Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check my HijackThis log and advise....


  • This topic is locked This topic is locked
9 replies to this topic

#1 AndreasNHagen

AndreasNHagen

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 14 January 2014 - 03:09 PM

Hi can someone please assist?

I think my laptop has been infected by something...

HJT log enclosed:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:54:14 a.m., on 15/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)

FIREFOX: 26.0 (en-US)
Boot mode: Normal

Running processes:
C:\Users\Whanau\AppData\Local\iLivid\iLivid.exe
C:\UnifiedRemote\RemoteServer.exe
C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Whanau\Downloads\HijackThis(1).exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WsSVRIEHelper - {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll
O2 - BHO: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxbho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Ask Toolbar BHO - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
O3 - Toolbar: Ask Toolbar - {5347542D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport.dll" (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [iLivid] "C:\Users\Whanau\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - HKCU\..\Run: [Unified Remote v2] C:\UnifiedRemote\RemoteServer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'ReportServer$SQLEXPRESS')
O4 - HKUS\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'ReportServer$SQLEXPRESS')
O4 - HKUS\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQLFDLauncher$SQLEXPRESS')
O4 - HKUS\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQLFDLauncher$SQLEXPRESS')
O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://dynamics.microsoftelearning.com
O15 - Trusted Zone: http://*.alipay.com (HKLM)
O15 - Trusted Zone: http://*.alisoft.com (HKLM)
O15 - Trusted Zone: http://*.taobao.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - https://ngatiwhatuaprod.crm5.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=ubpprv45rr5ker2viwpin455&Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=c87c64823aa34aa2a7ddb9dcefa2657d&OpType=PrintCab&Arch=X86
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:    
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apache - Apache Software Foundation - C:\zpanel\bin\apache\bin\httpd.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cron service (CRON) - Unknown owner - C:\zpanel\bin\crond\crons.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hMailServer - hMailServer - C:\zpanel\bin\hmailserver\Bin\hMailServer.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: named - Unknown owner - C:\zpanel\bin\bind\bin\named.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update outobox - Unknown owner - C:\Program Files (x86)\outobox\updateoutobox.exe
O23 - Service: Util outobox - Unknown owner - C:\Program Files (x86)\outobox\bin\utiloutobox.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: Vodafone Mobile Broadband ¡¤t?? (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WiFiPasswordService - Unknown owner - C:\Users\Whanau\AppData\Local\Temp\WiFiPasswordService.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18059 bytes
 

Attached Files


Edited by Noviciate, 14 January 2014 - 03:27 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:25 AM

Posted 14 January 2014 - 03:29 PM

Good evening. :)

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. Please go here, follow step six, and then post accordingly into this thread. Will you also include a brief explanation of why you think that your PC is poorly-sick.


So long, and thanks for all the fish.

 

 


#3 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 14 January 2014 - 04:39 PM

Hi,

Thanks for your reply.

