Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PuP.frostwire infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 TheOverheater

TheOverheater

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 28 August 2014 - 06:46 PM

So, I did a routine scan of my computer with Malewarebytes today. When I was finished, I found 5 potentially unwanted programs. After trying to export the log, the program crashed on the spot. This made me go back and do a full scan. Still the same 5 objects. I tried to export the log, only for it to crash again, so I just decided to take a screenshot of what it found. Four of them were registry keys having to do with internet explorer. The other was a file that had to do with profiles on firefox. I am not sure what this is, but I looked it up, and found a decent ammount of people with the same kind of infection. They all seemed to have trouble getting rid of it in conventional ways, so I decided to skip right to here to get straight to the core of this problem, if that's okay. I have attached my screenshot of malewarebytes along with the attach.txt, if that would even help.

 

My dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.65.2
Run by Nick at 19:31:26 on 2014-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2166 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:54162
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: Interfaces\{491CC2FB-A0D2-43C8-8912-36441EB05A86} : NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{491CC2FB-A0D2-43C8-8912-36441EB05A86}\466796E65647 : DHCPNameServer = 10.226.0.3 10.240.10.19 10.240.10.20
TCP: Interfaces\{491CC2FB-A0D2-43C8-8912-36441EB05A86}\A434D275966496 : DHCPNameServer = 172.20.8.107 172.20.8.58
TCP: Interfaces\{491CC2FB-A0D2-43C8-8912-36441EB05A86}\F45727E6564777F627B6E6F64797F6572737 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{92CB142C-DD93-4C66-B315-C68A65226151} : DHCPNameServer = 100.100.1.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54162
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-3-25 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-25 2320920]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-5 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2010-3-25 200736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-25 291328]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\System32\drivers\ActionReplayDS_x64.sys [2011-4-1 51600]
S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-25 232480]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-25 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-08-28 19:15:07    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-28 19:14:55    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-28 19:14:55    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-28 19:14:54    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 19:05:59    --------    d-----w-    C:\Windows\en
2014-08-27 19:00:31    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2b2392a71cfc22904\DSETUP.dll
2014-08-27 19:00:31    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2b2392a71cfc22904\DXSETUP.exe
2014-08-27 19:00:31    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2b2392a71cfc22904\dsetup32.dll
2014-08-27 19:00:28    89944    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\29a159cf1cfc22903\DSETUP.dll
2014-08-27 19:00:28    537432    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\29a159cf1cfc22903\DXSETUP.exe
2014-08-27 19:00:28    1801048    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\29a159cf1cfc22903\dsetup32.dll
2014-08-27 19:00:26    89944    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\28f7a9d31cfc22902\DSETUP.dll
2014-08-27 19:00:26    537432    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\28f7a9d31cfc22902\DXSETUP.exe
2014-08-27 19:00:26    1801048    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\28f7a9d31cfc22902\dsetup32.dll
2014-08-27 19:00:21    --------    d-----w-    C:\Users\Nick\AppData\Local\Windows Live
2014-08-22 17:17:20    --------    d-----w-    C:\Users\Nick\AppData\Roaming\MMFApplications
2014-08-14 22:43:46    --------    d-----w-    C:\Program Files (x86)\SplitmediaLabs
.
==================== Find3M  ====================
.
2014-07-11 07:02:05    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 19:32:22.10 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 01 September 2014 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 01 September 2014 - 11:31 AM

ADW

 

# AdwCleaner v3.308 - Report created 01/09/2014 at 12:19:20
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick - NICK-PC
# Running from : C:\Users\Nick\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Conduit
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\prefs.js ]

