Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware problems cropping up


  • Please log in to reply
7 replies to this topic

#1 downtime

downtime

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 21 April 2014 - 01:53 PM

Hi. A year ago we removed some very nasty malware that was preventing my computer from doing anything. Although my computer has since been fully functional, i know there is still malware in there that is effecting it in minor ways, and this week, it has suddenly gotten worse, (my internet is extrewmely slow, and as of today, embedded videos on facebook play but on youtube they do not even appear).  I also suspect I know where it came from. I had downloaded a program called "Freecorder". Even though I uninstalled it, no matter how many times I delete the folder, it always reappears.

Also, even though I have uninstalled and reinstalled and updated Malwarebytes several times, I am only able to run a quick scan - if I try to run a full scan, Malwarebytes will crash. (One of the original problems I had last year was that the malware was preventing any executable programs from running, including Malwarebytes - even when changing the name of the file from mbam.exe to mbam.com and such). I have posted the DDS log below, perhaps you can help me remove this malware permanently!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.7.2
Run by pc at 14:35:26 on 2014-04-21
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3069.1554 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AdobeBridge]
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3437F26-3BBB-4A63-9BB6-054D853FD040} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64:     Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-8-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-7 257928]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\smhwadb.sys --> C:\Windows\system32\Drivers\smhwadb.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-8-10 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 119408]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);C:\Windows\system32\DRIVERS\smhwdev.sys --> C:\Windows\system32\DRIVERS\smhwdev.sys [?]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);C:\Windows\system32\DRIVERS\smhwser.sys --> C:\Windows\system32\DRIVERS\smhwser.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2014-03-31 19:40:40    --------    d-----w-    C:\ProgramData\Applications
.
==================== Find3M  ====================
.
2014-03-12 01:20:14    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 01:20:14    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 14:37:08.07 ===============


 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 26 April 2014 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 downtime

downtime
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 29 April 2014 - 03:32 PM

Hi, thanks for replying. Here are the logs:

--------------------------------------------------

 

# AdwCleaner v3.202 - Report created 24/04/2014 at 10:56:26
# Updated 23/04/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : pc - PC-PC
# Running from : C:\Users\pc\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\adawaretb
[!] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\Complitly
[!] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\pc\AppData\Local\OpenCandy
[!] Folder Deleted : C:\Users\pc\AppData\Local\Temp\AskSearch
[!] Folder Deleted : C:\Users\pc\AppData\LocalLow\adawaretb
[!] Folder Deleted : C:\Users\pc\AppData\LocalLow\AVG Secure Search
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\Complitly
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\adawaretb
[!] Folder Deleted : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
File Deleted : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dlfienamagdnkekbbbocojppncdambda

*************************

AdwCleaner[R0].txt - [5026 octets] - [24/04/2014 10:52:40]
AdwCleaner[S0].txt - [4796 octets] - [24/04/2014 10:56:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4856 octets] ##########
 

--------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by pc (administrator) on PC-PC on 29-04-2014 16:26:18
Running from C:\Users\pc\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
( ) C:\Windows\system32\dlcxcoms.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [dlcxmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll [31744 2006-10-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [273528 2011-10-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1826496 2014-04-21] (Valve Corporation)
HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\MountPoints2: {b4ccb6db-97e9-11e0-867b-001ec92f2142} - E:\PcOptions.exe
HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\MountPoints2: {c21a9feb-83fd-11e0-8a42-001ec92f2142} - E:\PcOptions.exe
HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\MountPoints2: {c21a9ff9-83fd-11e0-8a42-001ec92f2142} - E:\PcOptions.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80BBA05BEABFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\searchplugins\duckduckgo.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\donottrackplus@abine.com [2014-04-24]
FF Extension: Lavasoft Search Plugin - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-05-22]
FF Extension: Ad-Aware Security Add-on - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-05-22]
FF Extension: Block site - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-10]
FF Extension: DuckDuckGo Plus - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-12]
FF Extension: Adblock Plus - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-03]
FF Extension: BetterPrivacy - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-12]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"]},"sync_promo":{"show_on_first_run_allowed":false},"translate_blocked_languages":["en"],"translate_whitelists"
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-11-23]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-27]

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )
R2 dlcx_device; C:\Windows\SysWOW64\dlcxcoms.exe [532480 2006-10-11] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8919 2010-10-26] ()
S2 rslinx; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: rslinx -> No ServiceDLL Path.
NETSVC: npptnt2 -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

