Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Potentially infected by TR/Trash.Gen and TR/Drop.Softomat.AN


  • This topic is locked This topic is locked
14 replies to this topic

#1 copu2000

copu2000

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 23 August 2014 - 02:52 AM

Attached File  attach.txt   14.71KB   2 downloadsDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Unknown at 15:41:26 on 2014-08-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.60.1033.18.3069.1046 [GMT 8:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: FireWall *Disabled* {753F9273-B322-2907-AC37-03D0F1702F22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\ChgService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
c:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\avira\antivir desktop\avnotify.exe
c:\program files (x86)\avira\antivir desktop\avnotify.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.my/
uDefault_Page_URL = hxxp://sony.msn.com
uProxyServer = localhost:21320
uProxyOverride = <local>;*.local
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Show Xmlbar Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\LOUISL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{0D16DC21-C741-406F-AA9E-7FE9BBFECFED} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7575D911-72ED-4FA4-92F2-8650C9CA4AC6} : NameServer = 8.8.8.8
TCP: Interfaces\{A1CD575A-BE4E-4029-BAA2-9F98A2518268} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C38AE7A0-4E7B-4993-A847-1F96A69F4DBF} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{EE6154C7-FFDB-4FF1-9E7F-A6F9CFAA5349} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62}\032354442483 : DHCPNameServer = 122.255.99.236 122.255.99.228
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62}\26579716B616378616 : NameServer = 192.168.1.1
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62}\26579716B616378616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62}\9407F6E676 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{FFF2CA64-46EB-444E-BA66-C39B4E006F62}\C696E6B6379737 : DHCPNameServer = 192.168.15.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
x64-Run: [Skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-21 55280]
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-29 25120]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-12-14 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-12-14 28600]
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [2014-7-12 41872]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-8-9 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-29 203264]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-14 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-14 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-12-14 117712]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-12-14 42040]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2010-12-2 135168]
R2 ezGOSvc;Easybits GO Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 iTeleportService;iTeleportService;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-12-8 25600]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2014-5-25 233344]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-21 19968]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-12-14 114608]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-10-28 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-29 35104]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-29 292864]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-29 11392]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-29 393216]
RUnknown APNMCP;APNMCP; [x]
S2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2013-12-14 1043024]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-12-14 804944]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-12-14 1021520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-27 362992]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-9 169312]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\System32\drivers\cmnsusbser.sys [2010-12-2 126080]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-20 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-16 19456]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-27 313840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-16 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-08-23 05:54:55 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 05:49:01 79064 ----a-w- C:\Windows\System32\drivers\qcikhm.sys
2014-08-23 04:49:07 -------- d-----w- C:\SUPERDelete
2014-08-23 01:38:50 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7044BB33-84BB-4640-88A1-B5E3DD6166A5}\offreg.dll
2014-08-23 01:28:46 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 12:33:06 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7044BB33-84BB-4640-88A1-B5E3DD6166A5}\mpengine.dll
2014-08-20 15:44:59 752640 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-15 19:11:16 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 19:11:15 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 19:11:15 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 19:11:15 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 19:11:14 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 19:11:14 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 19:10:56 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 19:10:56 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 15:44:02 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-15 15:44:02 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-15 15:44:02 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-15 15:44:02 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-15 14:12:22 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 14:12:21 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-15 12:24:22 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-15 12:24:21 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-15 12:24:20 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-15 12:24:19 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-15 12:24:19 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-15 12:24:18 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-15 12:24:18 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 14:41:10 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-14 14:41:10 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-14 14:41:10 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-14 14:23:40 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 14:23:40 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 14:21:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 14:21:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 11:51:30 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-23 05:41:39 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 05:41:39 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 01:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-26 09:37:34 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-04 02:47:04 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:43:14.47 ===============
 



BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 23 August 2014 - 12:32 PM

Hi copu2000 and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 23 August 2014 - 05:23 PM

Hello copu2000

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

You will need to remove this program via Add and Remove programs.

Step 2

You have more than one Anti-spyware program running.

Please uninstall Spybot - Search & Destroy and Disable Windows Defender by doing the following:-

  • Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
  • Click Tools, and then click Options.
  • Click Administrator, clear the Use this program check box, and then click Save. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.


