Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Spy/Malware + Registry Issues


  • This topic is locked This topic is locked
10 replies to this topic

#1 paN!cker

paN!cker

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:05:20 PM

Posted 16 September 2014 - 12:50 AM

Hi Guys
 
Been infected with some stuff that's turning words on my page into bitsaver clickads, and REALLY slowing my com down. Sometimes random ads just pop up out of nowhere and I can only close it by closing the page that's playing it (even though I can't even see it playing on the page, only audio).
 
Updated Malwarebytes last night, scanned, and applied the recommendations, and then my laptop couldn't start up fully after that. After several tries, did a system restore and I'm back to square one, but without the help of Malwarebytes, which cannot uninstall now because it lacks certain files. I can't install it either because there's remnants of the previous MBAM detected.
 
Secondary to these problems are 5-6 of these runtime errors that pop up on startup. Apart from being annoying they don't seem to do much else. When I got on here a year back we didn't manage to resolve this issue.
 
"Runtime Error!

Program: C:\Windows\system32\rundll32.exe

This application has requested the Runtime to TERMINATEarrow-10x10.png it in an unusual way.
Please contact the APPLICATION'S SUPPORTarrow-10x10.png team for more information."

 

 

 

Thanks for your help, much appreciated.
 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:40:17 PM, on 16/9/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19561)
 
FIREFOX: 32.0.1 (x86 en-GB)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\paN!cker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\XXXChurch\X3Watch\X3Watch.exe
C:\Users\paN!cker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\paN!cker\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\paN!cker\Desktop\paN!cker\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=1208&m=aspire_4930
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;betaapi.x3watchservices.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: YouTTubeADBlockke - {c5f03971-c4d1-498b-8796-77440e5b6008} - C:\Program Files\YouTTubeADBlockke\WsQLuUNSRuWjFA.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav.exe" -run
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\paN!cker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = C:\Users\paN!cker\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: LManager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Canon LBP3000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE
O4 - Global Startup: X3Watch.lnk = ?
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
 
--
End of file - 12015 bytes
 


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 21 September 2014 - 12:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548505 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:05:20 PM

