Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nation Zoom


  • This topic is locked This topic is locked
25 replies to this topic

#1 keithy

keithy

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 18 March 2014 - 04:10 AM

This is now my home page no matter what I do, on Opera, Firefox and Explorer. How can I remove it? I have noticed when streaming video, after a few minute it slows down and becomes jerky? Is this connected? any Help would be appreciated!

BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 18 March 2014 - 08:28 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 18 March 2014 - 05:28 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Keiths at 2014-03-18 23:25:36 Running from C:\Users\Keiths\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Any Video Converter 2.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo WinOptimizer Free v.1.0.0 (HKLM-x32\...\Ashampoo WinOptimizer Free_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata) Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform) DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.) Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation) Free Sound Recorder 2010 v9.2.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright© 2005-2010 FreeSoundRecorder Technologies, Inc.) Garmin BaseCamp (HKLM-x32\...\{AC816FE8-3022-404F-8BE4-A07B5586F4E3}) (Version: 4.2.4 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe (Unicode) NT 2014.20 Update (HKLM-x32\...\{2C6FD5F6-FF8C-4956-A064-8EAD647F13B0}) (Version: 17.20.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe (Unicode) NT 2014.30 Update (HKLM-x32\...\{B68ACA3B-142D-45A0-8EDA-015493E571DF}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard) HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Internet Explorer Toolbar 4.9 by SweetPacks (HKLM-x32\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Codec Pack 8.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - ) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.14.20140117 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}) (Version: 1.2.0238 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.) Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation) Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) ThreatFire (HKLM-x32\...\3554AA4B-9B0B-451a-A269-2B5F53982209_is1) (Version: - PC Tools) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 16-03-2014 11:14:52 Windows Update 18-03-2014 06:55:56 Windows Update 18-03-2014 11:00:11 Installed Microsoft Games for Windows - LIVE Redistributable 18-03-2014 11:02:38 Installed Kane and Lynch: Dead Men. ==================== Hosts content: ========================== 2013-12-22 00:29 - 2013-12-22 11:37 - 00000718 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {44758867-A74A-47F6-B8FD-3057CB4DBBCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {44A241EB-4763-45C4-8402-2F5B97CDC863} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {4C2BF6BD-5ABB-487F-ACE0-1A0BDF92B644} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: {4EA44952-4B1A-471D-BA4A-8130204ACDAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.) Task: {5FA9B469-272C-4203-866F-D556D7AEA0BD} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION Task: {644446EC-2BC5-4EC9-B856-BAFEB2FC41FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {6F6F6E31-FDF8-4845-BA99-905C74F2DE36} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3585191797-1740811797-4205998175-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7A23DA5C-BC6D-4105-AF8E-AA9979D5FB74} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {A44642D3-661A-442E-A07B-1C3E09E47CC1} - System32\Tasks\{064A23FB-88FA-4766-ACAA-718A8C34C54F} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation) Task: {AFA67F61-C4B2-4480-B75E-7FF9DF3E466B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3585191797-1740811797-4205998175-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B840994F-E48F-42CF-AB93-12EFD336CD15} - System32\Tasks\EPUpdater => C:\Users\Keiths\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: {BD5D8B86-C3E1-420E-9633-C356FBCF7345} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {C5D5AC87-24B7-4DDE-BC39-67345460BB4B} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.) Task: {DBBD0E09-A394-4582-9F71-D48453F04C62} - System32\Tasks\{96722DE6-869E-417C-A8D5-DA950090B7A9} => C:\Users\Keiths\Desktop\Iphone stuff\tinyumbrella-6.10.02a.exe [2013-10-06] () Task: {E5CF9E71-FD41-4192-9203-7C0E5A3211AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-23 16:24 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-16 06:16 - 2014-02-16 06:16 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Password.lnk => C:\Windows\pss\Password.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Keiths^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3070 B611 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3070 B611 series.lnk.Startup MSCONFIG\startupfolder: C:^Users^Keiths^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesPreload => "C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/18/2014 08:03:28 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/18/2014 08:03:17 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 08:03:16 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 08:03:16 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 08:03:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 08:03:10 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 08:03:10 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 03:14:48 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/18/2014 03:13:55 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (03/18/2014 00:34:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/18/2014 08:03:03 PM) (Source: Service Control Manager) (User: ) Description: The BrowserDefendert service failed to start due to the following error: %%2 Error: (03/18/2014 00:34:17 PM) (Source: Service Control Manager) (User: ) Description: The BrowserDefendert service failed to start due to the following error: %%2 Error: (03/18/2014 00:28:47 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:26:42 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:25:59 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:25:16 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:21:45 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:19:41 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:18:54 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (03/18/2014 00:18:16 PM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Microsoft Office Sessions: ========================= Error: (03/11/2014 01:14:53 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 256 seconds with 240 seconds of active time. This session ended with a crash. Error: (01/10/2014 07:50:12 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 217 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/10/2014 07:46:18 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1995 seconds with 600 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 4095.29 MB Available physical RAM: 2196.53 MB Total Pagefile: 8188.76 MB Available Pagefile: 6141.46 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:83.01 GB) (Free:14.4 GB) NTFS Drive d: (Data) (Fixed) (Total:726.32 GB) (Free:670.95 GB) NTFS Drive e: (Extra) (Fixed) (Total:585.94 GB) (Free:235.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: C8549068) Partition: GPT Partition Type. ==================== End Of Log ============================

