Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adchoices but can't get rid of it


  • This topic is locked This topic is locked
32 replies to this topic

#1 prosell

prosell

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 04 November 2014 - 08:21 PM

Hello, 
 
All my computers and cellphones are infected with the adchoices virus. Whenever I go to any website there are ads everywhere from adchoices. Also, words on a webpage have links that aren't suppose to have links. Additionally, when I click a link I want to go to, the page is redirected to a website saying to update my flash player. I have to close chrome completely or hit the back button before I can get to the page I really want. Any help would be appreciated. Log is below. 
 
Steps taken:
Ran adwcleaner
Ran AVG
Malwarebytes
and quite a few other antivirus or malware programs but still this virus persist
Uninstalled via control panel and extension from browser
Asked adchoices to opt me out from these ads but still the ads show up on every web page I go to. 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by computer at 20:03:15 on 2014-11-04
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   
 
6.1.7601.1.1252.1.1033.18.3062.1930 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3
 
-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-
 
DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-
 
732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089
 
-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud
 
\FCUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\SparkPeople\Connect\SparkPeopleConnect.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\SparkPeople\Connect\flxconhelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WLIDSvcM.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment 
 
Platform\SPF\SpfService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:
 
\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-
 
1449A49795F4} - c:\program files\divx\divx plus web player\ie
 
\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-
 
0BBC1D38A37E} - c:\program files\microsoft office
 
\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-
 
5164760863C6} - c:\program files\common files\microsoft shared
 
\windows live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-
 
8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet 
 
explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-
 
42B3008E02FF} - c:\program files\microsoft office
 
\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-
 
9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware
 
\SUPERAntiSpyware.exe
uRun: [LightScribe Control Panel] c:\program files\common files
 
\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "c:
 
\program files\google\chrome\application\chrome.exe" --type=service
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized 
 
/regrun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\computer\appdata\local\google\update
 
\GoogleUpdate.exe" /c
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe 
 
/logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex
 
\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm
 
\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office
 
\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" 
 
/CHECKNOW
mRun: [HDD Regenerator] "c:\program files\hdd regenerator\Shell.exe" 
 
/0
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files
 
\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe
 
\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe
 
\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup
 
\NBAgent.exe" /WinStart
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home
 
\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java 
 
update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 
 
2\SDTray.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows
 
\startm~1\programs\startup\sparkp~1.lnk - c:\program files
 
\sparkpeople\connect\SparkPeopleConnect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs
 
\startup\mcafee~1.lnk - c:\program files\mcafee security scan
 
\3.8.150\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-
 
914C-F5F514E3486C} - c:\program files\microsoft office
 
\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-
 
AB38-5D6374584B52} - c:\program files\microsoft office
 
\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-
 
8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet 
 
explorer\SkypeIEPlugin.dll
Trusted Zone: adobeconnect.com
Trusted Zone: newcorp.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A776F91A-A71B-437E-A1FA-C660AF5D435E} : 
 
DHCPNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{DB4E81C2-0BC2-40AD-A54B-7D875F2BCCCD} : 
 
DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB4E81C2-0BC2-40AD-A54B-7D875F2BCCCD}\144545034383 : 
 
DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DB4E81C2-0BC2-40AD-A54B-
 
7D875F2BCCCD}\2496F647563747D214478656E637 : DHCPNameServer = 
 
12.127.17.83 12.127.16.67 4.2.2.2
TCP: Interfaces\{DB4E81C2-0BC2-40AD-A54B-
 
7D875F2BCCCD}\E45445745414253343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB4E81C2-0BC2-40AD-A54B-
 
7D875F2BCCCD}\E45445745414254383 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:
 
\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:
 
\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:
 
\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program 
 
files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-
 
52453494E6CD} - c:\program files\microsoft office
 
\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-
 
EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files
 
\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files
 
\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --
 
configure-user-settings --verbose-logging --system-level --multi-
 
install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox
 
\profiles\o00uow22.default-1361218267358\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air
 
\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins
 
\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update
 
\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin
 
\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins
 
\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\computer\appdata\local\citrix\plugins
 