Posted 24 September 2014 - 04:29 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19561  BrowserJavaVersion: 10.67.2
Run by paN!cker at 17:21:09 on 2014-09-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.65.1033.18.3069.1252 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\paN!cker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\CNAB3RPK.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\XXXChurch\X3Watch\X3Watch.exe
C:\Users\paN!cker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Users\paN!cker\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=1208&m=aspire_4930
uProxyServer = hxxp=127.0.0.1:8877;https=127.0.0.1:8877;
uProxyOverride = <-loopback>;betaapi.x3watchservices.com
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: YouTTubeADBlockke: {c5f03971-c4d1-498b-8796-77440e5b6008} - c:\program files\youttubeadblockke\WsQLuUNSRuWjFA.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "c:\users\pan!cker\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav.exe" -run
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\pan!cker\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\pan!cker\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\pan!cker\appdata\roaming\microsoft\windows\start menu\programs\startup\LManager.exe
StartupFolder: c:\users\pan!cker\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB3LAK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\x3watch.lnk - c:\windows\installer\{bcf442dc-768a-4383-afd7-e239f715adb3}\NewShortcut1_DEC347D027C84BB29FAEA3B266D3E438.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{54B2A434-2872-44EC-9CCC-7862C33AA3F5} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6F44039B-A869-49C4-AC0B-035DE6DE167B} : DHCPNameServer = 165.21.100.88 165.21.83.88
TCP: Interfaces\{EC063E2E-1DFD-4155-8C21-723C68AAF295} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.103\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pan!cker\appdata\roaming\mozilla\firefox\profiles\1dmj4ogj.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\pan!cker\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2009-08-26 22:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-12-3 42608]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-8-7 243128]
R1 MpKsl3cc2933b;MpKsl3cc2933b;c:\programdata\microsoft\microsoft antimalware\definition updates\{dbe7575d-533d-4a35-b5b7-27006211f6f1}\MpKsl3cc2933b.sys [2014-9-24 39464]
R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2013-10-24 44736]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-27 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-9-17 242216]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-12-3 3598848]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 95920]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-12-3 233472]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2014-6-5 93040]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-8-27 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-27 93968]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 32148148;PC_Sustainer;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-13 13224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-9-16 40776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-6-4 181912]
.
=============== Created Last 30 ================
.
2014-09-24 09:00:21 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dbe7575d-533d-4a35-b5b7-27006211f6f1}\MpKsl3cc2933b.sys
2014-09-23 19:32:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 18:20:13 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dbe7575d-533d-4a35-b5b7-27006211f6f1}\mpengine.dll
2014-09-22 15:31:12 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-17 11:26:23 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6951f941-017a-4539-8e6b-4c756160851b}\gapaengine.dll
2014-09-16 05:09:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-15 17:32:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-14 00:35:34 -------- d-----w- c:\programdata\BIItSaver
2014-09-12 05:49:59 916992 ----a-w- c:\windows\system32\wininet.dll
2014-09-11 17:04:42 -------- d-----w- c:\programdata\NextCCoupu
2014-09-11 17:04:35 -------- d-----w- c:\program files\NextCCoupu
2014-09-07 12:30:20 -------- d-----w- c:\programdata\Trusted Publisher
2014-09-07 12:30:01 -------- d-----w- c:\program files\PC_Booster
2014-09-07 12:28:31 -------- d-----w- c:\programdata\YouTTubeADBlockke
2014-09-07 12:28:23 -------- d-----w- c:\program files\YouTTubeADBlockke
2014-09-07 12:26:49 -------- d-----w- c:\programdata\pricechoop
2014-09-07 12:26:41 -------- d-----w- c:\program files\pricechoop
2014-09-07 12:26:12 -------- d-----w- c:\programdata\59c6c622770cb40b
2014-09-07 12:26:10 -------- d-----w- c:\users\pan!cker\appdata\local\Torch
2014-09-07 12:26:10 -------- d-----w- c:\users\pan!cker\appdata\local\Chromatic Browser
2014-09-07 12:26:09 -------- d-----w- c:\users\pan!cker\appdata\local\Comodo
2014-08-30 08:49:07 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-30 08:49:07 2054656 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-09 17:26:45 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 17:26:45 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-19 01:40:35 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-08-19 01:40:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-19 01:39:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-08-19 01:39:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-08-19 01:38:10 18944 ----a-w- c:\windows\system32\corpol.dll
2014-08-19 00:10:45 385024 ----a-w- c:\windows\system32\html.iec
2014-08-18 22:33:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:30:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-07 13:30:51 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-07 04:32:07 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-24 18:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 10:05:08 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 10:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-06-26 22:17:19 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-06-26 22:17:19 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-26 22:17:19 619664 ----a-w- c:\windows\system32\icardagt.exe
.
============= FINISH: 17:21:37.75 ===============
 
Sorry I don't think I've got a Windows CD on me!
 
Thanks guys. :)

Attached Files


Edited by paN!cker, 24 September 2014 - 04:31 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 24 September 2014 - 06:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This fix should take care of the Rundll32 error.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=1208&m=aspire_4930
BHO: YouTTubeADBlockke: {c5f03971-c4d1-498b-8796-77440e5b6008} - c:\program files\youttubeadblockke\WsQLuUNSRuWjFA.dll
S2 32148148;PC_Sustainer;c:\windows\system32\rundll32.exe [2006-11-2 44544]
c:\program files\youttubeadblockke

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:05:20 PM

Posted 26 September 2014 - 10:55 AM

Hallo nasdaq!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014
Ran by paN!cker at 2014-09-26 21:49:01 Run:1
Running from C:\Users\paN!cker\Desktop\paN!cker\PC Health
Loaded Profile: paN!cker (Available profiles: paN!cker)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=1208&m=aspire_4930
BHO: YouTTubeADBlockke: {c5f03971-c4d1-498b-8796-77440e5b6008} - c:\program files\youttubeadblockke\WsQLuUNSRuWjFA.dll
S2 32148148;PC_Sustainer;c:\windows\system32\rundll32.exe [2006-11-2 44544]
c:\program files\youttubeadblockke
 
End
*****************
 
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=1208&m=aspire_4930 => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: YouTTubeADBlockke: {c5f03971-c4d1-498b-8796-77440e5b6008} - c:\program files\youttubeadblockke\WsQLuUNSRuWjFA.dll" => Key not found.
"HKCR\CLSID\BHO: YouTTubeADBlockke: {c5f03971-c4d1-498b-8796-77440e5b6008} - c:\program files\youttubeadblockke\WsQLuUNSRuWjFA.dll" => Key not found.
32148148 => Service deleted successfully.
c:\program files\youttubeadblockke => Moved successfully.
 