    Step 3

    Download ADWCleaner to your desktop:
    http://www.bleepingcomputer.com/download/adwcleaner/

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    scan-results.jpg

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder.

    Step 4

    Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
      You can find instructions how to disable your security applications >>Here<< or >>Here<<
    • Double click zoek.exe to start the program.
    • Copy and paste the following script in the code box:
    • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    autoclean;
    emptyclsid;
    emptyfolderscheck;delete
    startupall;
    services_list;
    standardsearch;
    
    • Close any open browsers.
    • Click the "Run script" button and wait patiently.
    • When finished the logfile will be opened in notepad.
    • If a reboot is needed the logfile will be opened after reboot.
    • The zoek-results.log can also be found on your systemdrive (normally C:\).
    • Please post the logfile for further review in your next reply

Edited by seedy21, 23 August 2014 - 05:27 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 25 August 2014 - 11:11 AM

Thanks Seedy21 for your assistance. Bitcomet and Spybot uninstalled as per suggestion. Below report from AdwCleaner

 

 

 

# AdwCleaner v3.308 - Report created 25/08/2014 at 22:26:12
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Unknown - VAIO
# Running from : C:\Users\Unknown\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\orbitdownloader
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Users\Unknown\AppData\Roaming\GrabPro
Folder Found : C:\Users\Unknown\AppData\Roaming\Settings Manager
Folder Found : C:\Windows\SysWOW64\hotspot shield

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Orbit
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\SOFTWARE\Orbit
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\prefs.js ]

Line Found : user_pref("browser.search.order.1", "default-search.net");

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=a&ver=13337&tm=406&src=ds&p={searchTerms}
Found [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=a&ver=13337&tm=406&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [5446 octets] - [25/08/2014 22:26:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5506 octets] ##########

 

Does it take long for the zoek process to be completed ? Have waited for more than half an hour without any results when running the script provided in zoek.

 



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 25 August 2014 - 02:32 PM

Hi copu2000
 

Have waited for more than half an hour without any results when running the script provided in zoek.


It run's differently on everybody's machine. If this is the case I would like you to quit Zoek, reboot your computer and then run Zoek again. It is important that you disable all Security programs before running Zoek.

Before running Zoek. I need you to re-run Adwcleaner and Click the Clean Button when you have done the scan. This will remove the adware it finds.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 26 August 2014 - 06:43 AM

Thanks. It worked. Following are reports from Adwcleaner and Zoek. Awaiting your next set of instructions.

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 18:46:49
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Louis Liew - VAIO
# Running from : C:\Users\Louis Liew\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\prefs.js ]

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Louis Liew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5598 octets] - [25/08/2014 22:26:12]
AdwCleaner[R1].txt - [875 octets] - [26/08/2014 18:46:49]
AdwCleaner[S0].txt - [5590 octets] - [25/08/2014 22:31:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [994 octets] ##########



#7 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 26 August 2014 - 06:56 AM

I have the the Zoek report but I can't seem to post it. Just selecting all the text body from the report. Then Ctrl+C and Ctrl+V here but it don't work. Any particular reasons ?



#8 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 26 August 2014 - 07:17 AM

Zoek.exe v5.0.0.0 Updated 26-08-2014
Tool run by Louis Liew on Tue 26/08/2014 at 18:59:56.75.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Louis Liew\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-25-150931.log 422 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\Alawar deleted successfully
C:\PROGRA~2\Aspyr deleted successfully
C:\PROGRA~2\DesktopAnimated deleted successfully
C:\PROGRA~2\COMMON~1\AltrixSoft deleted successfully
C:\Program Files\BitComet deleted successfully
C:\PROGRA~3\BioWare deleted successfully
C:\PROGRA~3\IWL deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Roxio deleted successfully
C:\Users\Louis Liew\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Louis Liew\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Louis Liew\AppData\Roaming\redsn0w deleted successfully
C:\Users\Louis Liew\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Louis Liew\AppData\Local\AskPartnerNetwork deleted successfully
C:\Users\Louis Liew\AppData\Local\MigWiz deleted successfully
C:\Users\Louis Liew\AppData\Local\Secunia PSI deleted successfully
C:\Users\Louis Liew\AppData\Local\Ubisoft Game Launcher deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-436529071-4246772085-936650426-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} deleted successfully
HKEY_USERS\S-1-5-21-436529071-4246772085-936650426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-436529071-4246772085-936650426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\ChgService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Louis Liew\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default