DDS log enclosed, please let me know if you require the second log as it advises I should not post it unless instructed.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Whanau at 10:24:08 on 2014-01-15
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.3996.827 [GMT 13:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Whanau\AppData\Local\iLivid\iLivid.exe
C:\UnifiedRemote\RemoteServer.exe
C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
C:\zpanel\bin\crond\crons.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\zpanel\bin\hmailserver\Bin\hMailServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files (x86)\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\outobox\updateoutobox.exe
C:\Program Files (x86)\outobox\bin\utiloutobox.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Whanau\Downloads\HijackThis(1).exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.WebFormsHost.exe
C:\Program Files (x86)\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.WebFormsHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe
c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcpackages\VCPkgSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: iSkysoft iTube Studio: {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PassShow: {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll
BHO: outobox: {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files (x86)\outobox\outoboxbho.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} -
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} -
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [iLivid] "C:\Users\Whanau\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Unified Remote v2] C:\UnifiedRemote\RemoteServer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
mRun: [Wondershare Helper Compact] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOBILE~1.LNK - C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:1073741823
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://ngatiwhatuaprod.crm5.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=ubpprv45rr5ker2viwpin455&Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=c87c64823aa34aa2a7ddb9dcefa2657d&OpType=PrintCab&Arch=X86
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\146523 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\34F666665656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\44D2C496E6B602144435C40225F657475627 : DHCPNameServer = 192.168.26.11 192.168.26.10
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\4527573747023447 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\47865602452757374702D416E6167656D656E647 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=    
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=400&systemid=406&v=u10781-218&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=7130430203754928&o=APN10645&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2013-06-07 09:29; 1gffxtbr@InboxAce_1g.com; C:\Program Files (x86)\InboxAce_1g\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-22 56336]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-16 70296]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-31 28600]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-21 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 Znf;Znf;C:\Windows\System32\drivers\znf.sys [2013-5-25 55368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-31 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-31 440376]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-3-31 1011768]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-1-6 166352]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-31 108440]
R2 CrmSqlStartupSvc;SQL Server (CRM) On-Demand Shutdown;C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [2013-9-21 24240]
R2 CRON;Cron service;C:\zpanel\bin\crond\crons.exe [2013-6-29 60928]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-9-21 227896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-31 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-4-5 7680512]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 75776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-5-21 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-5-21 124088]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-11-28 15768]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-11-11 21712]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);C:\Windows\System32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 78336]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;C:\Windows\System32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 88064]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;C:\Windows\System32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 13824]
S3 zsc;zsc;C:\Windows\System32\drivers\zsc.sys [2013-5-25 94720]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2012-1-19 167424]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\System32\drivers\zteusbvoice.sys [2012-1-19 150656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .vbs: bfvbsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
FileExt: .js: bfjsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-13 19:59:58    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\SUPERAntiSpyware.com
2014-01-13 19:59:14    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-01-13 19:59:14    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-01-12 00:10:18    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\Megacoin
2014-01-12 00:10:00    --------    d-----w-    C:\Program Files (x86)\Megacoin
2014-01-09 00:44:46    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\Unified Remote
2014-01-09 00:44:40    --------    d-----w-    C:\UnifiedRemote
2014-01-08 08:45:16    --------    d-----w-    C:\Users\Whanau\AppData\Local\Wondershare
2014-01-08 08:45:15    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2014-01-08 08:45:02    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\Wondershare
2014-01-08 08:45:02    --------    d-----w-    C:\Program Files (x86)\Wondershare
2014-01-08 08:43:26    --------    d-----w-    C:\Program Files (x86)\PassShow
2014-01-08 08:43:11    --------    d-----w-    C:\Program Files (x86)\outobox
2014-01-08 01:50:05    --------    d-----w-    C:\Program Files\CCleaner
2014-01-08 01:08:38    --------    d-----w-    C:\wamp
2014-01-08 00:01:59    --------    d-----w-    C:\xampp
2014-01-06 09:48:45    --------    d-----w-    C:\ProgramData\BrowserProtect
2014-01-06 09:48:45    --------    d-----w-    C:\ProgramData\Browser Manager
2014-01-06 09:48:45    --------    d-----w-    C:\ProgramData\BitGuard
2014-01-06 09:16:42    --------    d-----w-    C:\Users\Whanau\AppData\Local\AskPartnerNetwork
2014-01-06 09:13:54    --------    d-----w-    C:\Users\Whanau\AppData\Local\iLivid
2014-01-05 11:16:29    --------    d-----w-    C:\Users\Whanau\AppData\Local\iSkysoft
2014-01-05 11:16:24    --------    d-----w-    C:\Program Files\Common Files\iSkysoft
2014-01-05 11:14:39    --------    d-----w-    C:\ProgramData\Hotspot Shield
2014-01-05 11:14:31    --------    d-----w-    C:\ProgramData\iSkysoft iTube Studio
2014-01-05 11:14:27    --------    d-----w-    C:\ProgramData\iSkysoft Application Common Data
2014-01-05 11:14:26    --------    d-----w-    C:\Program Files (x86)\iSkysoft
2014-01-05 11:09:40    --------    d-----w-    C:\Program Files (x86)\Hotspot Shield
2014-01-05 11:09:34    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\Hotspot Shield
2014-01-05 11:08:59    --------    d-----w-    C:\ProgramData\AskPartnerNetwork
2014-01-05 11:08:38    --------    d-----w-    C:\Program Files (x86)\AskPartnerNetwork
2014-01-05 11:08:02    --------    d-----w-    C:\ProgramData\APN
2014-01-05 11:07:51    --------    d-----w-    C:\Program Files (x86)\GreenTree Applications
2014-01-05 10:47:16    141312    ----a-w-    C:\Windows\SysWow64\MSCMCFR.DLL
2014-01-05 10:47:16    119568    ----a-w-    C:\Windows\SysWow64\VB6FR.DLL
2014-01-05 10:47:16    101888    ----a-w-    C:\Windows\SysWow64\VB6STKIT.DLL
2014-01-05 10:47:12    32768    ----a-w-    C:\Windows\SysWow64\CMDLGFR.DLL
2014-01-05 10:47:11    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\TFP
2014-01-04 10:17:58    94208    ----a-r-    C:\Users\Whanau\AppData\Roaming\Microsoft\Installer\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}\python_icon.exe
2014-01-04 10:17:38    --------    d-----w-    C:\Python25
2014-01-04 09:19:54    --------    d-----w-    C:\Build
2013-12-18 01:21:46    --------    d-----w-    C:\Users\Whanau\AppData\Local\Labcenter Electronics
2013-12-18 01:16:20    --------    d-----w-    C:\ProgramData\Reprise
2013-12-17 23:40:47    54784    ----a-w-    C:\Windows\SysWow64\INETWH32.DLL
2013-12-17 23:40:47    1048576    ----a-w-    C:\Windows\SysWow64\ROBOEX32.DLL
2013-12-17 23:40:21    --------    d-----w-    C:\Program Files (x86)\Labcenter Electronics
2013-12-17 23:39:02    --------    d-----w-    C:\Program Files (x86)\Common Files\Labcenter Electronics
2013-12-17 22:57:24    --------    d-----w-    C:\Users\Whanau\AppData\Roaming\Microchip
2013-12-17 22:48:00    --------    d-----w-    C:\Program Files (x86)\Microchip
2013-12-17 22:44:17    --------    d-----w-    C:\ProgramData\Microchip
2013-12-17 22:44:17    --------    d-----w-    C:\etc
.
==================== Find3M  ====================
.
2013-12-18 07:47:05    84720    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-12-18 07:47:05    108440    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-12-10 20:02:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:02:16    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-04 22:48:59    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-14 09:46:30    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-11 08:00:25    21712    ----a-w-    C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2013-11-04 08:00:47    5301    ----a-w-    C:\pt.bat
2013-11-03 08:08:36    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-26 08:56:23    388608    ----a-w-    C:\Users\Whanau\HijackThis.exe
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 10:27:25.91 ===============
 