==== End of Fixlog ====
 
 
 

# AdwCleaner v3.310 - Report created 26/09/2014 at 22:10:03
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : paN!cker - PANICKER
# Running from : C:\Users\paN!cker\Desktop\paN!cker\PC Health\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\BIItSaver
Folder Deleted : C:\ProgramData\NextCCoupu
Folder Deleted : C:\ProgramData\pricechoop
Folder Deleted : C:\Program Files\FlvPlayer
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\PC_booster
Folder Deleted : C:\Program Files\NextCCoupu
Folder Deleted : C:\Program Files\pricechoop
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\paN!cker\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\paN!cker\AppData\Local\torch
Folder Deleted : C:\Users\paN!cker\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\paN!cker\AppData\Roaming\Mozilla\Firefox\Profiles\1dmj4ogj.default\Extensions\0r3h@y.com
Folder Deleted : C:\Users\paN!cker\AppData\Roaming\Mozilla\Firefox\Profiles\1dmj4ogj.default\Extensions\BDSZguo6@AIP.edu
Folder Deleted : C:\Users\paN!cker\AppData\Roaming\Mozilla\Firefox\Profiles\1dmj4ogj.default\Extensions\vJ@E.edu
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncjmohhmeghdcdaoehkcoojpcmhialp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncjmohhmeghdcdaoehkcoojpcmhialp
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mambfljjjeheadjeajjophelbbbcpcdl
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mambfljjjeheadjeajjophelbbbcpcdl
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncjmohhmeghdcdaoehkcoojpcmhialp
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncjmohhmeghdcdaoehkcoojpcmhialp
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mambfljjjeheadjeajjophelbbbcpcdl
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mambfljjjeheadjeajjophelbbbcpcdl
File Deleted : C:\Windows\system32\roboot.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\pricechop.pricechop
Key Deleted : HKLM\SOFTWARE\Classes\pricechop.pricechop.9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-493389286
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{32148148}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70bb937f-e905-48f8-b263-3e657739f340}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b8cf9c95-7467-4b3d-8e75-0ee59919de20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f0715b87-685d-41e7-80f5-4e8ba3374716}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70bb937f-e905-48f8-b263-3e657739f340}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b8cf9c95-7467-4b3d-8e75-0ee59919de20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0715b87-685d-41e7-80f5-4e8ba3374716}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\PC_Booster
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19561
 
 
-\\ Mozilla Firefox v32.0.2 (x86 en-GB)
 
[ File : C:\Users\paN!cker\AppData\Roaming\Mozilla\Firefox\Profiles\1dmj4ogj.default\prefs.js ]
 
Line Deleted : user_pref("extensions.JDo544yh3BFzvSD8.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("extensions.UQV0PkpvHy9lehD2.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("extensions.cmdcXU8jicCYhyeO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016[...]
Line Deleted : user_pref("extensions.xnxZhhdzM1LkrkOP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\paN!cker\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7277 octets] - [26/09/2014 22:02:15]
AdwCleaner[S0].txt - [7097 octets] - [26/09/2014 22:10:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7157 octets] ##########
 
 
 
 
 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox (32.0.2) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 

Interestingly, nothing has changed. the Rundll's are still around, and so are the bitsaver ads.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 26 September 2014 - 12:32 PM


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#7 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:05:20 PM

Posted 27 September 2014 - 11:35 AM

Hi nasdaq

 

Resetting the browser settings did the trick mate! Thanks!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 27 September 2014 - 12:39 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:05:20 PM

Posted 27 September 2014 - 09:23 PM

Gday

 

Only problem now is because of my system restore, my MBAM software cannot uninstall/reinstall anymore. Could you please help me uninstall it completely so I can install the updated version?

 

Much appreciated nasdaq, you've been great help. :D



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 28 September 2014 - 08:23 AM

Download the Malwarebytes' removal Tool from the link below and run it. This will uninstall MBAM.
http://www.malwarebytes.org/mbam-clean.exe

Restart the computer normally and re-install the application.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 04 October 2014 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users