Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Intermittent Pop-Ups Past Week - Stumped on Removal


  • This topic is locked This topic is locked
19 replies to this topic

#1 OldManMerton

OldManMerton

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 April 2014 - 12:02 AM

It's been years since I've had a virus or malware I couldn't shake on my own or with a little research, but this one seems really slippery.  It has infected both my and my wife's laptops. Whether that is because we share a wireless connection or because we've visited the same infected page, or some other possibility I do not know. Malwarebytes, Avast Anti-rootkit (both updated) found nothing, but TDSkiller and Trend-Micro Anti-Threat both turned up issues at separate instances under various names. I've been hammering at this for a week, and unfortunately I didn't keep very good logs of what I did because (foolishly, apparently) I thought for sure I could solve the issue myself no prob.

 

I reset Firefox (v. 28.0) as one site led me to check the troubleshooting information and there was indeed an unauthorized entry listed in the Important Modified Preferences (Conduit.exe and BackgroundContainer.exe if I remember correctly).

 

I've manually removed some suspect files in AppData and Registry.

 

It seems at least some of what I have done has slowed the pop-ups down. Day 1 it was fairly constant when I clicked links (sometimes even just clicking empty space or text boxes on a page), now it's 2 or 3 times a day I get a visible pop-up (Several other times a day I see a pop-up TRY to open but get killed, presumably by the pop-up stopper).  The visible popups cycle through about 4 ads, LinkBuck$, GREEFL, something with Cash in the name, and then another that errors out when it tries to display.

 

The following log is for my laptop. Won't double-dip. I'll take care of my wife's if I can figure mine out.

 

---

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.2.0
Run by Macabre Stalker at 23:28:24 on 2014-04-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.3178 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\MACABR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\14454553E68394932573 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\355707562796F627D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\35F6C6574796F6E637 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\B434055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-mStart Page = about:blank
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Macabre Stalker\AppData\Roaming\Mozilla\Firefox\Profiles\mvd1ln1t.default-1396540406509\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-21 98208]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-8-30 136576]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-11 701512]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-21 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-2-21 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-2-21 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-21 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-21 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-21 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-21 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-21 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-23 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-9 111616]
S3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-21 245792]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-27 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-3 1255736]
S4 c2cautoupdatesvc;Skype Click to Call Updater; [x]
.
=============== Created Last 30 ================
.
2014-04-10 04:27:32    --------    d-----w-    C:\Users\Macabre Stalker\AppData\Roaming\Roxio Log Files
2014-04-09 02:24:23    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08947A0D-C0BC-43D6-8C67-FE29A98C1566}\mpengine.dll
2014-04-08 08:36:22    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-04-08 08:36:22    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-04-08 08:36:19    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-04-08 08:36:19    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-04-08 08:36:19    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-04-08 08:36:19    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-04-08 08:36:11    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-04-08 08:36:11    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-08 08:36:04    67072    ----a-w-    C:\Windows\splwow64.exe
2014-04-08 08:36:04    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-04-08 08:26:15    234000    ----a-w-    C:\Windows\RegBootClean64.exe
2014-04-08 07:59:06    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-04-08 07:35:42    4139872    ----a-w-    C:\Program Files\TDSSKiller.exe
2014-04-04 03:28:04    --------    d-----w-    C:\Windows\Migration
2014-04-04 03:26:21    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-04-04 03:26:20    --------    d-----w-    C:\Windows\System32\Wat
2014-04-04 02:16:37    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-04-04 02:16:37    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-04-04 02:16:36    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-04-04 02:16:36    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-04-04 01:50:16    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-04-04 01:18:25    --------    d-----w-    C:\Windows\System32\MRT
2014-04-04 01:15:07    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-04-04 01:15:07    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-04-04 01:15:07    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-04-04 01:15:07    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-04-04 01:15:07    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-04-04 01:15:07    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-04-04 01:15:07    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-04-04 01:07:59    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-04 01:06:45    111448    ----a-w-    C:\Windows\System32\consent.exe
2014-04-04 01:06:44    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2014-04-04 01:06:19    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-04-04 01:06:17    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-04-04 01:06:10    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2014-04-04 01:06:10    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-04-04 01:06:08    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2014-04-04 01:06:08    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2014-04-04 01:06:08    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2014-04-04 01:06:08    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2014-04-04 01:06:01    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2014-04-04 01:06:00    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2014-04-04 01:04:52    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-04-04 01:03:10    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-04-04 01:03:10    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2014-04-04 01:03:10    144384    ----a-w-    C:\Windows\System32\cdd.dll
2014-04-04 01:03:09    956928    ----a-w-    C:\Windows\System32\localspl.dll
2014-04-04 01:03:09    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-04-04 01:00:47    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-04-04 01:00:46    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-04-04 01:00:46    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-04-04 01:00:46    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-04-04 01:00:46    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-04-04 00:46:46    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-04-04 00:39:03    --------    d-----w-    C:\Program Files\HitmanPro
2014-04-04 00:36:55    --------    d-----w-    C:\ProgramData\HitmanPro
2014-04-04 00:32:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-04 00:04:36    98816    ----a-w-    C:\Windows\sed.exe
2014-04-04 00:04:36    256000    ----a-w-    C:\Windows\PEV.exe
2014-04-04 00:04:36    208896    ----a-w-    C:\Windows\MBR.exe
2014-04-04 00:04:20    4566027    ------r-    C:\Program Files\ComboFix.exe
.
==================== Find3M  ====================
.
2014-04-04 01:41:44    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-12 11:59:11    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:59:11    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59:04    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 23:28:55.74 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 AM