Attached Files

  • Attached File  dds.txt   30.78KB   1 downloads

Edited by Noviciate, 14 January 2014 - 05:18 PM.
Log added from attachment.


#4 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 14 January 2014 - 04:43 PM

The reason why I think there is a problem, is because I have received numerous unsolicited popups all browsers, firefox, IE affected, Opera is not...  I also notice this laptop is getting slower in terms of Internet access and performance of the computer, and I get windows messages and advertising advising there is a problem.



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:25 AM

Posted 14 January 2014 - 05:17 PM

Will you post the contents of Attach.txt please - copy and paste is fine rather than attaching it.


Edited by Noviciate, 14 January 2014 - 05:24 PM.
Can't spell :(.

So long, and thanks for all the fish.

 

 


#6 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 14 January 2014 - 07:08 PM

ATTACH Log,
With best wishes:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 21/09/2011 3:14:06 p.m.
System Uptime: 15/01/2014 8:46:06 a.m. (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 30DD
Processor: Intel® Core™2 Duo CPU     P8700  @ 2.53GHz | Intel® Genuine processor | 785/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 90.626 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 1.125 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Mobile Intel® 4 Series Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_30DD103C&REV_07\3&21436425&0&10
Manufacturer: Intel Corporation
Name: Mobile Intel® 4 Series Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_30DD103C&REV_07\3&21436425&0&10
Service: igfx
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Virtual Machine Monitor
Device ID: ROOT\LEGACY_VMM\0000
Manufacturer: 
Name: Virtual Machine Monitor
PNP Device ID: ROOT\LEGACY_VMM\0000
Service: vmm
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP338: 7/01/2014 8:26:56 p.m. - Removed PassIt4sure Questions and Answers for Microsoft MB2-868
RP339: 7/01/2014 8:28:07 p.m. - Removed Microsoft Web Platform Installer 4.5
RP340: 7/01/2014 8:30:26 p.m. - Removed Microsoft Web Deploy 3.0
RP341: 7/01/2014 8:31:45 p.m. - Removed Microsoft Web Developer Tools 2012.2.1 - Visual Studio Express 2012 for Web
RP342: 7/01/2014 8:39:06 p.m. - Removed Microsoft Visual Studio 2010 Shell (Isolated) - ENU
RP343: 7/01/2014 8:47:48 p.m. - Removed CoffeeCup Free FTP
RP344: 14/01/2014 8:54:08 a.m. - Windows Update
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: cltmngsvc.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
x64-IFEO: cltmngsvc.exe - tasklist.exe
x64-IFEO: delta babylon.exe - tasklist.exe
x64-IFEO: delta tb.exe - tasklist.exe
x64-IFEO: delta2.exe - tasklist.exe
x64-IFEO: deltainstaller.exe - tasklist.exe
x64-IFEO: deltasetup.exe - tasklist.exe
x64-IFEO: deltatb.exe - tasklist.exe
x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
x64-IFEO: iminentsetup.exe - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: rjatydimofu.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: sweetimsetup.exe - tasklist.exe
x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:25 AM

Posted 15 January 2014 - 02:57 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Scan and, once complete, click on report and let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 

 


So long, and thanks for all the fish.