user.js not found
---- Lines isearch removed from prefs.js ----
user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");
---- FireFox user.js and prefs.js backups ----

prefs_20142608_0711_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Windows\syswow64\appdata deleted
C:\PROGRA~3\EmailNotifier deleted
C:\PROGRA~3\eSellerate deleted
C:\PsExec.exe deleted
C:\Users\Louis Liew\AppData\Roaming\Thinstall deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\AskPartnerNetwork deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\ParetoLogic Registration.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\jetpack deleted
C:\Users\Louis Liew\Desktop\Video Downloader.lnk deleted
C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\jid1-4P0kohSJxU1qGg@jetpack deleted
"C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\AskPartnerNetwork" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit
Manufacturer: Sony Corporation - Model: VGN-SR55GF_B
Install Date: 28/11/2009 4:14:41 PM
Last Boot: 26/8/2014 6:49:50 PM
Processor: Intel® Core™2 Duo CPU     P8700  @ 2.53GHz
Number of Processors: 2
Work Station
Bootmode: Normal boot
Total RAM: 3069 MB (free 1578 MB - 51)
Computername: VAIO
Domain: WORKGROUP
User: Louis Liew (Non-Administrator account)
Local Disk:        C:\ - NTFS - 256 GB (free 1 GB)
Removable Disk:    D:\ -  -  GB (free  GB)
Removable Disk:    E:\ -  -  GB (free  GB)
CD \ DVD Drive:    F:\
Local Disk:        G:\ - NTFS - 29 GB (free 10 GB)
CD \ DVD Drive:    H:\
CD \ DVD Drive:    I:\
CD \ DVD Drive:    J:\
CD \ DVD Drive:    K:\
CD \ DVD Drive:    L:\
Local Disk:        M:\ - NTFS - 1862 GB (free 79 GB)
Bootdevice: \Device\HarddiskVolume2
Windows update:
Country: Malaysia
Language: ENM

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: FireWall disabled
Default Browser: Google Chrome 36.0.1985.143
Internet Explorer Version: 11.0.9600.17239
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 36.0.1985.143
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 14.0.0.179

