Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exteneded Unlimited Adware removal help


  • This topic is locked This topic is locked
3 replies to this topic

#1 Samurai262

Samurai262

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 01 September 2014 - 06:45 AM

Hi there all. I was trying to download FireFox from Mozilla but I ended up getting some adware or something. I immediately knew something was fishy so I checked around on my PC and found programs I didnt want and stuff so I came on here and saw a couple of posts with the same adware so I've taken the steps as advised to help get the ball rolling. So here are the requested logs and the one attachment. Thanks in advance for any and all help.

 

 

 

 

# AdwCleaner v3.308 - Report created 01/09/2014 at 07:22:38
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Colton - COLTONS-LAPTOP
# Running from : C:\Users\Colton\Downloads\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {5eeb83d0-96ea-4249-942c-beead6847053}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Colton\AppData\Local\PackageAware
Folder Deleted : C:\Users\Colton\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Colton\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Colton\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Colton\AppData\Roaming\wse_astromenda
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ASP
Task Deleted : UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\mystarttb
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Homepage] : hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
 
*************************
 
AdwCleaner[R0].txt - [3935 octets] - [01/09/2014 07:14:34]
AdwCleaner[S0].txt - [3243 octets] - [01/09/2014 07:22:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3303 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Colton (administrator) on COLTONS-LAPTOP on 01-09-2014 07:35:37
Running from C:\Users\Colton\Desktop\FARBAR LOL
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-204542581-252718368-1158112864-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-204542581-252718368-1158112864-1002\...\Run: [uTorrent] => C:\Users\Colton\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-16] (BitTorrent Inc.)
HKU\S-1-5-21-204542581-252718368-1158112864-1002\...\MountPoints2: {8f5b7976-56db-11e3-be84-2c59e5a567dd} - "F:\setup.exe" -a
HKU\S-1-5-21-204542581-252718368-1158112864-1002\...\MountPoints2: {fcaccd1e-3a6f-11e3-be81-2c59e5a567dd} - "F:\MotoCastSetup.exe" -a
Startup: C:\Users\Colton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26]
CHR Extension: (Google Drive) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26]
CHR Extension: (Google Search) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26]
CHR Extension: (Heroes & Generals) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [789672 2014-05-16] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-05-13] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 07:35 - 2014-09-01 07:35 - 00000000 ____D () C:\FRST
2014-09-01 07:30 - 2014-09-01 07:35 - 00000000 ____D () C:\Users\Colton\Desktop\FARBAR LOL
2014-09-01 07:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 07:14 - 2014-09-01 07:23 - 00000000 ____D () C:\AdwCleaner
2014-09-01 07:08 - 2014-09-01 07:08 - 01364531 _____ () C:\Users\Colton\Downloads\adwcleaner_3.308.exe
2014-09-01 06:33 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-01 06:21 - 2014-09-01 06:21 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-09-01 06:20 - 2014-09-01 06:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Colton\Downloads\MSEInstall (1).exe
2014-09-01 06:19 - 2014-09-01 06:19 - 11241816 _____ (Microsoft Corporation) C:\Users\Colton\Downloads\MSEInstall.exe
2014-09-01 05:47 - 2014-09-01 05:47 - 03002862 _____ () C:\Users\Colton\Downloads\1408723759098.webm
2014-08-31 04:52 - 2014-08-31 05:30 - 957213659 _____ () C:\Users\Colton\Downloads\The_Great_War_5.1.zip
2014-08-31 04:52 - 2014-08-31 04:53 - 25234696 _____ () C:\Users\Colton\Downloads\The_Great_War_5.1.4.rar
2014-08-31 04:11 - 2014-08-31 04:12 - 01289890 _____ () C:\Users\Colton\Downloads\ModManagerV1.4.zip
2014-08-31 02:09 - 2014-08-31 02:16 - 291190304 _____ () C:\Users\Colton\Downloads\_Divide_et_Impera095.7z
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\Colton\Downloads\2ChicksSameTime - Alex Chance, Brooklyn Chase mp4s
2014-08-30 17:32 - 2014-08-30 18:05 - 230286983 _____ () C:\Users\Colton\Downloads\2 Chicks Same Time - Capri Cavanni & Whitney Westgate.mp4
2014-08-30 17:01 - 2014-08-30 17:01 - 00000000 ____D () C:\Users\Colton\Downloads\Teens Love Huge Cocks - Naughty Noelle - Noelle Easton [SD 432] [.mp4]
2014-08-30 16:46 - 2014-08-30 16:46 - 270955895 _____ () C:\Users\Colton\Downloads\nrgkennedybill_mobile.mp4
2014-08-30 15:58 - 2014-08-30 16:24 - 450278288 _____ () C:\Users\Colton\Downloads\HistWar-Demo-install.exe
2014-08-21 20:00 - 2014-08-21 20:00 - 02790128 _____ () C:\Users\Colton\Downloads\HeroesAndGenerals-setup-94010.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 07:35 - 2014-09-01 07:35 - 00000000 ____D () C:\FRST
2014-09-01 07:35 - 2014-09-01 07:30 - 00000000 ____D () C:\Users\Colton\Desktop\FARBAR LOL