Posted 15 April 2014 - 12:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530561 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 April 2014 - 04:27 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.2.0
Run by Macabre Stalker at 4:23:01 on 2014-04-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.2432 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\MACABR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\14454553E68394932573 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\355707562796F627D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\35F6C6574796F6E637 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\B434055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{617C8674-27F7-4651-8972-E6345E8F6372}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-mStart Page = about:blank
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Macabre Stalker\AppData\Roaming\Mozilla\Firefox\Profiles\mvd1ln1t.default-1396540406509\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-21 98208]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-8-30 136576]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-11 701512]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-21 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-2-21 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-2-21 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-21 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-21 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-21 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-21 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-21 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-23 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-9 111616]
S3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-21 245792]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-27 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-3 1255736]
S4 c2cautoupdatesvc;Skype Click to Call Updater; [x]
.
=============== Created Last 30 ================
.
2014-04-10 09:55:18    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08947A0D-C0BC-43D6-8C67-FE29A98C1566}\offreg.dll
2014-04-10 04:27:32    --------    d-----w-    C:\Users\Macabre Stalker\AppData\Roaming\Roxio Log Files
2014-04-09 02:24:23    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08947A0D-C0BC-43D6-8C67-FE29A98C1566}\mpengine.dll
2014-04-08 08:36:22    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-04-08 08:36:22    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-04-08 08:36:19    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-04-08 08:36:19    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-04-08 08:36:19    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-04-08 08:36:19    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-04-08 08:36:11    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-04-08 08:36:11    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-08 08:36:04    67072    ----a-w-    C:\Windows\splwow64.exe
2014-04-08 08:36:04    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-04-08 08:26:15    234000    ----a-w-    C:\Windows\RegBootClean64.exe
2014-04-08 07:59:06    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-04-08 07:35:42    4139872    ----a-w-    C:\Program Files\TDSSKiller.exe
2014-04-04 03:28:04    --------    d-----w-    C:\Windows\Migration
2014-04-04 03:26:21    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-04-04 03:26:20    --------    d-----w-    C:\Windows\System32\Wat
2014-04-04 02:16:37    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-04-04 02:16:37    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-04-04 02:16:36    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-04-04 02:16:36    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-04-04 01:50:16    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-04-04 01:18:25    --------    d-----w-    C:\Windows\System32\MRT
2014-04-04 01:15:07    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-04-04 01:15:07    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-04-04 01:15:07    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-04-04 01:15:07    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-04-04 01:15:07    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-04-04 01:15:07    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-04-04 01:15:07    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-04-04 01:07:59    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-04 01:06:45    111448    ----a-w-    C:\Windows\System32\consent.exe
2014-04-04 01:06:44    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2014-04-04 01:06:19    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-04-04 01:06:17    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-04-04 01:06:10    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2014-04-04 01:06:10    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-04-04 01:06:08    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2014-04-04 01:06:08    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2014-04-04 01:06:08    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2014-04-04 01:06:08    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2014-04-04 01:06:01    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2014-04-04 01:06:00    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2014-04-04 01:04:52    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-04-04 01:03:10    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-04-04 01:03:10    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2014-04-04 01:03:10    144384    ----a-w-    C:\Windows\System32\cdd.dll
2014-04-04 01:03:09    956928    ----a-w-    C:\Windows\System32\localspl.dll
2014-04-04 01:03:09    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-04-04 01:00:47    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-04-04 01:00:46    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-04-04 01:00:46    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-04-04 01:00:46    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-04-04 01:00:46    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-04-04 00:46:46    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-04-04 00:39:03    --------    d-----w-    C:\Program Files\HitmanPro
2014-04-04 00:36:55    --------    d-----w-    C:\ProgramData\HitmanPro
2014-04-04 00:32:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-04 00:04:36    98816    ----a-w-    C:\Windows\sed.exe
2014-04-04 00:04:36    256000    ----a-w-    C:\Windows\PEV.exe
2014-04-04 00:04:36    208896    ----a-w-    C:\Windows\MBR.exe
2014-04-04 00:04:20    4566027    ------r-    C:\Program Files\ComboFix.exe
.
==================== Find3M  ====================
.
2014-04-04 01:41:44    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-12 11:59:11    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:59:11    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59:04    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH:  4:23:38.07 ===============
 
