-01-10 21:14 - 00000328 _____ C:\Windows\Tasks\GreatArcadeHits.job
2014-01-03 07:52 - 2014-01-09 07:42 - 00000406 _____ C:\Windows\Tasks\PassShow Update.job
2014-01-03 07:52 - 2014-01-05 20:31 - 00000000 ____D C:\Program Files (x86)\PassShow
2014-01-03 07:52 - 2014-01-05 14:54 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\newnext.me
2014-01-03 07:52 - 2014-01-03 10:29 - 00000149 _____ C:\Users\The Big Wiggs\daemonprocess.txt
2014-01-03 07:52 - 2014-01-03 08:07 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\genienext
2014-01-03 07:52 - 2014-01-03 08:07 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\cache
2014-01-03 07:52 - 2014-01-03 07:52 - 00003168 _____ C:\Windows\System32\Tasks\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00003062 _____ C:\Windows\System32\Tasks\PassShow Update
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\.android
2014-01-03 07:50 - 2014-01-03 07:50 - 00000000 ____D C:\Program Files (x86)\Magicwand
2014-01-03 07:50 - 1997-11-19 15:49 - 00303616 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-01-02 20:27 - 2014-01-02 20:27 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Deployment
2014-01-02 20:27 - 2014-01-02 20:27 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Apps\2.0
2013-12-31 18:16 - 2013-12-31 18:16 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-12-31 18:12 - 2013-12-31 18:12 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-31 18:12 - 2013-12-31 18:12 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-31 18:12 - 2013-12-31 18:12 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-31 18:12 - 2013-12-31 18:12 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-12-31 17:35 - 2013-12-31 17:35 - 00001256 _____ C:\Users\The Big Wiggs\Desktop\Norton Installation Files.lnk
2013-12-31 17:35 - 2013-12-31 17:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-12-30 21:47 - 2013-10-30 23:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-12-30 21:47 - 2013-10-30 23:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-12-30 21:47 - 2013-10-30 22:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-12-30 21:47 - 2013-10-30 21:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-12-30 21:47 - 2013-10-27 23:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-12-30 21:47 - 2013-10-27 22:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-12-30 21:47 - 2013-10-13 14:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-12-30 21:47 - 2013-08-26 23:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-30 21:47 - 2013-08-26 23:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-30 21:47 - 2013-08-26 16:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-30 21:47 - 2013-08-26 16:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-30 21:36 - 2013-12-30 21:37 - 09822928 _____ (Hewlett-Packard Company                                     ) C:\Users\The Big Wiggs\Downloads\sp63175.exe
2013-12-30 21:33 - 2013-12-30 21:33 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\HewlettPackard
2013-12-21 01:07 - 2014-01-04 14:38 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 14:17 - 2013-12-18 14:17 - 00001106 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-18 14:17 - 2013-12-18 14:17 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-18 14:16 - 2014-01-04 14:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 14:16 - 2014-01-02 20:29 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Google
2013-12-18 14:15 - 2013-12-18 14:16 - 17549264 _____ (Google Inc.) C:\Users\The Big Wiggs\Downloads\picasa39-setup.exe
2013-12-18 13:38 - 2013-12-18 13:38 - 03285745 _____ C:\Users\The Big Wiggs\Downloads\eobs.zip
2013-12-17 22:03 - 2013-12-17 22:03 - 04583424 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

