Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Assist Advertisement spam/malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 lmbnova74

lmbnova74

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 03 June 2014 - 02:25 PM

Hello - I am using the latest version of Firefox - and when I am on forums or even google new - I am getting these Search Assist popups and videos.

 

I have run the DDS and Attach.txt processes - they are attached below.

 

I am running Windows 7 with latest service packs installed.

 

Can you please help me get rid of this?

 

Thanks for your help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Craig at 15:20:24 on 2014-06-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16382.11919 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\PureLeads\plsapp.exe
C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Craig\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uRun: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PureLeads Tray] "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\plsapp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{861EBA99-FAEC-463C-A7FB-7842C8CE108A} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{C054A17C-E0DC-4B8F-BA08-6EB2D98005C2} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\ww5cv9s0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=268D1EE431FB37117FACCD5153933E3B
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Craig\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Craig\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Craig\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-8 14456]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-27 31080]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-7-26 57976]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2014/04/04 12:35:48];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 plsapp;plsapp;C:\Program Files (x86)\PureLeads\plsapp.exe [2014-1-23 3690784]
R2 PlsvcV1;PlsvcV1;C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [2014-1-23 91936]
R2 PlsvcV2;PlsvcV2;C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [2014-1-23 24352]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-12-15 65657]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-26 1153368]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-7-27 830048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-3 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-3 30208]
S3 vzandnetadb;ADB Interface DriverNet for VZW;C:\Windows\System32\drivers\lgvzandnetadb.sys [2011-10-10 31744]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-5 1255736]
.
=============== Created Last 30 ================
.
2014-06-02 20:37:16    439296    ----a-w-    C:\Windows\System32\plsapp64.dll
2014-06-02 20:37:14    354592    ----a-w-    C:\Windows\SysWow64\plsapp.dll
2014-06-02 20:37:10    --------    d-----w-    C:\ProgramData\PureLeads
2014-06-02 20:37:09    --------    d-----w-    C:\Program Files (x86)\PureLeads
2014-06-02 20:36:22    --------    d-----w-    C:\Users\Craig\AppData\Roaming\OpenCandy
2014-06-02 18:46:57    --------    d-----w-    C:\Program Files\iPod
2014-06-02 18:46:56    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-02 18:46:56    --------    d-----w-    C:\Program Files\iTunes
2014-06-02 18:46:56    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-05-15 07:05:42    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-15 07:05:42    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-14 10:44:14    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-14 10:44:14    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-13 18:20:26    235800    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 18:20:06    273176    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 18:06:06    323352    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-05-13 18:05:40    191768    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 18:05:08    152344    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 18:05:06    130328    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 18:04:56    236312    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 18:04:30    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-05-06 07:00:38    --------    d-s---w-    C:\Windows\System32\CompatTel
.
==================== Find3M  ====================
.
2014-05-13 19:02:14    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 19:02:14    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-15 06:34:10    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-04 16:34:23    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2014-04-04 16:34:22    505128    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2014-04-04 16:34:22    353576    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 15:20:59.68 ===============
 

Attached Files


Edited by Noviciate, 05 June 2014 - 12:48 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 05 June 2014 - 12:53 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click the I Agree button to continue.
  • Click on Scan and, once complete, click on Report and let me have the contents of the text that opens.
  • A copy of the text file will also be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 

 

 


So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 10 June 2014 - 11:20 AM

Helpers are limited in the number of logs that they can take by the time they have available and having a thread sit idle means that somebody else who could be being helped has to wait. Even if my time is of no value to you, please consider those who are asking for help and will actually respond, thank-you.

Given that there has been no response for at least five days, and I have no way of knowing when there will be one, this thread is now closed.
 


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users