 
I do have my Windows CD.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 15 April 2014 - 08:20 AM

Hello OldManMerton

Before we start doing to much lets set the routers DNS to point to Open DNS


https://store.opendns.com/setup/router/



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 April 2014 - 09:18 AM

OpenDNS set up and tested successfully.

DNS flushed. Firefox cache and history cleared as instructed (seemingly successfully, though it kept freezing up in the process.  Nothing remains in my history though.)



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 15 April 2014 - 08:30 PM



Hello OldManMerton

Still getting the popups?

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 April 2014 - 04:42 AM

# AdwCleaner v3.023 - Report created 16/04/2014 at 04:28:34
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Macabre Stalker - MACABRESTALKER
# Running from : C:\Users\Macabre Stalker\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Macabre Stalker\AppData\Roaming\Mozilla\Firefox\Profiles\mvd1ln1t.default-1396540406509\prefs.js ]


*************************

AdwCleaner[R0].txt - [3896 octets] - [16/04/2014 04:27:54]
AdwCleaner[S0].txt - [3818 octets] - [16/04/2014 04:28:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3878 octets] ##########
 

 

----------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Macabre Stalker on Wed 04/16/2014 at  4:31:45.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Macabre Stalker\appdata\locallow\utorrentbar"



~~~ FireFox

Emptied folder: C:\Users\Macabre Stalker\AppData\Roaming\mozilla\firefox\profiles\mvd1ln1t.default-1396540406509\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at  4:38:15.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Certainly seems to have deleted a notable amount of junk.  Might be awhile before I know if I'm having any issues as I'm heading to bed now, and the popups were infrequent as is.  But I'll try test it out today, see if I can hit up all my sites without any popups.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 16 April 2014 - 06:03 AM


Hello OldManMerton

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 April 2014 - 03:57 PM

I accidentally ran an older combofix I had, thinking I'd replaced it when I hadn't :-/

 

So I'll include both scan logs from the older and newer version.  The old version's log is huge in comparison, will need a couple posts. Not sure if the new version is shorter because the old one did all the work,or if it's just a tidier scan.



#10 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 April 2014 - 04:07 PM

Ok the old version combofix log is simply massive. even breaking it into 3 wouldn't let me post it.

 

Here's the new version's log:

 

ComboFix 14-04-12.01 - Macabre Stalker 04/16/2014  12:31:13.8.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.4385 [GMT -5:00]
Running from: c:\users\Macabre Stalker\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-16 to 2014-04-16  )))))))))))))))))))))))))))))))
.
.
2014-04-16 17:36 . 2014-04-16 17:36    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-04-16 17:36 . 2014-04-16 17:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-16 09:31 . 2014-04-16 09:31    --------    d-----w-    c:\windows\ERUNT
2014-04-16 09:27 . 2014-04-16 09:28    --------    d-----w-    C:\AdwCleaner
2014-04-10 04:27 . 2014-04-10 04:27    --------    d-----w-    c:\users\Macabre Stalker\AppData\Roaming\Roxio Log Files
2014-04-09 08:14 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2014-04-09 02:24 . 2014-03-17 15:16    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08947A0D-C0BC-43D6-8C67-FE29A98C1566}\mpengine.dll
2014-04-08 08:36 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2014-04-08 08:36 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-04-08 08:36 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-04-08 08:36 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-04-08 08:36 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-04-08 08:36 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-04-08 08:36 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-04-08 08:36 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-04-08 08:36 . 2012-02-11 06:36    559104    ----a-w-    c:\windows\system32\spoolsv.exe
2014-04-08 08:36 . 2012-02-11 06:36    67072    ----a-w-    c:\windows\splwow64.exe
2014-04-08 08:26 . 2014-04-08 08:26    234000    ----a-w-    c:\windows\RegBootClean64.exe