\104\npappdetector.dll
FF - plugin: c:\users\computer\appdata\local\google\update
 
\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\users\computer\appdata\roaming
 
\catali~1\npBcsKtTcHW.dll
FF - plugin: c:\users\computer\appdata\roaming\mozilla\plugins
 
\npgoogletalk.dll
FF - plugin: c:\users\computer\appdata\roaming\mozilla\plugins
 
\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash
 
\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-
 
6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys 
 
[2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows
 
\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers
 
\avgrkx86.sys [2014-6-18 27416]
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2014-
 
2-23 15664]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys 
 
[2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers
 
\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys 
 
[2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers
 
\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys 
 
[2014-7-2 199448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-21 
 
42784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys 
 
[2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS 
 
[2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware
 
\SASCORE.EXE [2011-8-11 142648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg
 
\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe 
 
[2014-9-5 293448]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files
 
\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 
 
1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype
 
\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:
 
\program files\cobian backup 11\cbVSCService11.exe [2014-10-18 67584]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink 
 
core software\DisplayLinkManager.exe [2013-10-7 7676720]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program 
 
files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe 
 
[2014-6-3 241728]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010
 
-2-18 462632]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony
 
\playmemories home\PMBDeviceInfoProvider.exe [2013-12-18 481304]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files
 
\spybot - search & destroy 2\SDUpdSvc.exe [2014-8-2 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program 
 
files\spybot - search & destroy 2\SDWSCSvc.exe [2014-8-2 171928]
R2 SOHDms;Sony Digital Media Server;c:\program files\common files
 
\sony shared\sohlib\SOHDms.exe [2013-11-7 495248]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer
 
\version8\TeamViewer_Service.exe [2013-8-13 5095264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:
 
\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2014-2-23 
 
337200]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver 
 
for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys 
 
[2009-6-10 4231168]
R3 SpfService;VAIO Entertainment Common Service;c:\program files
 
\common files\sony shared\vaio entertainment platform\spf
 
\SpfService.exe [2011-12-1 230560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009
 
-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009
 
-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS 
 
[2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN 
 
v4.0.30319_X86;c:\windows\microsoft.net\framework
 
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files
 
\spybot - search & destroy 2\SDFSSvc.exe [2014-8-2 1738168]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater
 
\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater18.1.5;vToolbarUpdater18.1.5;c:\program files
 
\common files\avg secure search\vtoolbarupdater
 
\18.1.5\toolbarupdater.exe --> c:\program files\common files\avg 
 
secure search\vtoolbarupdater\18.1.5\ToolbarUpdater.exe [?]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers
 
\lgandnetadb.sys [2014-5-30 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows
 
\system32\drivers\lgandnetdiag.sys [2014-5-30 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers
 
\lgandnetmodem.sys [2014-5-30 27776]
S3 DisplayLinkUsbIo;DisplayLinkUsbIo;c:\windows\system32\drivers
 
\DisplayLinkUsbIo_7.4.48800.0.sys [2014-2-23 36752]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2012-12-24 
 
355112]
S3 McComponentHostService;McAfee Security Scan Component Host 
 
Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe 
 
[2014-4-9 235696]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers
 
\MP4ConverterAudio.sys [2012-12-24 23608]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2014-2-25 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2014-2-25 10320]
S3 SOHDs;Sony Device Searcher;c:\program files\common files\sony 
 
shared\sohlib\SOHDs.exe [2013-9-12 79000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k 
 
LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-
 
1-3 52224]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver 
 
cs6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe 
 
dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-20 16:56:23 -------- d-----w- c:\program 
 
files\ESET
2014-10-20 16:45:35 -------- d-----w- c:\windows
 
\ERUNT
2014-10-20 15:26:32 -------- d-----w- c:\users
 
\computer\appdata\roaming\AVG2015
2014-10-20 15:21:12 -------- d-----w- c:
 
\programdata\AVG2015
2014-10-20 15:18:44 -------- d-----w- c:\users
 
\computer\appdata\local\Avg2015
2014-10-18 14:12:30 -------- d-----w- C:\Backup
2014-10-18 14:02:05 -------- d-----w- c:\program 
 
files\Cobian Backup 11
2014-10-14 00:02:37 -------- d-----w- c:\users
 
\computer\appdata\local\Citrix
.
==================== Find3M  ====================
.
2014-09-24 23:24:09 701104 ----a-w- c:\windows
 