2014-09-01 07:31 - 2012-07-26 03:28 - 00941178 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 07:26 - 2013-08-28 13:14 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\uTorrent
2014-09-01 07:25 - 2013-08-26 19:19 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 07:25 - 2013-07-22 19:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-01 07:24 - 2013-04-22 11:47 - 00000000 ____D () C:\ProgramData\Norton
2014-09-01 07:24 - 2012-08-03 18:23 - 00716580 _____ () C:\Windows\PFRO.log
2014-09-01 07:24 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 07:23 - 2014-09-01 07:14 - 00000000 ____D () C:\AdwCleaner
2014-09-01 07:23 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-01 07:17 - 2013-08-26 19:19 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 07:12 - 2013-07-22 23:59 - 01866427 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 07:08 - 2014-09-01 07:08 - 01364531 _____ () C:\Users\Colton\Downloads\adwcleaner_3.308.exe
2014-09-01 07:02 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-01 06:58 - 2013-11-20 09:33 - 02180608 ___SH () C:\Users\Colton\Downloads\Thumbs.db
2014-09-01 06:36 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-01 06:30 - 2013-07-23 00:09 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-204542581-252718368-1158112864-1002
2014-09-01 06:28 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-01 06:21 - 2014-09-01 06:21 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-09-01 06:20 - 2014-09-01 06:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Colton\Downloads\MSEInstall (1).exe
2014-09-01 06:19 - 2014-09-01 06:19 - 11241816 _____ (Microsoft Corporation) C:\Users\Colton\Downloads\MSEInstall.exe
2014-09-01 05:59 - 2012-07-26 01:26 - 00000269 _____ () C:\Windows\win.ini
2014-09-01 05:57 - 2013-08-26 19:21 - 00002171 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 05:47 - 2014-09-01 05:47 - 03002862 _____ () C:\Users\Colton\Downloads\1408723759098.webm
2014-09-01 01:07 - 2013-07-23 00:02 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{29143BB0-98C2-47B8-A44D-41C697E6794D}
2014-08-31 05:30 - 2014-08-31 04:52 - 957213659 _____ () C:\Users\Colton\Downloads\The_Great_War_5.1.zip
2014-08-31 04:53 - 2014-08-31 04:52 - 25234696 _____ () C:\Users\Colton\Downloads\The_Great_War_5.1.4.rar
2014-08-31 04:12 - 2014-08-31 04:11 - 01289890 _____ () C:\Users\Colton\Downloads\ModManagerV1.4.zip
2014-08-31 03:10 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-31 02:16 - 2014-08-31 02:09 - 291190304 _____ () C:\Users\Colton\Downloads\_Divide_et_Impera095.7z
2014-08-31 00:48 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-30 18:05 - 2014-08-30 17:32 - 230286983 _____ () C:\Users\Colton\Downloads\2 Chicks Same Time - Capri Cavanni & Whitney Westgate.mp4
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\Colton\Downloads\2ChicksSameTime - Alex Chance, Brooklyn Chase mp4s
2014-08-30 17:01 - 2014-08-30 17:01 - 00000000 ____D () C:\Users\Colton\Downloads\Teens Love Huge Cocks - Naughty Noelle - Noelle Easton [SD 432] [.mp4]
2014-08-30 16:46 - 2014-08-30 16:46 - 270955895 _____ () C:\Users\Colton\Downloads\nrgkennedybill_mobile.mp4
2014-08-30 16:24 - 2014-08-30 15:58 - 450278288 _____ () C:\Users\Colton\Downloads\HistWar-Demo-install.exe
2014-08-30 15:54 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-30 15:25 - 2014-07-08 22:10 - 00000366 _____ () C:\Windows\Tasks\HPCeeScheduleForColton.job
2014-08-28 20:50 - 2014-07-08 22:10 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForColton
2014-08-28 20:50 - 2013-07-22 23:59 - 00000000 ____D () C:\Users\Colton
2014-08-24 17:53 - 2013-08-29 21:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-24 17:08 - 2013-07-29 08:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 20:32 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-21 20:00 - 2014-08-21 20:00 - 02790128 _____ () C:\Users\Colton\Downloads\HeroesAndGenerals-setup-94010.exe
2014-08-08 16:25 - 2014-07-16 23:24 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\vlc
2014-08-03 10:30 - 2013-08-30 05:28 - 00000000 ____D () C:\Users\Colton\Desktop\Warhammer Shenanigins
 
Some content of TEMP:
====================
C:\Users\Colton\AppData\Local\Temp\41407uninstall.exe
C:\Users\Colton\AppData\Local\Temp\COMAP.EXE
C:\Users\Colton\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Colton\AppData\Local\Temp\MML_Installer-v1.5.2060.2_signed.exe
C:\Users\Colton\AppData\Local\Temp\ose00000.exe
C:\Users\Colton\AppData\Local\Temp\Quarantine.exe
C:\Users\Colton\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Colton\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-30 15:41
 
==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:48 AM

Posted 04 September 2014 - 11:16 AM

Hi, Samurai262. I'm checking your log now and will reply with instructions soon.

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:11:48 AM

Posted 04 September 2014 - 07:55 PM

Please follow these steps:

1.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
2.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:48 AM

Posted 20 October 2014 - 09:47 AM

Due to the lack of feedback/inactivity and the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.


Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users