Line Deleted : user_pref("CT2680363..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2680363..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2680363..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2680363.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2680363.AppTrackingLastCheckTime", "Wed Jun 22 2011 00:47:53 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.CTID", "CT2680363");
Line Deleted : user_pref("CT2680363.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2680363.CurrentServerDate", "22-6-2011");
Line Deleted : user_pref("CT2680363.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2680363.DialogsGetterLastCheckTime", "Fri Apr 15 2011 13:52:51 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"1/22/2011 2:19:35 AM\",\"SourceId\":0,\"OriginSource\":0,\"Refer[...]
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129221960058849484", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129222078068706850", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129228979092089554", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129243777123493394", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129308349891594152", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129362183886169315", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.FirstServerDate", "22-1-2011");
Line Deleted : user_pref("CT2680363.FirstTime", true);
Line Deleted : user_pref("CT2680363.FirstTimeFF3", true);
Line Deleted : user_pref("CT2680363.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2680363.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2680363.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2680363.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2680363.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2680363.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2680363.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2680363.Initialize", true);
Line Deleted : user_pref("CT2680363.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2680363.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2680363.InstalledDate", "Fri Jan 21 2011 18:19:42 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2680363.InvalidateCache", false);
Line Deleted : user_pref("CT2680363.IsGrouping", false);
Line Deleted : user_pref("CT2680363.IsMulticommunity", false);
Line Deleted : user_pref("CT2680363.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2680363.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2680363.LanguagePackLastCheckTime", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2680363.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2680363.LastLogin_3.2.5.2", "Mon Apr 11 2011 18:10:22 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.LastLogin_3.3.3.2", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2680363.Locale", "en");
Line Deleted : user_pref("CT2680363.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2680363.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2680363.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2680363.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2680363.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2680363.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2680363.RadioShrinked", "expanded");
Line Deleted : user_pref("CT2680363.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2680363.SearchBoxWidth", 129);
Line Deleted : user_pref("CT2680363.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2680363.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&q=&SearchSource=2");
Line Deleted : user_pref("CT2680363.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2680363.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2680363.SearchInNewTabLastCheckTime", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2680363.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2680363.ServiceMapLastCheckTime", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.SettingsLastCheckTime", "Wed Jun 22 2011 00:47:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.SettingsLastUpdate", "1307619178");
Line Deleted : user_pref("CT2680363.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2680363.ThirdPartyComponentsLastCheck", "Wed Jun 22 2011 00:47:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2680363.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2680363");
Line Deleted : user_pref("CT2680363.UserID", "UN47100371037378133");
Line Deleted : user_pref("CT2680363.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2680363.alertChannelId", "1072794");
Line Deleted : user_pref("CT2680363.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT2680363.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2680363.myStuffEnabled", true);
Line Deleted : user_pref("CT2680363.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2680363.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2680363.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2680363.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2680363.oldAppsList", "129217750664239615,129217750664239616,129240097234456939,129221960058849484,129228979092089554,129222078068706850,129243777123493394,129308349891594152,129362183886[...]
Line Deleted : user_pref("CT2680363.testingCtid", "");
Line Deleted : user_pref("CT2680363.toolbarAppMetaDataLastCheckTime", "Wed Jun 22 2011 00:47:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2680363.toolbarContextMenuLastCheckTime", "Fri Jan 21 2011 18:19:42 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2680363.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2680363");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1072794/1068498/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680363", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80927e5f86f7cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2680363", "\"634434930587600000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634380269302130000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2680363/CT2680363", "\"1307619178\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634432176643630000\"");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2680363");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2680363");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 15 2011 13:52:51 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 00:47:50 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 00:47:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "be92df21-6038-4a0c-a740-099bd4e1172c");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "e237f742-f4db-45a3-a0d0-2197a27fe1e1");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

-\\ Google Chrome v

[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17082 octets] - [01/09/2014 12:16:00]
AdwCleaner[S0].txt - [17171 octets] - [01/09/2014 12:19:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17232 octets] ##########
 

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Nick (administrator) on NICK-PC on 01-09-2014 12:25:12
Running from C:\Users\Nick\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
HKU\S-1-5-21-3963637794-314873993-2321577733-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-10-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3963637794-314873993-2321577733-1001\...\Run: [Google Update] => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk /k:C *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:54162
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9981D052-8925-4D12-9B76-540CDC9131F8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Tcpip\..\Interfaces\{491CC2FB-A0D2-43C8-8912-36441EB05A86}: [NameServer] 75.75.76.76,75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default
FF Homepage: hxxp://www.youtube.com/
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 54162
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: ActiveGS - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\activegs@freetoolsassociation.com [2013-12-03]
FF Extension: No Name - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\staged [2014-08-29]
FF Extension: Google Toolbar for Firefox - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-29]
FF Extension: Add-on Compatibility Reporter - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-06-25]
FF Extension: Lazarus: Form Recovery - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\lazarus@interclue.com.xpi [2011-05-23]
FF Extension: NoSquint - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\nosquint@urandom.ca.xpi [2011-06-13]
FF Extension: Status-4-Evar - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\status4evar@caligonstudios.com.xpi [2011-07-12]
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13]
FF Extension: Greasemonkey - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-10]
FF Extension: Text-to-Image - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\72g8zc80.default\Extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi [2014-04-30]