2014-04-29 16:26 - 2014-04-29 16:26 - 00015999 _____ () C:\Users\pc\Downloads\FRST.txt
2014-04-29 16:26 - 2014-04-29 16:26 - 00000000 ____D () C:\FRST
2014-04-29 16:23 - 2014-04-29 16:24 - 02061824 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-24 10:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 10:52 - 2014-04-24 10:56 - 00000000 ____D () C:\AdwCleaner
2014-04-24 10:03 - 2014-04-24 10:03 - 01365865 _____ () C:\Users\pc\Downloads\AdwCleaner(1).exe
2014-04-21 17:32 - 2014-04-26 17:32 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-21 17:32 - 2014-04-21 17:32 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-21 17:28 - 2014-04-21 17:28 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-21 17:28 - 2014-04-21 17:28 - 00001257 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-21 17:27 - 2014-04-21 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 14:42 - 2014-04-21 14:42 - 00005207 _____ () C:\Users\pc\Documents\Attach.txt
2014-04-21 14:41 - 2014-04-21 14:41 - 00013549 _____ () C:\Users\pc\Documents\DDS.txt
2014-04-03 12:25 - 2014-04-03 12:25 - 03967674 _____ () C:\Users\pc\Downloads\candyball 11 larger logo.psd
2014-03-31 15:41 - 2014-03-31 15:41 - 00889416 _____ (Microsoft Corporation) C:\Users\pc\Downloads\dotNetFx40_Full_setup.exe
2014-03-31 15:40 - 2014-03-31 15:40 - 00000000 ____D () C:\ProgramData\Applications
2014-03-31 15:39 - 2014-03-31 15:39 - 06745792 _____ (Microsoft Corporation) C:\Users\pc\Downloads\WindowsPhone.exe

==================== One Month Modified Files and Folders =======

2014-04-29 16:26 - 2014-04-29 16:26 - 00015999 _____ () C:\Users\pc\Downloads\FRST.txt
2014-04-29 16:26 - 2014-04-29 16:26 - 00000000 ____D () C:\FRST
2014-04-29 16:24 - 2014-04-29 16:23 - 02061824 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2014-04-29 16:20 - 2012-06-29 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 16:12 - 2013-08-10 18:53 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 16:07 - 2009-07-14 00:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 16:07 - 2009-07-14 00:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 13:37 - 2010-08-18 13:20 - 01739081 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 12:29 - 2009-07-14 00:51 - 00108479 _____ () C:\Windows\setupact.log
2014-04-29 11:14 - 2014-03-29 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 11:06 - 2012-02-23 11:19 - 00002000 _____ () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-TRADE Pro.lnk
2014-04-29 11:06 - 2012-02-23 11:19 - 00000000 ____D () C:\Users\pc\etpro
2014-04-29 09:24 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 09:21 - 2013-07-12 03:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-29 09:19 - 2014-03-26 15:54 - 00000364 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_pc.job
2014-04-29 09:19 - 2014-03-26 15:54 - 00000358 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_pc.job
2014-04-29 09:19 - 2013-08-10 18:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 09:19 - 2012-05-22 22:38 - 00001828 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-29 09:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 02:00 - 2010-08-20 12:56 - 00000000 ____D () C:\Users\pc\AppData\Local\Adobe
2014-04-28 23:19 - 2014-03-26 15:54 - 00002936 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_pc
2014-04-28 23:19 - 2014-03-26 15:54 - 00002932 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_pc
2014-04-28 23:19 - 2014-03-26 15:54 - 00000354 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_pc.job
2014-04-28 00:10 - 2010-10-27 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-27 14:11 - 2010-08-19 10:30 - 00000000 ___RD () C:\Users\pc\Desktop\unsort
2014-04-26 19:17 - 2013-08-10 18:53 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-26 17:32 - 2014-04-21 17:32 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-26 17:32 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 10:56 - 2014-04-24 10:52 - 00000000 ____D () C:\AdwCleaner
2014-04-24 10:03 - 2014-04-24 10:03 - 01365865 _____ () C:\Users\pc\Downloads\AdwCleaner(1).exe
2014-04-23 14:01 - 2010-08-20 11:39 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Adobe
2014-04-22 09:13 - 2012-02-23 11:19 - 00000000 ____D () C:\data
2014-04-21 17:32 - 2014-04-21 17:32 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-21 17:32 - 2012-06-29 09:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-21 17:32 - 2012-06-07 17:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-21 17:32 - 2011-06-08 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 17:28 - 2014-04-21 17:28 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-21 17:28 - 2014-04-21 17:28 - 00001257 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-21 17:28 - 2014-04-21 17:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 17:26 - 2010-08-20 12:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-21 14:42 - 2014-04-21 14:42 - 00005207 _____ () C:\Users\pc\Documents\Attach.txt
2014-04-21 14:41 - 2014-04-21 14:41 - 00013549 _____ () C:\Users\pc\Documents\DDS.txt
2014-04-10 21:40 - 2010-09-15 15:25 - 00000000 ____D () C:\Program Files\Dl_cats
2014-04-03 12:25 - 2014-04-03 12:25 - 03967674 _____ () C:\Users\pc\Downloads\candyball 11 larger logo.psd
2014-04-02 22:39 - 2012-04-25 04:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 15:41 - 2014-03-31 15:41 - 00889416 _____ (Microsoft Corporation) C:\Users\pc\Downloads\dotNetFx40_Full_setup.exe
2014-03-31 15:40 - 2014-03-31 15:40 - 00000000 ____D () C:\ProgramData\Applications
2014-03-31 15:39 - 2014-03-31 15:39 - 06745792 _____ (Microsoft Corporation) C:\Users\pc\Downloads\WindowsPhone.exe