 

 


#8 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 15 January 2014 - 05:59 PM

Hi thanks for your reply,

Enclosed please find the log:
I made an error of closing two programs just as the program started, hope this does not affect the results.

Log enclosed:

Bw,
Andreas
 
# AdwCleaner v3.017 - Report created 16/01/2014 at 11:51:49
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Whanau - WAIPAREIRA-PC
# Running from : C:\Users\Whanau\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : hsswd
Service Found : InboxAce_1gService
Service Found : Update outobox
Service Found : Util outobox
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Ask.xml
File Found : C:\Users\Whanau\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Whanau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\Extensions\firefox@outobox.net.xpi
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\Ask.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\ask-search.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\user.js
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Folder Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
Folder Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\Extensions\1gffxtbr@InboxAce_1g.com
Folder Found C:\Program Files (x86)\eSupport.com
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\hotspot shield
Folder Found C:\Program Files (x86)\InboxAce_1g
Folder Found C:\Program Files (x86)\outobox
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\ProgramData\hotspot shield
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found C:\Users\Whanau\AppData\Local\eSupport.com
Folder Found C:\Users\Whanau\AppData\Local\iLivid
Folder Found C:\Users\Whanau\AppData\Local\Temp\CT3225826
Folder Found C:\Users\Whanau\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Whanau\AppData\Roaming\hotspot shield
Folder Found C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\CT3225826
Folder Found C:\Users\WT.WAIPAREIRA-PC\AppData\LocalLow\AVG SafeGuard toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\hotspotshield
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKCU\Software\outobox
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\hotspotshield
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\outobox
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3775AFD7-5921-4571-968F-85A631203D1C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Key Found : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1EB0A0B0-CABB-495C-A85A-7C8F891799C7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Key Found : HKLM\Software\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Found : HKLM\Software\outobox
Key Found : HKLM\Software\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3775AFD7-5921-4571-968F-85A631203D1C}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [1gffxtbr@InboxAce_1g.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\ping\AppData\Roaming\Mozilla\Firefox\Profiles\7idq6dx0.default\prefs.js ]
 
 
[ File : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\prefs.js ]
 
Line Found : user_pref("CT3225826.FF19Solved", "true");
Line Found : user_pref("CT3225826.UserID", "UN22218831152788234");
Line Found : user_pref("CT3225826.fullUserID", "UN22218831152788234.IN.20131213133711");
Line Found : user_pref("CT3225826.installDate", "13/12/2013 13:37:14");
Line Found : user_pref("CT3225826.installSessionId", "-1");
Line Found : user_pref("CT3225826.installSp", "FALSE");
Line Found : user_pref("CT3225826.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3225826.searchRevert", "FALSE");
Line Found : user_pref("CT3225826.searchUninstallUserMode", "1");
Line Found : user_pref("CT3225826.searchUserMode", "1");
Line Found : user_pref("CT3225826.toolbarInstallDate", "13-12-2013 13:37:12");
Line Found : user_pref("CT3225826.versionFromInstaller", "10.22.3.18");
Line Found : user_pref("CT3225826.xpeMode", "0");
Line Found : user_pref("smartbar.machineId", "ZS3V3D4OXXB/QTJQ8BXTPP2LLJIVFA6CZOAIX7S0TK/RMVNY+LNOS+T1M4WBODXMNODATDD6U3MMUFZPRIAB6G");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [39542 octets] - [29/10/2013 13:18:36]
AdwCleaner[R1].txt - [39603 octets] - [29/10/2013 13:20:04]
AdwCleaner[R2].txt - [1055 octets] - [30/10/2013 20:30:06]
AdwCleaner[R3].txt - [11623 octets] - [16/01/2014 11:51:49]
AdwCleaner[S0].txt - [39890 octets] - [29/10/2013 13:20:43]
AdwCleaner[S1].txt - [1117 octets] - [30/10/2013 20:35:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [11805 octets] ##########


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:25 AM

Posted 16 January 2014 - 02:50 PM

Good evening. :)

Repeat the above and this time, once the scan has completed, click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

 

Will you also tell me how the PC is behaving now.


So long, and thanks for all the fish.

 

 


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:25 AM

Posted 21 January 2014 - 02:53 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users