Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware on Browsers - websearch.calcitapp.info


  • This topic is locked This topic is locked
5 replies to this topic

#1 Aeonoscence

Aeonoscence

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 19 September 2014 - 11:39 PM

As title states. Mum did some dodgy stuff on the PC and now it's been inflicted with some annoying adware. Can't get rid of it...Tried MBAM, HitmanPro, still here.

The homepage redirects to websearch.calcitapp.info and there's a tonne of ads on every website. Random redirects, can't install adblock on chrome either.

 

Need some help!

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Jimmy at 14:33:03 on 2014-09-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.7884.6088 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.110\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.calcitapp.info/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{59112A64-5F5B-4FED-B0CF-09F309426562} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= c:\programdata\performance optimizer\performanceoptimizer.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 ocz10xx;ocz10xx;C:\Windows\System32\drivers\ocz10xx.sys [2013-10-21 146072]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-26 46376]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-6-5 315352]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-8-20 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-8-20 166720]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-8-20 365344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-6-5 450520]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-20 565352]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2014-8-20 2975960]
S2 892cc6a3;Performance Optimizer;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CouponDownloaderService64;CouponDownloaderService64;C:\Program Files (x86)\F8BD2F58-181C-49D0-8A1E-2BE9E5C93F00\eexvlcbkbu64.exe [2014-7-26 172544]
S2 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=F8BD2F58-181C-49D0-8A1E-2BE9E5C93F00 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=F8BD2F58-181C-49D0-8A1E-2BE9E5C93F00 [?]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-9-19 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-15 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-20 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-5 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-1 1255736]
.
=============== Created Last 30 ================
.
2014-09-20 04:28:46 -------- d-----w- C:\Program Files\CCleaner
2014-09-20 04:23:34 -------- d-sh--w- C:\Users\Jimmy\AppData\Local\EmieUserList
2014-09-20 04:23:34 -------- d-sh--w- C:\Users\Jimmy\AppData\Local\EmieSiteList
2014-09-19 12:14:32 -------- d-----w- C:\Users\Jimmy\AppData\Roaming\LolClient
2014-09-19 12:03:13 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E45A766-31A2-4C82-9CD6-A9F327606E6D}\offreg.dll
2014-09-19 11:41:12 -------- d-sh--w- C:\Users\Jimmy\IntelGraphicsProfiles
2014-09-19 11:39:49 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2014-09-19 11:39:49 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2014-09-19 11:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-09-19 11:18:12 -------- d-----w- C:\Users\Jimmy\AppData\Local\HP
2014-09-19 11:16:32 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E45A766-31A2-4C82-9CD6-A9F327606E6D}\mpengine.dll
2014-09-17 04:19:05 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-17 04:16:53 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-17 04:16:53 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-17 03:51:18 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-09-17 03:51:18 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-09-17 03:46:12 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-17 03:46:12 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-17 03:45:58 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-09-17 03:45:58 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-09-17 03:40:30 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-09-17 03:40:30 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-09-15 04:00:33 -------- d-----w- C:\Windows\Migration
2014-09-15 03:56:21 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-15 03:30:18 2871808 ----a-w- C:\Windows\explorer.exe
2014-09-15 03:30:18 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-09-15 03:30:14 67072 ----a-w- C:\Windows\splwow64.exe
2014-09-15 03:30:14 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-09-13 08:26:58 -------- d-----w- C:\Program Files\HitmanPro
2014-09-13 08:26:44 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-13 08:20:34 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-13 08:20:28 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-13 08:20:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-13 08:20:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-13 08:20:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-13 08:20:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 08:07:00 -------- d-----w- C:\Program Files (x86)\shopndrop
2014-09-11 00:42:55 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-09-11 00:42:55 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-09-11 00:42:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-09-11 00:42:23 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-09-11 00:42:23 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-09-11 00:42:23 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-09-11 00:42:23 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-09-11 00:42:15 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-09-11 00:42:15 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-09-11 00:42:12 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 00:42:12 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 00:39:29 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-09-11 00:38:57 197120 ----a-w- C:\Windows\System32\credui.dll
2014-09-11 00:36:03 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-09-11 00:36:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-09-11 00:36:03 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-09-11 00:36:03 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-09-11 00:36:03 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-09-11 00:36:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-09-11 00:36:03 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-09-11 00:36:00 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-09-11 00:36:00 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-09-11 00:34:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-09-11 00:34:30 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-09-11 00:34:30 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-09-11 00:34:30 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-09-11 00:34:24 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-09-11 00:34:21 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-09-11 00:34:21 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-09-11 00:32:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 00:31:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-09-11 00:31:58 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-09-11 00:31:40 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-09-11 00:31:40 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-09-11 00:31:40 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-09-11 00:31:40 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-09-11 00:31:40 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-09-11 00:31:40 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-09-11 00:31:38 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-09-11 00:31:38 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-09-10 13:48:59 -------- d-----w- C:\ProgramData\52740c015a2d1d11
2014-09-05 03:00:07 -------- d-----w- C:\Windows\System32\SPReview
2014-09-05 02:59:49 -------- d-----w- C:\Windows\System32\EventProviders
2014-09-05 02:55:59 4120064 ----a-w- C:\Windows\System32\mf.dll
2014-09-05 02:43:30 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-09-05 02:43:30 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-09-05 02:43:30 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-09-05 02:43:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-09-05 02:43:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-09-05 02:43:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-09-05 02:43:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-09-05 02:43:29 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-09-05 02:43:29 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-09-01 13:10:29 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-09-01 10:35:21 -------- d-s---w- C:\Windows\System32\CompatTel
2014-09-01 10:35:21 -------- d-----w- C:\Windows\SysWow64\Wat
2014-09-01 10:35:21 -------- d-----w- C:\Windows\System32\Wat
2014-09-01 07:15:58 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-09-01 07:08:20 -------- d-----w- C:\ProgramData\WEBREG
2014-09-01 06:46:37 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-09-01 06:46:37 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-09-01 06:46:37 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-09-01 06:32:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-09-01 06:32:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-09-01 06:32:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-09-01 06:32:55 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-09-01 06:32:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-09-01 06:32:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-09-01 06:32:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-09-01 06:31:01 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-01 06:31:01 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-01 06:30:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-09-01 06:30:43 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-09-01 06:30:43 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-09-01 06:27:30 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2014-08-21 12:35:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-08-21 12:34:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-08-21 12:33:58 395776 ----a-w- C:\Windows\System32\webio.dll
2014-08-21 12:33:58 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-08-21 12:31:46 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-08-21 12:31:46 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-08-21 12:31:01 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2014-08-21 12:31:01 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2014-08-21 12:31:01 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2014-08-21 12:31:01 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2014-08-21 12:27:54 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-08-21 12:27:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-08-21 12:27:50 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2014-08-21 12:27:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-08-21 12:16:04 33792 ----a-w- C:\Windows\System32\profprov.dll
2014-08-21 12:16:04 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-08-21 12:15:56 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-08-21 12:15:56 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-08-21 12:15:56 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-08-21 12:09:08 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-08-21 12:09:08 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-08-21 12:09:08 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2014-08-21 12:09:08 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2014-08-21 12:02:50 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-08-21 12:02:50 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-08-21 12:02:50 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-08-21 11:59:20 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-08-21 11:54:08 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-08-21 11:38:04 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-08-21 11:38:04 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-08-21 11:37:57 642944 ----a-w- C:\Windows\System32\winload.efi
2014-08-21 11:37:57 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-21 11:37:57 605552 ----a-w- C:\Windows\System32\winload.exe
2014-08-21 11:37:57 566208 ----a-w- C:\Windows\System32\winresume.efi
2014-08-21 11:37:57 518672 ----a-w- C:\Windows\System32\winresume.exe
2014-08-21 11:37:57 20352 ----a-w- C:\Windows\System32\kdusb.dll
2014-08-21 11:37:57 19328 ----a-w- C:\Windows\System32\kd1394.dll
2014-08-21 11:37:57 17792 ----a-w- C:\Windows\System32\kdcom.dll
2014-08-21 11:27:09 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-08-21 11:26:42 -------- d-----w- C:\Windows\SysWow64\spool
2014-08-21 11:26:28 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2014-08-21 11:26:28 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2014-08-21 11:26:20 -------- d-----w- C:\Program Files (x86)\HP
2014-08-21 11:25:48 938496 ----a-w- C:\Windows\System32\hpowiax5.dll
2014-08-21 11:25:48 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2014-08-21 11:25:48 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
2014-08-21 11:25:48 505344 ----a-w- C:\Windows\System32\hpovst12.dll
2014-08-21 11:25:48 1403904 ----a-w- C:\Windows\System32\hpotiop5.dll
2014-08-21 11:22:58 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-21 11:21:57 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2014-08-21 09:43:56 -------- d-----w- C:\Program Files\CouponDownloader
.
==================== Find3M  ====================
.
2014-09-15 03:56:21 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-08 07:52:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-09-08 07:52:47 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-24 20:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-25 14:03:52 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-07-24 16:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 13:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-07 02:06:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 14:33:09.71 ===============