==================== One Month Modified Files and Folders =======

2014-01-11 08:02 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-11 07:59 - 2012-12-26 01:59 - 01794999 _____ C:\Windows\WindowsUpdate.log
2014-01-11 07:58 - 2014-01-11 07:58 - 00000000 ____D C:\FRST
2014-01-11 07:58 - 2013-01-26 02:43 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\CrashDumps
2014-01-11 07:55 - 2014-01-11 07:54 - 00000000 ____D C:\ProgramData\WeCareReminder
2014-01-11 07:54 - 2014-01-11 07:54 - 00003482 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-The Big Wiggs-Notification
2014-01-11 07:54 - 2014-01-11 07:54 - 00002804 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-The Big Wiggs-Startup
2014-01-11 07:54 - 2014-01-11 07:54 - 00000424 _____ C:\Windows\Tasks\SLOW-PCfighter64-The Big Wiggs-Notification.job
2014-01-11 07:54 - 2014-01-11 07:54 - 00000422 _____ C:\Windows\Tasks\SLOW-PCfighter64-The Big Wiggs-Startup.job
2014-01-11 07:54 - 2014-01-11 07:54 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00002048 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\FileAssociationManager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\ProgramData\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\Fighters
2014-01-11 07:53 - 2014-01-11 07:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2014-01-11 07:52 - 2014-01-11 07:52 - 00003192 _____ C:\Windows\System32\Tasks\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000328 _____ C:\Windows\Tasks\ArcadeParlor.job
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Yahoo!
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Mozilla
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\ProgramData\Yahoo!
2014-01-11 07:52 - 2014-01-11 07:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2014-01-10 21:14 - 2014-01-03 07:52 - 00000328 _____ C:\Windows\Tasks\GreatArcadeHits.job
2014-01-10 16:24 - 2012-08-21 13:19 - 00000000 ____D C:\Program Files (x86)\CyberLink
2014-01-10 16:16 - 2012-08-21 13:18 - 00000000 ____D C:\ProgramData\install_clap
2014-01-10 16:15 - 2012-08-03 18:02 - 00000000 ____D C:\SWSetup
2014-01-10 16:02 - 2012-12-26 02:03 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FCE59A99-2863-4FDC-8108-03BCC45AF37F}
2014-01-10 10:14 - 2013-05-26 08:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-10 10:14 - 2013-05-26 08:28 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-10 10:08 - 2012-07-26 01:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 13:36 - 2012-07-26 01:21 - 00051153 _____ C:\Windows\setupact.log
2014-01-09 09:13 - 2013-09-13 09:29 - 00000000 ____D C:\Users\The Big Wiggs\Documents\excel
2014-01-09 07:42 - 2014-01-03 07:52 - 00000406 _____ C:\Windows\Tasks\PassShow Update.job
2014-01-08 16:57 - 2012-09-04 12:59 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2014-01-07 18:02 - 2014-01-07 18:02 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\NPE
2014-01-06 11:08 - 2014-01-06 11:08 - 00019775 _____ C:\Users\The Big Wiggs\Desktop\dds.txt
2014-01-06 11:08 - 2014-01-06 11:08 - 00009686 _____ C:\Users\The Big Wiggs\Desktop\attach.txt
2014-01-06 11:05 - 2014-01-06 11:05 - 00688992 ____R (Swearware) C:\Users\The Big Wiggs\Downloads\dds.com
2014-01-06 10:44 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 10:43 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-06 09:23 - 2014-01-06 09:23 - 00001012 _____ C:\Users\The Big Wiggs\Desktop\ESETScan.txt
2014-01-05 20:34 - 2014-01-05 20:34 - 00000000 ___HD C:\Windows\AxInstSV
2014-01-05 20:34 - 2014-01-05 20:34 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 20:31 - 2014-01-03 07:52 - 00000000 ____D C:\Program Files (x86)\PassShow
2014-01-05 19:23 - 2014-01-05 19:23 - 00000546 _____ C:\Users\The Big Wiggs\Desktop\Emsisoft Emergency Kit.lnk
2014-01-05 19:22 - 2014-01-05 19:22 - 00000000 ____D C:\EEK
2014-01-05 18:56 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-05 18:51 - 2014-01-05 18:51 - 00001190 _____ C:\Users\The Big Wiggs\Desktop\JRT.txt
2014-01-05 18:39 - 2014-01-05 18:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 18:26 - 2012-08-03 16:23 - 00451218 _____ C:\Windows\PFRO.log
2014-01-05 18:25 - 2014-01-05 18:17 - 00000000 ____D C:\AdwCleaner
2014-01-05 18:15 - 2014-01-05 18:15 - 00002738 _____ C:\Users\The Big Wiggs\Desktop\Rkill.txt
2014-01-05 18:15 - 2014-01-05 18:15 - 00000000 ____D C:\Users\The Big Wiggs\Desktop\rkill
2014-01-05 14:54 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\newnext.me
2014-01-05 13:41 - 2014-01-05 13:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Malwarebytes