\system32\FlashPlayerApp.exe
2014-09-24 23:24:08 71344 ----a-w- c:\windows
 
\system32\FlashPlayerCPLApp.cpl
2014-08-21 01:49:40 193304 ----a-w- c:\windows
 
\system32\drivers\avgldx86.sys
2009-09-27 14:39:26 415744 --sh--w- c:\windows
 
\system32\avisynth.dll
2005-07-14 16:31:20 32256 --sh--w- c:\windows
 
\system32\AVSredirect.dll
2004-02-22 15:11:08 764416 --sh--w- c:\windows
 
\system32\devil.dll
2011-06-16 04:00:00 163328 --sha-r- c:\windows
 
\system32\flvDX.dll
2004-01-25 04:00:00 70656 --sh--w- c:\windows
 
\system32\i420vfw.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows
 
\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows
 
\system32\nbDX.dll
2011-02-11 15:26:20 112128 --sha-r- c:\windows
 
\system32\OptimFROG.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows
 
\system32\TAKDSDecoder.dll
2012-10-06 00:54:00 188416 --sha-r- c:\windows
 
\system32\winDCE32.dll
2004-01-25 04:00:00 70656 --sh--w- c:\windows
 
\system32\yv12vfw.dll
.
============= FINISH: 20:04:33.73 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 09 November 2014 - 08:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554783 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 10 November 2014 - 10:25 PM

These are the steps I've done so far but the problem still prosist. 

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form ofTDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Here is a link to the other post with this information. 

 

http://www.bleepingcomputer.com/forums/t/552479/infected-with-the-adchoices/



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 11 November 2014 - 11:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what issues you are having with this computer.

Wait for further instructions.

#5 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 12 November 2014 - 04:25 PM

Here is the log, The issue I am having is that I can't get adchoices off my browsers. No matter what I need. All devices that connect to the internet are infected. 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by computer (administrator) on COMPUTER-PC on 12-11-2014 16:18:09
Running from C:\Downloads
Loaded Profile: computer (Available profiles: computer)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\SparkPeople\Connect\SparkPeopleConnect.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(FitLinxx) C:\Program Files\SparkPeople\Connect\flxconhelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [HDD Regenerator] => "C:\Program Files\HDD Regenerator\Shell.exe" /0
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2013-12-18] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\Run: [Google Update] => C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-23] (Google Inc.)
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\MountPoints2: F - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2474714382-3684658267-3398471121-1000\...\MountPoints2: {ff554b7f-9ff3-11e3-a1e0-0016d3322e11} - F:\LG_PC_Programs.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SparkPeopleConnect.lnk
ShortcutTarget: SparkPeopleConnect.lnk -> C:\Program Files\SparkPeople\Connect\SparkPeopleConnect.exe ()
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1A0EEF83AD22CF01
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\o00uow22.default-1361218267358
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\computer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\computer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: EPUBReader - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\o00uow22.default-1361218267358\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: PDF Download - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\o00uow22.default-1361218267358\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-08-19]
FF Extension: ReloadEvery - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\o00uow22.default-1361218267358\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-02-28]
FF Extension: Adblock Plus - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\o00uow22.default-1361218267358\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-09]
 