 

Thanks in advance for any help!
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:16 AM

Posted 20 September 2014 - 12:56 PM

Hello Aeonoscence,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:16 AM

Posted 21 September 2014 - 08:13 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Aeonoscence

Aeonoscence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 24 September 2014 - 02:44 AM

Hi there fireman4it and thanks for taking the time to respond to this thread!

 

Here are the logs you requested - the adware seems to have disappeared, but I'm going to run the logs to you just to make sure it's all good!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Ultimate x64
Ran by Jimmy on Wed 09/24/2014 at 17:40:34.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/24/2014 at 17:41:45.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.310 - Report created 24/09/2014 at 17:38:52
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jimmy - JIMMY-PC
# Running from : C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLN0ZJC6\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CouponDownloaderService64
Service Deleted : netfilter64
[#] Service Deleted : rqpbhevlkc64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\CouponDownloader
Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\HPAppData
File Deleted : C:\Windows\System32\drivers\netfilter64.sys

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\shopndurop.shopndurop
Key Deleted : HKLM\SOFTWARE\Classes\shopndurop.shopndurop.3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F76421D9-355C-5A3E-388B-EF258F30B346}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F76421D9-355C-5A3E-388B-EF258F30B346}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F76421D9-355C-5A3E-388B-EF258F30B346}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

*************************

AdwCleaner[R0].txt - [335 octets] - [20/09/2014 14:36:06]
AdwCleaner[R1].txt - [1816 octets] - [24/09/2014 17:38:30]
AdwCleaner[S0].txt - [1769 octets] - [24/09/2014 17:38:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1829 octets] ##########

 

Again, thanks for taking the time to help me!



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:16 AM

Posted 24 September 2014 - 07:48 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:16 AM

Posted 01 October 2014 - 01:22 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users