2014-04-08 07:59 . 2014-04-08 07:59    173504    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-04-08 07:35 . 2014-04-07 20:40    4139872    ----a-w-    c:\program files\TDSSKiller.exe
2014-04-04 03:28 . 2014-04-04 03:28    --------    d-----w-    c:\windows\Migration
2014-04-04 03:26 . 2014-04-04 03:26    --------    d-----w-    c:\windows\SysWow64\Wat
2014-04-04 03:26 . 2014-04-04 03:26    --------    d-----w-    c:\windows\system32\Wat
2014-04-04 02:16 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-04-04 02:16 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-04 02:16 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2014-04-04 02:16 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2014-04-04 02:16 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2014-04-04 01:50 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-04-04 01:18 . 2014-04-09 08:04    --------    d-----w-    c:\windows\system32\MRT
2014-04-04 01:15 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-04-04 01:15 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-04-04 01:15 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-04-04 01:15 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-04-04 01:15 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-04-04 01:15 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-04-04 01:15 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-04-04 01:07 . 2013-09-25 02:26    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-04 01:06 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2014-04-04 01:06 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2014-04-04 01:06 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-04-04 01:06 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-04-04 01:06 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2014-04-04 01:06 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-04-04 01:06 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2014-04-04 01:06 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2014-04-04 01:06 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-04-04 01:06 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2014-04-04 01:06 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2014-04-04 01:06 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2014-04-04 01:04 . 2013-07-04 12:57    259584    ----a-w-    c:\windows\system32\WebClnt.dll
2014-04-04 01:03 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-04-04 01:03 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-04-04 01:03 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2014-04-04 01:03 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2014-04-04 01:03 . 2012-05-14 05:26    956928    ----a-w-    c:\windows\system32\localspl.dll
2014-04-04 01:00 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-04-04 01:00 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2014-04-04 01:00 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-04-04 01:00 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2014-04-04 01:00 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2014-04-04 00:46 . 2014-04-04 00:46    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-04-04 00:39 . 2014-04-04 00:39    --------    d-----w-    c:\program files\HitmanPro
2014-04-04 00:36 . 2014-04-04 00:47    --------    d-----w-    c:\programdata\HitmanPro
2014-04-04 00:04 . 2012-06-30 03:53    4566027    ------r-    c:\program files\ComboFix.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 08:01 . 2012-06-27 20:46    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-12 11:59 . 2012-04-27 08:52    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59 . 2011-10-17 01:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:59 . 2014-02-21 11:59    5777288    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:17 . 2014-04-09 02:25    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2013-08-30 241280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Macabre Stalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2011-11-23 118784]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmmdm.sys [x]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmser.sys [x]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmser2.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:59]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 17:58]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 17:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Macabre Stalker\AppData\Roaming\Mozilla\Firefox\Profiles\mvd1ln1t.default-1396540406509\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\c2cautoupdatesvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