Chrome:
=======
CHR HomePage: Default -> 453030A6624107447687A90A66E077BA01231880B707A2E43C1CBEFBB61229CE
CHR DefaultSearchKeyword: Default -> 0E4DA0FD70AC6F08CEC5B441955E6F9797092F5AE9A2C8FFF414FADA85EEF8FF
CHR DefaultSearchURL: Default -> C081714D1BC7088577529701D3C8A16E4CE4337CBA38703CFF3FD9E1D7D2FAFB
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3966416 2010-10-20] (INCA Internet Co., Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [21624 2009-09-27] (DeviceVM, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-02-02] (INCA Internet Co., Ltd.) [File not signed]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 12:25 - 2014-09-01 12:25 - 00018472 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-09-01 12:25 - 2014-09-01 12:25 - 00000000 ____D () C:\FRST
2014-09-01 12:24 - 2014-09-01 12:24 - 00017357 _____ () C:\Users\Nick\Desktop\AdwCleaner[post].txt
2014-09-01 12:15 - 2014-09-01 12:19 - 00000000 ____D () C:\AdwCleaner
2014-09-01 12:11 - 2014-09-01 12:11 - 02104832 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-09-01 12:09 - 2014-09-01 12:09 - 01364531 _____ () C:\Users\Nick\Desktop\adwcleaner_3.308.exe
2014-08-31 21:26 - 2014-08-31 23:16 - 00002066 _____ () C:\Users\Nick\Desktop\testing.bat
2014-08-31 21:07 - 2014-08-31 23:11 - 00000122 _____ () C:\Users\Nick\Desktop\oh.bat
2014-08-31 01:49 - 2014-08-31 21:24 - 00002008 _____ () C:\Users\Nick\Desktop\bleep.bat
2014-08-29 22:34 - 2014-08-29 22:34 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\puush
2014-08-29 22:33 - 2014-08-29 22:34 - 00000000 ____D () C:\Program Files (x86)\puush
2014-08-29 22:33 - 2014-08-29 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-08-28 19:32 - 2014-08-28 19:32 - 00019193 _____ () C:\Users\Nick\Desktop\dds.txt
2014-08-28 19:32 - 2014-08-28 19:32 - 00013166 _____ () C:\Users\Nick\Desktop\attach.txt
2014-08-28 19:29 - 2014-08-28 19:29 - 00688992 ____R (Swearware) C:\Users\Nick\Desktop\dds.com
2014-08-28 15:15 - 2014-08-30 20:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 15:14 - 2014-08-28 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:14 - 2014-08-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 15:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 15:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-27 15:05 - 2014-08-27 15:05 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-08-27 15:05 - 2014-08-27 15:05 - 00000000 ____D () C:\Windows\en
2014-08-27 15:04 - 2014-08-27 15:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-08-27 15:00 - 2014-08-27 15:00 - 00000000 ____D () C:\Users\Nick\AppData\Local\Windows Live
2014-08-27 14:59 - 2014-08-27 14:59 - 01239752 _____ (Microsoft Corporation) C:\Users\Nick\Desktop\wlsetup-web.exe
2014-08-25 15:41 - 2014-08-25 16:21 - 05545079 _____ () C:\Users\Nick\Desktop\DATHOTSTM.rar
2014-08-22 13:17 - 2014-08-22 13:17 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\MMFApplications
2014-08-14 18:43 - 2014-08-14 18:43 - 00001109 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-08-14 18:43 - 2014-08-14 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-08-14 18:43 - 2014-08-14 18:43 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs
2014-08-03 14:48 - 2014-08-03 14:48 - 00000222 _____ () C:\Users\Nick\Desktop\Unturned.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 12:25 - 2014-09-01 12:25 - 00018472 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-09-01 12:25 - 2014-09-01 12:25 - 00000000 ____D () C:\FRST
2014-09-01 12:24 - 2014-09-01 12:24 - 00017357 _____ () C:\Users\Nick\Desktop\AdwCleaner[post].txt
2014-09-01 12:24 - 2010-03-25 07:12 - 01212088 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 12:21 - 2011-02-06 12:50 - 00021976 _____ () C:\Windows\PFRO.log
2014-09-01 12:21 - 2010-12-04 15:49 - 00231588 _____ () C:\Windows\setupact.log
2014-09-01 12:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 12:20 - 2010-03-25 07:50 - 00000177 ____H () C:\dvmexp.idx
2014-09-01 12:19 - 2014-09-01 12:15 - 00000000 ____D () C:\AdwCleaner
2014-09-01 12:12 - 2011-02-15 20:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-09-01 12:11 - 2014-09-01 12:11 - 02104832 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-09-01 12:11 - 2010-08-27 19:11 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3963637794-314873993-2321577733-1001UA.job