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\LOUISL~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-25 22:52:06 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2014-08-25 22:52:06 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2014-08-25 22:52:06 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\SysWOW64\wups.dll
2014-08-25 22:51:43 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-08-25 22:51:43 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 14:27:08 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-08-23 05:55:21 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-08-23 05:54:55 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-08-23 05:54:55 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-08-23 05:54:55 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 15:45:04 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-20 15:45:04 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-08-20 15:45:04 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-08-20 15:45:04 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-08-20 15:45:04 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-08-20 15:45:04 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-20 15:45:04 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-08-20 15:45:04 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-08-20 15:45:03 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-08-20 15:45:02 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-08-20 15:45:02 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-08-20 15:45:02 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-08-20 15:45:02 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-08-20 15:45:02 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-08-20 15:45:01 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-08-20 15:45:01 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-08-20 15:45:01 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-08-20 15:45:00 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-08-20 15:44:59 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-08-20 15:44:59 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-08-20 15:44:59 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-08-20 15:44:59 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-08-20 15:44:59 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-08-20 15:44:59 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-20 15:44:59 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-20 15:44:59 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 19:11:16 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 19:11:15 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe
2014-08-15 19:11:14 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll
2014-08-15 19:10:56 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 15:44:05 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls
2014-08-15 15:44:02 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 15:44:02 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 15:44:02 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 15:44:02 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 15:44:02 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 12:24:21 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-08-15 12:24:19 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-08-15 12:24:18 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-08-14 14:41:10 0C2390376D95B0D27A6317F017CD58DC 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2014-08-14 14:35:54 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-08-14 14:23:40 D8BED6BA298DBAAF6F3D746739FCD333 664064 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 14:21:31 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-25 22:52:41 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2014-08-25 22:52:41 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\Windows\Sysnative\wups2.dll
2014-08-25 22:52:41 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\Windows\Sysnative\wucltux.dll
2014-08-25 22:52:40 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2014-08-25 22:52:06 7EC6617005F76714C7E16605E7A8AB06 38880 ----a-w- C:\Windows\Sysnative\wups.dll
2014-08-25 22:52:06 1180B5ADFB507258DA10F51B46681A33 97792 ----a-w- C:\Windows\Sysnative\wudriver.dll
2014-08-25 22:52:06 0DB2758CF1BAFE22E0970FDA0785B74C 700384 ----a-w- C:\Windows\Sysnative\wuapi.dll
2014-08-25 22:51:43 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2014-08-25 22:51:43 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe
2014-08-20 15:45:04 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-08-20 15:45:04 08C5E6033786C1E41B63FD38CA22917A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-08-20 15:45:02 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-08-20 15:45:02 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-08-20 15:45:02 6598F2A876E13B6FFA5AE418D41CE7D6 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-08-20 15:45:02 5574B09C4676E8E2EBE125C18BDF9FBF 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-08-20 15:45:02 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-08-20 15:45:02 13A852B606F3644A7A35EDD99F74A685 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-08-20 15:45:01 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-08-20 15:45:01 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-08-20 15:45:00 DF485877CCE229776E6B8BB9116B67FE 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-08-20 15:45:00 9C9FE69902CD45A7D9AB1F0C4EDE646C 348856 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-08-20 15:45:00 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-08-20 15:44:59 FCC86367BB0FB6DEB6614885CBE74FD5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-08-20 15:44:59 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-08-20 15:44:58 72B7D166D1B0D353330A34FDED3F5AA6 598016 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-08-20 15:44:58 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-08-20 15:44:57 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-08-20 15:44:57 1F02286D001AB5EA5719540C587224FE 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-08-20 15:44:57 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-08-20 15:44:56 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-08-20 15:44:56 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-08-20 15:44:56 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-08-20 15:44:56 1EEF9FE30DBE458A89B5F7A16FC68397 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-08-20 15:44:55 EDF22FBAE75ACB48BF51D099C6808B39 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-08-20 15:44:55 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-08-20 15:44:55 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-08-20 15:44:55 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-08-20 15:44:54 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-08-20 15:44:54 1C660588CFFB3A17BCF0F6B4779BF985 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-08-15 19:11:15 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 ----a-w- C:\Windows\Sysnative\infocardapi.dll
2014-08-15 19:11:15 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\Sysnative\icardagt.exe
2014-08-15 19:11:14 EE415EC9288182BCFB6E6896A376EA53 8856 ----a-w- C:\Windows\Sysnative\icardres.dll
2014-08-15 19:10:56 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe
2014-08-15 15:44:05 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\Sysnative\locale.nls