Completion time: 2014-04-16  12:37:29
ComboFix-quarantined-files.txt  2014-04-16 17:37
ComboFix2.txt  2014-04-16 13:31
ComboFix3.txt  2014-04-04 00:12
ComboFix4.txt  2014-04-03 01:39
ComboFix5.txt  2014-04-16 17:30
.
Pre-Run: 482,559,614,976 bytes free
Post-Run: 482,491,875,328 bytes free
.
- - End Of File - - 776E174C23B623A90185A590D004BA5C
 

 

------------------------------------------

 

The only mentioned "deletion" from that first run was the following:

 

c:\users\Macabre Stalker\AppData\Roaming\Microsoft\Windows\Cookies\container.dat


Apologies for the initial screwup. Hope it didn't hinder your analysis too greatly.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 16 April 2014 - 05:34 PM


Hello OldManMerton

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2014 - 05:19 AM

ComboFix 14-04-12.01 - Macabre Stalker 04/17/2014   5:08.9.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.3998 [GMT -5:00]
Running from: c:\users\Macabre Stalker\Desktop\ComboFix.exe
Command switches used :: c:\users\Macabre Stalker\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-17 to 2014-04-17  )))))))))))))))))))))))))))))))
.
.
2014-04-17 10:15 . 2014-04-17 10:15    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-04-17 10:15 . 2014-04-17 10:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-16 09:31 . 2014-04-16 09:31    --------    d-----w-    c:\windows\ERUNT
2014-04-16 09:27 . 2014-04-16 09:28    --------    d-----w-    C:\AdwCleaner
2014-04-10 04:27 . 2014-04-10 04:27    --------    d-----w-    c:\users\Macabre Stalker\AppData\Roaming\Roxio Log Files
2014-04-09 08:14 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2014-04-09 02:24 . 2014-03-17 15:16    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08947A0D-C0BC-43D6-8C67-FE29A98C1566}\mpengine.dll
2014-04-08 08:36 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2014-04-08 08:36 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-04-08 08:36 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-04-08 08:36 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-04-08 08:36 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-04-08 08:36 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-04-08 08:36 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-04-08 08:36 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-04-08 08:36 . 2012-02-11 06:36    559104    ----a-w-    c:\windows\system32\spoolsv.exe
2014-04-08 08:36 . 2012-02-11 06:36    67072    ----a-w-    c:\windows\splwow64.exe
2014-04-08 08:26 . 2014-04-08 08:26    234000    ----a-w-    c:\windows\RegBootClean64.exe
2014-04-08 07:59 . 2014-04-08 07:59    173504    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-04-08 07:35 . 2014-04-07 20:40    4139872    ----a-w-    c:\program files\TDSSKiller.exe
2014-04-04 03:28 . 2014-04-04 03:28    --------    d-----w-    c:\windows\Migration
2014-04-04 03:26 . 2014-04-04 03:26    --------    d-----w-    c:\windows\SysWow64\Wat
2014-04-04 03:26 . 2014-04-04 03:26    --------    d-----w-    c:\windows\system32\Wat
2014-04-04 02:16 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-04-04 02:16 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-04 02:16 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2014-04-04 02:16 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2014-04-04 02:16 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2014-04-04 01:50 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-04-04 01:18 . 2014-04-09 08:04    --------    d-----w-    c:\windows\system32\MRT
2014-04-04 01:15 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-04-04 01:15 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-04-04 01:15 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-04-04 01:15 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-04-04 01:15 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-04-04 01:15 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-04-04 01:15 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-04-04 01:07 . 2013-09-25 02:26    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-04 01:06 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2014-04-04 01:06 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2014-04-04 01:06 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-04-04 01:06 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-04-04 01:06 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2014-04-04 01:06 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-04-04 01:06 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2014-04-04 01:06 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2014-04-04 01:06 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-04-04 01:06 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2014-04-04 01:06 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2014-04-04 01:06 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2014-04-04 01:04 . 2013-07-04 12:57    259584    ----a-w-    c:\windows\system32\WebClnt.dll