#4 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 18 March 2014 - 05:35 PM

Attached the files you asked for

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 19 March 2014 - 03:33 AM

Going over your logs I noticed that you have µTorrent
installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent
, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

VIS
Internet Explorer Toolbar 4.9 by SweetPacks


Close the window.

 

 

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    Task: {5FA9B469-272C-4203-866F-D556D7AEA0BD} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
    Task: {7A23DA5C-BC6D-4105-AF8E-AA9979D5FB74} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
    Task: {BD5D8B86-C3E1-420E-9633-C356FBCF7345} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
    Task: {B840994F-E48F-42CF-AB93-12EFD336CD15} - System32\Tasks\EPUpdater => C:\Users\Keiths\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=&mi=04f51c3e000000000000485b39f70d47&toi=16084
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E&q={searchTerms}
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1387658043&from=amt&uid=395049983_1052483_04F51C3E&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA2DAAAAA-8F29-4EB1-9A75-7C91DCB366C2&q={searchTerms}
    SearchScopes: HKCU - {84DE5A20-36BA-4C6E-810D-B82C8ACDA646} URL = http://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=04f51c3e000000000000485b39f70d47&toi=16084&r=739
    Toolbar: HKLM-x32 - No Name - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
    FF DefaultSearchEngine: Search the web (Softonic)
    FF SelectedSearchEngine: Search the web (Softonic)
    FF SearchPlugin: C:\Users\Keiths\AppData\Roaming\Mozilla\Firefox\Profiles\70sll9sh.default\searchplugins\ask-search.xml
    FF SearchPlugin: C:\Users\Keiths\AppData\Roaming\Mozilla\Firefox\Profiles\70sll9sh.default\searchplugins\softonic.xml
    FF Extension: vis - C:\Users\Keiths\AppData\Roaming\Mozilla\Firefox\Profiles\70sll9sh.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-14]
    FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
    FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\126.xpi
    CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Keiths\AppData\Roaming\7go\7go.crx [2014-02-05]
    
    S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
    
    C:\Program Files\Updater By Sweetpacks
    C:\Program Files (x86)\PC Performer
    C:\Program Files (x86)\GoforFiles
    C:\Program Files (x86)\Desk 365
    C:\Users\Keiths\AppData\Roaming\BABSOL~1
    C:\PROGRA~2\SearchProtect
    C:\Program Files (x86)\LyriXeeker
    C:\Users\Keiths\AppData\Roaming\7go
    C:\ProgramData\BrowserDefender
    C:\Users\Keiths\AppData\Local\Conduit
    C:\ProgramData\Conduit
    C:\Program Files (x86)\Mobogenie
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 20 March 2014 - 04:29 PM

Thanks again. I cannot uninstall "Sweetpacks" it can't find it?? "The feature you are trying to use is on a network resource that is unavailible" shall I continue with the rest of the cleaning?

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 20 March 2014 - 04:45 PM

Yes, ignore that and proceed.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 24 March 2014 - 06:02 AM

I 'copied' and 'pasted' as you instructed, then saved the notepad file as (replaced) FRST64.exe. I now get the following: "The version of this file is not compatible with the version of windows you're running. Check your computor's system information to see wether you need an x86 (32-bit) or x64 (64.bit) version of the program, and then contact the software publisher." Have I done something wrong?

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 24 March 2014 - 10:46 AM

No, you should save the file from notepad as fixlist.txt to the same location where FRST (or FRST64.exe) is saved to.

 

Delete the replaced FRST and download a new one to your desktop.

Then download the fixlist.txt attached to my reply and save it to your desktop as well.

 

When finished, run FRST and hit Fix.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 25 March 2014 - 03:25 AM

Sorry for the mistake. Here are both the logs.

Attached Files



#11 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 25 March 2014 - 03:27 AM

Really! this time!

Attached Files



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 25 March 2014 - 09:27 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 26 March 2014 - 02:18 PM

completed!

Attached Files



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 27 March 2014 - 03:53 AM

 

C:\Windows\Installer\MSIFF97.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
D:\not installed programs\avc-free.exe    Win32/OpenCandy potentially unsafe application
D:\not installed programs\FoxitReader611.1031_enu_Setup.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

These files aren´t malware but contain security risks.I would delete them immediately - your choice.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 keithy

keithy
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:21 AM

Posted 27 March 2014 - 02:38 PM

The adwCleaner stopped working (not responding) when I pressed clean, so did windows




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users