Files to move or delete:
====================
C:\ProgramData\GYRiSn2cw.dat


Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\aae.exe
C:\Users\pc\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\pc\AppData\Local\Temp\incredibar_installer.exe
C:\Users\pc\AppData\Local\Temp\lowproc.exe
C:\Users\pc\AppData\Local\Temp\Quarantine.exe
C:\Users\pc\AppData\Local\Temp\rnsetup0.exe
C:\Users\pc\AppData\Local\Temp\stubhelper.dll
C:\Users\pc\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2014-04-29 01:12

==================== End Of Log ============================



#4 downtime

downtime
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 29 April 2014 - 03:35 PM

..

Attached Files


Edited by downtime, 29 April 2014 - 03:36 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 30 April 2014 - 08:09 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\Run: [AdobeBridge] => [X]
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\searchplugins\duckduckgo.xml
FF Extension: Lavasoft Search Plugin - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-05-22]
FF Extension: Ad-Aware Security Add-on - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-05-22]
FF Extension: Block site - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-10]
FF Extension: DuckDuckGo Plus - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-12]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\pc\Local Settings:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local\Application Data:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local\Temp:xbmqIKxuPuxbgHkCUnMXoW1Gr
C:\ProgramData\GYRiSn2cw.dat
C:\Users\pc\AppData\Local\Temp\aae.exe
C:\Users\pc\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\pc\AppData\Local\Temp\incredibar_installer.exe
C:\Users\pc\AppData\Local\Temp\lowproc.exe
C:\Users\pc\AppData\Local\Temp\rnsetup0.exe
C:\Users\pc\AppData\Local\Temp\stubhelper.dll
C:\Users\pc\AppData\Local\Temp\uninst.exe

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know of any remaining issues with this computer.

#6 downtime

downtime
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 02 May 2014 - 12:46 AM

Okay. So did you notice anything in these logs that looked suspicious?

 

----------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by pc at 2014-05-02 01:44:27 Run:1
Running from C:\Users\pc\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKU\S-1-5-21-4211459122-205256033-2055600050-1000\...\Run: [AdobeBridge] => [X]
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\searchplugins\duckduckgo.xml
FF Extension: Lavasoft Search Plugin - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-05-22]
FF Extension: Ad-Aware Security Add-on - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-05-22]
FF Extension: Block site - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-10]
FF Extension: DuckDuckGo Plus - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-12]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\pc\Local Settings:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local\Application Data:XOwSoaC2EKNJRm8sI8N
AlternateDataStreams: C:\Users\pc\AppData\Local\Temp:xbmqIKxuPuxbgHkCUnMXoW1Gr
C:\ProgramData\GYRiSn2cw.dat
C:\Users\pc\AppData\Local\Temp\aae.exe
C:\Users\pc\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\pc\AppData\Local\Temp\incredibar_installer.exe
C:\Users\pc\AppData\Local\Temp\lowproc.exe
C:\Users\pc\AppData\Local\Temp\rnsetup0.exe
C:\Users\pc\AppData\Local\Temp\stubhelper.dll
C:\Users\pc\AppData\Local\Temp\uninst.exe

End
*****************

HKU\S-1-5-21-4211459122-205256033-2055600050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
Winsock: Catalog5-x64 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\searchplugins\duckduckgo.xml => Moved successfully.
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack => Moved successfully.
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => Moved successfully.
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => Moved successfully.
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\6m5docg8.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi => Moved successfully.
Lavasoft Kernexplorer => Service deleted successfully.
Lbd => Service deleted successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
"C:\Users\pc\Local Settings" => ":XOwSoaC2EKNJRm8sI8N" ADS not found.
C:\Users\pc\AppData\Local => ":XOwSoaC2EKNJRm8sI8N" ADS removed successfully.
"C:\Users\pc\AppData\Local\Application Data" => ":XOwSoaC2EKNJRm8sI8N" ADS not found.
C:\Users\pc\AppData\Local\Temp => ":xbmqIKxuPuxbgHkCUnMXoW1Gr" ADS removed successfully.
C:\ProgramData\GYRiSn2cw.dat => Moved successfully.
C:\Users\pc\AppData\Local\Temp\aae.exe => Moved successfully.
C:\Users\pc\AppData\Local\Temp\AdobeApplicationManager.exe => Moved successfully.
C:\Users\pc\AppData\Local\Temp\incredibar_installer.exe => Moved successfully.
C:\Users\pc\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\pc\AppData\Local\Temp\rnsetup0.exe => Moved successfully.
C:\Users\pc\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\pc\AppData\Local\Temp\uninst.exe => Moved successfully.

==== End of Fixlog ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 02 May 2014 - 06:06 AM

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===
 

Okay. So did you notice anything in these logs that looked suspicious?

 

 

No. Any reasons for asking?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 08 May 2014 - 07:37 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users