2014-04-04 01:03 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-04-04 01:03 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-04-04 01:03 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2014-04-04 01:03 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2014-04-04 01:03 . 2012-05-14 05:26    956928    ----a-w-    c:\windows\system32\localspl.dll
2014-04-04 01:00 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-04-04 01:00 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2014-04-04 01:00 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-04-04 01:00 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2014-04-04 01:00 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2014-04-04 00:46 . 2014-04-04 00:46    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-04-04 00:39 . 2014-04-04 00:39    --------    d-----w-    c:\program files\HitmanPro
2014-04-04 00:36 . 2014-04-04 00:47    --------    d-----w-    c:\programdata\HitmanPro
2014-04-04 00:04 . 2012-06-30 03:53    4566027    ------r-    c:\program files\ComboFix.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 08:01 . 2012-06-27 20:46    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-12 11:59 . 2012-04-27 08:52    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59 . 2011-10-17 01:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:59 . 2014-02-21 11:59    5777288    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:17 . 2014-04-09 02:25    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    94208    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2013-08-30 241280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Macabre Stalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2011-11-23 118784]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmmdm.sys [x]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmser.sys [x]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwvmser2.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:59]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 17:58]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 17:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17    97792    ----a-w-    c:\users\Macabre Stalker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Macabre Stalker\AppData\Roaming\Mozilla\Firefox\Profiles\mvd1ln1t.default-1396540406509\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\c2cautoupdatesvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
Completion time: 2014-04-17  05:17:23
ComboFix-quarantined-files.txt  2014-04-17 10:17
ComboFix2.txt  2014-04-16 17:37
ComboFix3.txt  2014-04-16 13:31
ComboFix4.txt  2014-04-04 00:12
ComboFix5.txt  2014-04-17 10:06
.
Pre-Run: 482,320,158,720 bytes free
Post-Run: 482,259,345,408 bytes free
.
- - End Of File - - 1664B664FCF6F87981EB13299FD9E47A
 

-----------------------------------------------------

 

No pop-ups at all today. Tentatively optimistic.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 17 April 2014 - 08:36 AM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • µTorrent
      Java™ 6 Update 22
      Java™ 6 Update 26
      Java™ 7 Update 2


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 OldManMerton

OldManMerton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2014 - 11:15 AM

Programs removed (Java 7 had hundreds of keys to remove...sheesh.  One of the others errored, but still let me remove keyes). Java re-installed.  Mbam found 0 issues.

 

Here's the Hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:15 AM, on 4/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Macabre Stalker\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12092 bytes
 


Oh and so far computer is still without pop-ups.  woo.


Edited by OldManMerton, 17 April 2014 - 03:57 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:48 AM

Posted 18 April 2014 - 06:32 AM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
      O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
      O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users