2014-08-15 15:44:02 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL
2014-08-15 15:44:02 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL
2014-08-15 15:44:02 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL
2014-08-15 15:44:02 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL
2014-08-15 15:44:02 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL
2014-08-15 14:12:22 9D455E3049B7F93483D7165422B7D0AF 529920 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-08-15 14:12:21 349CF386805783D2E6810A767642F1B8 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-08-15 12:24:22 3B39F9D51E4D8BAABDA6518955B58C13 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-08-15 12:24:20 5DFFC12BF7DB53BDB401804A3C3A475E 1941504 ----a-w- C:\Windows\Sysnative\authui.dll
2014-08-15 12:24:19 B0F8CCA08DBC392442E27377B98DD0CD 112064 ----a-w- C:\Windows\Sysnative\consent.exe
2014-08-15 12:24:18 A6D0DC3B30F6BB1421DAA92537424822 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-08-14 14:41:10 AF00649558BFB211A9091F4A6E7B4A0C 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-08-14 14:41:10 9E19DEED6FEB140DA3764C32F2DC4849 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2014-08-14 14:35:54 AE57F6C7AB3ED244B5F14151C4EA0057 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-08-14 14:23:40 F947D57534E01E3CA597BCF2AD8AE65B 1216000 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2014-08-14 14:21:31 EBFEF789E32279C2ED7C81260B186AD7 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-08-23 01:28:46 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-14 11:51:30 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-23 06:30:22 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-08-23 05:55:43 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-08-23 05:54:44 -------- d-----w- C:\PROGRA~2\Java
======= C: =====
====== C:\Users\Louis Liew\AppData\Roaming ======
2014-08-23 07:51:18 -------- d-----w- C:\Users\Louis Liew\AppData\Local\Adobe
2014-08-15 11:52:50 B76DC9B3865F30C6DB0C24016E36B16F 1050144 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
====== C:\Users\Louis Liew ======
2014-08-24 00:14:39 9DED4724D695CFB01960426DA011ABAE 1364531 ----a-w- C:\Users\Louis Liew\Desktop\AdwCleaner.exe
2014-08-23 07:40:01 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Louis Liew\Desktop\dds.com
2014-08-23 05:54:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==
2014-08-25 22:52:41 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\System32\wuauclt.exe
2014-08-25 22:51:43 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-24 00:14:39 9DED4724D695CFB01960426DA011ABAE 1364531 ----a-w- C:\Users\Louis Liew\Desktop\AdwCleaner.exe
2014-08-23 06:12:26 4F243369821C24568284EDFB11B2046E 1240312 ----a-w- C:\Program Files (x86)\MPC-HC\unins000.exe
2014-08-23 06:08:27 A31EEE18FD822AB0F976E30AC7595210 39734352 ----atw- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\36.0.1985.143\chrome_installer.exe
2014-08-23 06:08:11 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-08-23 06:08:11 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-08-23 06:08:11 571539D27C66410121752BB64EA63678 41155152 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-08-23 06:08:01 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-08-23 06:08:01 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-08-23 06:08:01 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-08-23 06:08:01 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-08-23 05:54:45 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-08-23 05:54:45 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-08-23 05:54:45 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-08-23 05:54:45 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-08-23 05:54:45 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-08-23 05:54:45 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-08-23 05:54:45 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-08-23 05:54:45 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-08-23 05:54:45 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-08-23 05:54:45 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-08-23 05:54:45 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-08-23 05:54:45 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-08-23 05:54:45 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-08-23 05:54:45 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-08-23 05:54:45 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-08-23 05:54:45 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-08-23 05:54:45 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-08-23 05:54:45 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-08-23 05:54:45 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-08-23 05:54:45 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-08-23 05:54:45 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-08-20 15:45:04 7BAF83ECFCB4AC9E90A4B459BDD59BCA 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-08-20 15:45:04 31A7689F580F37B52F65B9653F8916D4 810176 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-08-20 15:45:03 CDF01A5C7927786A708EAEE91F14797B 812224 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-08-20 15:45:02 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-20 15:45:02 8D526C6DFC13CC2F81395771B7BE1AC6 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-08-20 15:45:02 6A60D0D167D35A07646EBCF796D770B4 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-08-20 15:45:02 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-08-20 15:45:00 7D709E893B53092E3F5995FF5C3061E2 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-08-20 15:44:56 1EEF9FE30DBE458A89B5F7A16FC68397 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-20 15:44:54 1C660588CFFB3A17BCF0F6B4779BF985 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
=== C: other files ==
2014-08-23 07:40:01 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Louis Liew\Desktop\dds.com
2014-08-23 05:54:45 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-08-23 01:28:46 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-436529071-4246772085-936650426-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"VMSwitch"="C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnTBMon"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe /startup"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"ISBMgr.exe"="\"C:\\Program Files (x86)\\Sony\\ISB Utility\\ISBMgr.exe\""
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\wow6432node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApplePhotoStreams"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NJStar Chinese Calendar.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NJStar Chinese Calendar.lnk"
"backup"="C:\\Windows\\pss\\NJStar Chinese Calendar.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\NJSTAR~1\\NJCalend.exe /Automation"
"item"="NJStar Chinese Calendar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Secunia PSI Tray.lnk"
"backup"="C:\\Windows\\pss\\Secunia PSI Tray.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Secunia\\PSI\\psi_tray.exe "
"item"="Secunia PSI Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Louis Liew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
"path"="C:\\Users\\Louis Liew\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\Windows\\pss\\MagicDisc.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MAGICD~1\\MAGICD~1.EXE "
"item"="MagicDisc"