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 13:41 - 2014-01-05 13:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 20:28 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2014-01-04 20:16 - 2012-12-26 02:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-687344192-2611452520-1397555799-1001
2014-01-04 20:10 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-04 14:58 - 2014-01-04 14:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-04 14:58 - 2014-01-04 14:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-04 14:58 - 2014-01-04 14:35 - 00000000 ____D C:\ProgramData\Oracle
2014-01-04 14:58 - 2013-05-26 09:44 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-04 14:38 - 2013-12-21 01:07 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 14:34 - 2014-01-04 14:33 - 00005521 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-04 14:20 - 2013-12-18 14:16 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-03 10:29 - 2014-01-03 07:52 - 00000149 _____ C:\Users\The Big Wiggs\daemonprocess.txt
2014-01-03 08:16 - 2012-12-26 02:00 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Packages
2014-01-03 08:15 - 2014-01-03 08:15 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-03 08:07 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\genienext
2014-01-03 08:07 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\cache
2014-01-03 07:57 - 2012-08-21 13:33 - 00000000 ____D C:\ProgramData\WildTangent
2014-01-03 07:57 - 2012-08-21 13:33 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2014-01-03 07:52 - 2014-01-03 07:52 - 00003168 _____ C:\Windows\System32\Tasks\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00003062 _____ C:\Windows\System32\Tasks\PassShow Update
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits
2014-01-03 07:52 - 2014-01-03 07:52 - 00000000 ____D C:\Users\The Big Wiggs\.android
2014-01-03 07:52 - 2012-12-26 01:59 - 00000000 ____D C:\Users\The Big Wiggs
2014-01-03 07:50 - 2014-01-03 07:50 - 00000000 ____D C:\Program Files (x86)\Magicwand
2014-01-02 20:29 - 2013-12-18 14:16 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Google
2014-01-02 20:27 - 2014-01-02 20:27 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Deployment
2014-01-02 20:27 - 2014-01-02 20:27 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Local\Apps\2.0
2013-12-31 21:40 - 2012-12-26 02:03 - 00000000 ___RD C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-31 21:24 - 2013-10-15 13:59 - 00049128 _____ C:\Users\The Big Wiggs\.mysync.log
2013-12-31 18:16 - 2013-12-31 18:16 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2013-12-31 18:14 - 2013-12-31 18:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-12-31 18:13 - 2013-01-27 01:25 - 00000000 ____D C:\Users\The Big Wiggs\Documents\Symantec
2013-12-31 18:13 - 2012-09-04 12:55 - 00000000 ____D C:\ProgramData\Norton
2013-12-31 18:13 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-31 18:12 - 2013-12-31 18:12 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-31 18:12 - 2013-12-31 18:12 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-31 18:12 - 2013-12-31 18:12 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-31 18:12 - 2013-12-31 18:12 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-31 18:12 - 2013-12-31 18:12 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-12-31 18:12 - 2012-07-26 02:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-12-31 17:35 - 2013-12-31 17:35 - 00001256 _____ C:\Users\The Big Wiggs\Desktop\Norton Installation Files.lnk
2013-12-31 17:35 - 2013-12-31 17:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-12-30 21:37 - 2013-12-30 21:36 - 09822928 _____ (Hewlett-Packard Company                                     ) C:\Users\The Big Wiggs\Downloads\sp63175.exe
2013-12-30 21:33 - 2013-12-30 21:33 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\HewlettPackard
2013-12-27 10:15 - 2012-08-21 13:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-18 14:17 - 2013-12-18 14:17 - 00001106 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-18 14:17 - 2013-12-18 14:17 - 00000000 ____D C:\Users\The Big Wiggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-18 14:16 - 2013-12-18 14:15 - 17549264 _____ (Google Inc.) C:\Users\The Big Wiggs\Downloads\picasa39-setup.exe
2013-12-18 13:38 - 2013-12-18 13:38 - 03285745 _____ C:\Users\The Big Wiggs\Downloads\eobs.zip
2013-12-17 22:03 - 2013-12-17 22:03 - 04583424 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-16 17:38 - 2013-09-07 17:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 17:33 - 2013-09-07 17:29 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 19:36 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates

Some content of TEMP:
====================
C:\Users\The Big Wiggs\AppData\Local\Temp\Extract.exe
C:\Users\The Big Wiggs\AppData\Local\Temp\Quarantine.exe
C:\Users\The Big Wiggs\AppData\Local\Temp\SP64726.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-07 10:16

==================== End Of Log ============================

Attached Files



#4 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2014 - 09:20 AM

Ok....we've got a problem. Went to restart will boot allow me to unlock computer but then I have a black screen. Random thinks like a norton alert o can see fine and a popup will come up fine so not sure what's going on now.

#5 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2014 - 09:35 AM

Ok,  my screen is back. Don't know why that happened but here is the log you wanted.

 

 Results of screen317's Security Check version 0.99.78 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
Norton 360        
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 11 January 2014 - 01:52 PM

You are running FRST64 from this temporary folder.
C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH

In order for this script to work it must be created in the same folder.

It might me a good idea to copy the FRST64 program on you Desktop and run this script from there.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

() C:\Users\The Big Wiggs\AppData\Local\Temp\1389448389\ChromeHelperProc.exe
(Farbar) C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH\FRST64 (1).exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\RunOnce: [YTBChrInst] - C:\Users\THEBIG~1\AppData\Local\Temp\1389448389\ChromeHelperProc.exe [55064 2013-10-10] ()
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
BHO-x32: ArcadeParlor Games - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
CHR Extension: (PassShow) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0
CHR HKLM-x32\...\Chrome\Extension: [dhogjnnleghndloamdkljhnhdchpcijl] - C:\Program Files (x86)\PassShow\150.crx
C:\Program Files (x86)\PassShow\150.dll
C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll
C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

=================

Please let me know if the problem persists.

#7 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2014 - 06:57 PM

Here is a copy of the log you requested, and I don't know what you did but your AWESOME!!!! No more pop ups or random audio. YAY!!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 05
Ran by The Big Wiggs at 2014-01-11 17:53:10 Run:1
Running from C:\Users\The Big Wiggs\Desktop\New folder (2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

() C:\Users\The Big Wiggs\AppData\Local\Temp\1389448389\ChromeHelperProc.exe
(Farbar) C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH\FRST64 (1).exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\RunOnce: [YTBChrInst] - C:\Users\THEBIG~1\AppData\Local\Temp\1389448389\ChromeHelperProc.exe [55064 2013-10-10] ()
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
BHO-x32: ArcadeParlor Games - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
CHR Extension: (PassShow) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0
CHR HKLM-x32\...\Chrome\Extension: [dhogjnnleghndloamdkljhnhdchpcijl] - C:\Program Files (x86)\PassShow\150.crx
C:\Program Files (x86)\PassShow\150.dll
C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll
C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

end

*****************

C:\Users\The Big Wiggs\AppData\Local\Temp\1389448389\ChromeHelperProc.exe => No running process found
C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZANY6TH\FRST64 (1).exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\YTBChrInst => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d661e5b-7d7a-417c-b5b5-6479017bb314} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.
CHR Extension: (PassShow) - C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0 directory not found.
C:\Program Files (x86)\PassShow\150.dll => Moved successfully.
C:\Users\The Big Wiggs\AppData\Local\ArcadeParlor\Arcadeparlor.dll => Moved successfully.
C:\Users\The Big Wiggs\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll => Moved successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll => Moved successfully.

==== End of Fixlog ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 12 January 2014 - 09:30 AM


You should now be able to run these tool to clean any remant items.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 18 January 2014 - 11:04 AM

Are you still with me?

#10 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 19 January 2014 - 08:15 PM

I am still with you, Sorry about that I just noticed my email stating I had a reply. Will be running other software in a few minutes.



#11 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 19 January 2014 - 08:23 PM

# AdwCleaner v3.017 - Report created 19/01/2014 at 19:19:22
# Updated 12/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : The Big Wiggs - SUNORAHFARM
# Running from : C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K47K8TRT\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\The Big Wiggs\AppData\Local\genienext
Folder Deleted : C:\Users\The Big Wiggs\AppData\Roaming\newnext.me

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v

[ File : C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [8930 octets] - [05/01/2014 18:18:21]
AdwCleaner[R1].txt - [3423 octets] - [19/01/2014 19:17:21]
AdwCleaner[S0].txt - [8549 octets] - [05/01/2014 18:24:47]
AdwCleaner[S1].txt - [2740 octets] - [19/01/2014 19:19:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2800 octets] ##########



#12 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 19 January 2014 - 08:26 PM

 Results of screen317's Security Check version 0.99.79 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
Norton 360        
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Java version out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#13 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 19 January 2014 - 08:28 PM

All problems seem to be resolved.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 20 January 2014 - 09:21 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u51 was released on Oct. 15. 2013.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45
===



If all is well:

Time for some housekeeping

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 26 January 2014 - 09:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users