2014-09-01 12:09 - 2014-09-01 12:09 - 01364531 _____ () C:\Users\Nick\Desktop\adwcleaner_3.308.exe
2014-09-01 05:01 - 2010-08-02 14:00 - 00000000 ____D () C:\Users\Nick\AppData\Local\Paint.NET
2014-09-01 02:21 - 2014-01-28 03:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\HexChat
2014-09-01 00:16 - 2010-08-27 19:11 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3963637794-314873993-2321577733-1001Core.job
2014-08-31 23:16 - 2014-08-31 21:26 - 00002066 _____ () C:\Users\Nick\Desktop\testing.bat
2014-08-31 23:11 - 2014-08-31 21:07 - 00000122 _____ () C:\Users\Nick\Desktop\oh.bat
2014-08-31 21:24 - 2014-08-31 01:49 - 00002008 _____ () C:\Users\Nick\Desktop\bleep.bat
2014-08-31 19:04 - 2011-04-30 13:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-30 20:59 - 2014-08-28 15:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 22:34 - 2014-08-29 22:34 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\puush
2014-08-29 22:34 - 2014-08-29 22:33 - 00000000 ____D () C:\Program Files (x86)\puush
2014-08-29 22:33 - 2014-08-29 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-08-29 05:29 - 2013-05-18 23:17 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\vlc
2014-08-29 03:44 - 2009-07-14 01:13 - 00780156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-29 03:38 - 2013-04-09 17:22 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNick
2014-08-29 03:38 - 2013-04-09 17:22 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNick.job
2014-08-29 03:02 - 2012-02-07 20:27 - 00002358 _____ () C:\Users\Nick\Desktop\Google Chrome.lnk
2014-08-28 19:32 - 2014-08-28 19:32 - 00019193 _____ () C:\Users\Nick\Desktop\dds.txt
2014-08-28 19:32 - 2014-08-28 19:32 - 00013166 _____ () C:\Users\Nick\Desktop\attach.txt
2014-08-28 19:29 - 2014-08-28 19:29 - 00688992 ____R (Swearware) C:\Users\Nick\Desktop\dds.com
2014-08-28 19:22 - 2013-11-25 01:24 - 00000000 ____D () C:\Users\Nick\Documents\registry backup
2014-08-28 15:14 - 2014-08-28 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:14 - 2014-08-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 15:14 - 2012-07-10 19:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-28 15:14 - 2010-09-30 17:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Malwarebytes
2014-08-28 15:14 - 2010-09-30 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 15:05 - 2014-08-27 15:05 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-08-27 15:05 - 2014-08-27 15:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-08-27 15:05 - 2014-08-27 15:05 - 00000000 ____D () C:\Windows\en
2014-08-27 15:05 - 2009-12-05 13:16 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-27 15:04 - 2014-08-27 15:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-08-27 15:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-27 15:02 - 2011-02-22 19:49 - 00135521 _____ () C:\Windows\DirectX.log
2014-08-27 15:00 - 2014-08-27 15:00 - 00000000 ____D () C:\Users\Nick\AppData\Local\Windows Live
2014-08-27 14:59 - 2014-08-27 14:59 - 01239752 _____ (Microsoft Corporation) C:\Users\Nick\Desktop\wlsetup-web.exe
2014-08-27 14:47 - 2010-08-31 15:31 - 00000000 ___HD () C:\Users\Nick\Documents\ShadowEditFiles
2014-08-25 16:21 - 2014-08-25 15:41 - 05545079 _____ () C:\Users\Nick\Desktop\DATHOTSTM.rar
2014-08-22 13:17 - 2014-08-22 13:17 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\MMFApplications
2014-08-16 20:21 - 2013-11-17 00:29 - 00001051 _____ () C:\Users\Nick\Desktop\Notepad++.lnk
2014-08-16 20:21 - 2013-08-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-14 18:58 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 18:58 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 18:49 - 2012-09-21 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 18:44 - 2014-02-10 01:03 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-14 18:43 - 2014-08-14 18:43 - 00001109 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-08-14 18:43 - 2014-08-14 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-08-14 18:43 - 2014-08-14 18:43 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs
2014-08-14 15:01 - 2012-09-21 23:30 - 00000000 ___HD () C:\Users\Nick\Documents\huhuhuh
2014-08-11 04:24 - 2013-11-21 02:31 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-07 11:36 - 2010-09-12 14:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-03 14:48 - 2014-08-03 14:48 - 00000222 _____ () C:\Users\Nick\Desktop\Unturned.url