==== Startup Folders ======================

2013-08-19 23:29:42 2012 ----a-w- C:\Users\Louis Liew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
2009-08-28 19:11:46 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/02/2011 12:00 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/02/2011 12:00 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2011" [C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8EC5F29E-2F76-42C5-909C-438779C72413}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{81BACF2E-7B2E-48D0-9455-B438508CC51F}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\SONY\Prepare Your VAIO\Prepare Your VAIO" [C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe]
"C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update 5" ["C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe"]

==== Firefox Extensions ======================

ProfilePath: C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default
- Flash Video Downloader - Full HD Download - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\artur.dubovoy@gmail.com
- WOT - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownloadHelper - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flash Video Downloader - Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Undetermined - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Helper Please allow this installation - %AppDir%\browser\extensions\afurladvisor@anchorfree.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash

==== Deleted Firefox Extensions ======================

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaacalgebmfelllfiaoknifldpngjh - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 06:22 PM]

Avira SearchFree Toolbar plus Web Protection - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Entanglement Web App - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
Google Voice Search Hotword (Beta) - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Poppit - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Google Wallet - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.my/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.my/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{903ED3DD-2816-4DA7-8E59-C4E171EB9A59} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=SNYTDF&pc=MASN&src=IE-SearchBox"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\FLV Downloader\IEBar\xbietb.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Fences.lnk = C:\Program Files (x86)\Stardock\Fences\Fences.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=British English&ver=1.0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Run Video Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://btrr.dyndns.tv
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7575D911-72ED-4FA4-92F2-8650C9CA4AC6}: NameServer = 8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\SysWOW64\ChgService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Louis Liew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Louis Liew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=786 folders=155 27447738 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\Louis Liew\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LOUISL~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 26/08/2014 at 19:30:42.24 ======================



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 26 August 2014 - 03:28 PM

Hi Copu2000
 
Step 1
 

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following"-
    Avira SearchFree Toolbar
  • Close the Add/Remove Programs and Control Panel

Restart your computer


Step 2

We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Doubleclick zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this user's computer, do not use it on another computer even if the problems are similar
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "ApnTBMon"=-;r
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar];r
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"=-;r
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser];r
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"=-;r
    {B042753D-F57E-4e8e-A01B-7379A6D4CEFB};ff
    aaaaacalgebmfelllfiaoknifldpngjh;chr
    C:\Program Files (x86)\AskPartnerNetwork;f
    C:\Program Files (x86)\Xmlbar\;f
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.

Please post the logfile for further review in your next comment.
 
Step 3

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

 

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

 

  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When the scan is complete,

If no threats were found:
 

  • Check in "Uninstall application on close"
  • Close program

If  threats were found:
 

  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 27 August 2014 - 06:20 AM

Avira SearchFree ToolBar uninstalled. Here we go on the rerun zoek logfile.

 

Zoek.exe v5.0.0.0 Updated 27-08-2014
Tool run by Louis Liew on Wed 27/08/2014 at 19:06:25.28.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Louis Liew\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-25-150931.log 422 bytes
C:\zoek-results2014-08-26-113042.log 57274 bytes

==== FireFox Fix ======================

ProfilePath: C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20142708_0710_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnTBMon"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{6B896ADB-4A82-46e2-858C-13134782CE34}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6B896ADB-4A82-46e2-858C-13134782CE34}"=-

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\AskPartnerNetwork" not found
"C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\LOUISL~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default
- Flash Video Downloader - Full HD Download - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\artur.dubovoy@gmail.com
- WOT - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownloadHelper - C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flash Video Downloader - Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Louis Liew\AppData\Roaming\Mozilla\Firefox\Profiles\mgw6ic7k.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 06:22 PM]

Entanglement Web App - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
Google Voice Search Hotword (Beta) - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Poppit - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Google Wallet - Louis Liew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== C:\zoek_backup content ======================

C:\zoek_backup (files=789 folders=161 28484858 bytes)

==== EOF on Wed 27/08/2014 at 19:11:07.81 ======================

 


Edited by copu2000, 27 August 2014 - 06:20 AM.


#11 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 27 August 2014 - 09:28 AM

ESETScanLog below:

 

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Program Files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSIEB18.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\zoek_backup\C_PROGRA~2_AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
G:\DF\Softwares\Programs Update\Avira Internet Security 2014 14.0.1.759 License\avira_internet_security_en.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
G:\DF\Softwares\Programs Update\Avira Internet Security 2014 14.0.1.759 License\Crack\Avira.Reset\BOX_ATR2.3.exe Win32/Packed.Autoit.E.Gen potentially unwanted application deleted - quarantined
G:\DF\Softwares\Programs Update\Platinum Hide IP v3.1.9.8+Crack\Platinum Hide IP v3.1.9.8.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
M:\New folder\Games\New PC Games\Company.of.Heroes.2-RELOADED\Company.of.Heroes.2.CRACK.ONLY-RELOADED\Crack\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined
 


Edited by copu2000, 27 August 2014 - 09:29 AM.


#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 27 August 2014 - 02:15 PM

Hello Copu2000
 
How is the machine running now?  Are you still getting the alerts about the threats on your machine?
 
 
Download CKScanner from >here<

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 copu2000

copu2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 28 August 2014 - 05:00 AM

Machine is running better compared to previously. Thanks for your guidance so far. Previously the potential Trojan in topic title popped up from Avira Antivirus scan.

 

CkScanner Log

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\louis liew\desktop\new download\completed\the sopranos the complete series (season 1,2,3,4,5\tsv torrents\advanced systemcare pro v3.3.4 - cracked.torrent
c:\users\louis liew\desktop\new download\completed\the sopranos the complete series (season 1,2,3,4,5\tsv torrents\microsoft office 2010 professional plus - cracked.torrent
scanner sequence 3.LB.11.HFNANZ
 ----- EOF -----


Edited by copu2000, 28 August 2014 - 05:04 AM.


#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:38 PM

Posted 30 August 2014 - 11:30 AM

Hi copu2000

Cracked Software Warning

Your Logs are showing software / Illegal Content on your machine.

Crack, keygen, and warez sites are infamous for bundling malware along with cracks. Obtaining and running unlicensed software in this way, may impact your system so it no longer functions properly. Unfortunately system damage, is often a side effect of an entrenched malware infection which you can obtain by downloading cracks.

We are unable to help you unless you remove this software and delete the Illegal content you have.

If you don't accepted this, Help will be terminated and this topic will be locked.

Step 1

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Avira Internet Security

Step 2


We need to re-run Zoek
 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    M:\New folder\Games\New PC Games\Company.of.Heroes.2-RELOADED\Company.of.Heroes.2.CRACK.ONLY-RELOADED\[color=blue];f[/color]
    G:\DF\Softwares\Programs Update\Platinum Hide IP v3.1.9.8+Crack\[color=blue];f[/color]
    G:\DF\Softwares\Programs Update\Avira Internet Security 2014 14.0.1.759 License\[color=blue];f[/color]
    c:\users\louis liew\desktop\new download\completed\the sopranos the complete series (season 1,2,3,4,5\tsv torrents\advanced systemcare pro v3.3.4 - cracked.torrent[color=blue];f[/color]
    c:\users\louis liew\desktop\new download\completed\the sopranos the complete series (season 1,2,3,4,5\tsv torrents\microsoft office 2010 professional plus - cracked.torrent[color=blue];f[/color]
    installer-list;
    emptyalltemp;
    
     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).

Please post the logfile for further review in your next reply[/list]

Step 3

As we have just removed your security program you are going to need to install a new one.

Here is some examples of FREE Anti-virus. Please note this is for personnal use only.

http://free.avg.com/gb-en/homepage
http://www.avast.com/free-antivirus-download
http://windows.microsoft.com/en-US/windows/security-essentials-download

Please run a scan with the program you have chosen and let me know how the machine is running now.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:38 AM

Posted 09 September 2014 - 04:37 PM

Due to the lack of feedback/inactivity, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users