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Nick\jagex_cl_runescape_LIVE.dat
C:\Users\Nick\jagex_runescape_preferences.dat
C:\Users\Nick\jagex_runescape_preferences2.dat
C:\Users\Nick\jagex__preferences3.dat
C:\Users\Nick\taskmgr.exe


Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Nick\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\Nick\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Nick\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 14:00

==================== End Of Log ============================

 

 

The computer seems to be running fine right now, thnks for the reply!

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 01 September 2014 - 12:36 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR HomePage: Default -> 453030A6624107447687A90A66E077BA01231880B707A2E43C1CBEFBB61229CE
CHR DefaultSearchKeyword: Default -> 0E4DA0FD70AC6F08CEC5B441955E6F9797092F5AE9A2C8FFF414FADA85EEF8FF
CHR DefaultSearchURL: Default -> C081714D1BC7088577529701D3C8A16E4CE4337CBA38703CFF3FD9E1D7D2FAFB
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
C:\Users\Nick\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Nick\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\Nick\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Nick\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5239FCB7
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 01 September 2014 - 02:38 PM

fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Nick at 2014-09-01 15:30:21 Run:1
Running from C:\Users\Nick\Desktop\frst
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR HomePage: Default -> 453030A6624107447687A90A66E077BA01231880B707A2E43C1CBEFBB61229CE
CHR DefaultSearchKeyword: Default -> 0E4DA0FD70AC6F08CEC5B441955E6F9797092F5AE9A2C8FFF414FADA85EEF8FF
CHR DefaultSearchURL: Default -> C081714D1BC7088577529701D3C8A16E4CE4337CBA38703CFF3FD9E1D7D2FAFB
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
C:\Users\Nick\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Nick\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\Nick\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Nick\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5239FCB7
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

End
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key deleted successfully.
"HKCR\CLSID\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key deleted successfully.
"HKCR\CLSID\{55F5C128-9C2C-4ABA-93AD-EF7E5BD2D22A}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
dump_wmimmc => Service deleted successfully.
Lbd => Service deleted successfully.
RTSTOR => Service deleted successfully.
C:\Users\Nick\AppData\Local\Temp\drm_dyndata_7370014.dll => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\npp.6.6.3.Installer.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\npp.6.6.8.Installer.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":5239FCB7" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

 

 

checkup.txt

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Lavasoft Ad-Watch Live! Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65  
 Java version out of Date!
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 37.0.2062.102  
 Google Chrome 37.0.2062.94  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

PC is running fine.


Edited by TheOverheater, 01 September 2014 - 02:39 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 02 September 2014 - 06:57 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 02 September 2014 - 01:57 PM

Okay, I have updated them both to the latest versions.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 03 September 2014 - 07:48 AM

Glad we could help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 03 September 2014 - 07:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users