Chrome: 
=======
CHR Profile: C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-04] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7676720 2013-10-07] (DisplayLink Corp.)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
S3 GSService; C:\Windows\system32\GSService.exe [355112 2012-11-29] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [462632 2010-02-18] (Nero AG)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-12-18] (Sony Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213272 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-08] (AVG Technologies)
S3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.4.48800.0.sys [36752 2014-02-23] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [337200 2013-10-07] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-10-07] (DisplayLink Corp.)
S3 MP4ConverterAudio; C:\Windows\System32\drivers\MP4ConverterAudio.sys [23608 2012-11-30] (Windows ® Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 digitalpower; system32\drivers\digitalpower.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 urvpndrv; system32\DRIVERS\covpnwlh.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:17 - 2014-11-12 16:18 - 00000000 ____D () C:\FRST
2014-11-11 20:42 - 2014-11-11 20:42 - 00000000 ____D () C:\Users\computer\Desktop\clockworkmod
2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrinterShare
2014-11-10 18:09 - 2014-11-10 18:09 - 00000000 ____D () C:\ProgramData\Apple
2014-11-10 18:09 - 2014-11-10 18:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-10 18:08 - 2014-11-10 18:20 - 00000000 ____D () C:\ProgramData\PrinterShare
2014-11-10 18:08 - 2014-11-10 18:20 - 00000000 ____D () C:\Program Files\PrinterShare
2014-11-07 21:43 - 2014-11-07 21:47 - 00089617 ____H () C:\Users\computer\Documents\~WRL3619.tmp
2014-11-07 13:04 - 2014-11-07 13:04 - 00000320 _____ () C:\Windows\Tasks\1114avUpdateInfo.job
2014-11-07 13:04 - 2014-11-07 13:04 - 00000000 ____D () C:\ProgramData\Avg_Update_1114av
2014-11-04 20:11 - 2014-11-04 20:11 - 00019779 _____ () C:\Users\computer\Desktop\DDS1.txt
2014-11-04 20:11 - 2014-11-04 20:11 - 00007617 _____ () C:\Users\computer\Desktop\DDS2.txt
2014-11-04 20:04 - 2014-11-04 20:13 - 00007617 _____ () C:\Users\computer\Desktop\attach.txt
2014-11-04 20:04 - 2014-11-04 20:04 - 00019779 _____ () C:\Users\computer\Desktop\dds.txt
2014-11-01 02:00 - 2014-11-01 02:00 - 00011705 _____ () C:\Users\computer\Desktop\4736980739.html
2014-11-01 01:57 - 2014-11-01 01:57 - 00013266 _____ () C:\Users\computer\Desktop\4739826175.html
2014-10-30 14:16 - 2014-10-30 14:16 - 00000000 ____D () C:\Users\computer\Downloads\WinWay Resume Deluxe v.12-cracked
2014-10-30 14:05 - 2014-10-30 14:07 - 127287355 ____R () C:\Users\computer\Downloads\WinWay Resume Deluxe v.12-cracked.rar
2014-10-20 11:56 - 2014-10-20 11:56 - 00000000 ____D () C:\Program Files\ESET
2014-10-20 11:50 - 2014-10-20 11:50 - 00002396 _____ () C:\Users\computer\Desktop\JRT.txt
2014-10-20 11:45 - 2014-10-20 11:45 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 10:26 - 2014-10-20 10:26 - 00000000 ____D () C:\Users\computer\AppData\Roaming\AVG2015
2014-10-20 10:23 - 2014-11-12 13:52 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-20 10:21 - 2014-10-20 10:25 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-20 10:18 - 2014-10-20 11:26 - 00000000 ____D () C:\Users\computer\AppData\Local\Avg2015
2014-10-19 19:12 - 2014-10-19 19:12 - 00038009 _____ () C:\Users\computer\Desktop\Result.txt
2014-10-18 17:35 - 2014-10-18 18:19 - 00010835 _____ () C:\Users\computer\Documents\GroceryStoreList.xlsx
2014-10-18 09:12 - 2014-10-18 09:35 - 00000000 ____D () C:\Backup
2014-10-18 09:02 - 2014-10-18 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-10-18 09:02 - 2014-10-18 09:02 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-10-13 19:03 - 2014-11-12 15:38 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2474714382-3684658267-3398471121-1000.job
2014-10-13 19:02 - 2014-10-13 19:02 - 00000000 ____D () C:\Users\computer\AppData\Local\Citrix
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:18 - 2014-01-24 01:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 16:10 - 2009-07-13 23:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 16:10 - 2009-07-13 23:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 16:06 - 2014-04-05 05:33 - 02077147 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 16:03 - 2012-08-21 21:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-12 16:02 - 2014-08-02 17:06 - 00010216 _____ () C:\Windows\setupact.log
2014-11-12 16:02 - 2014-01-24 01:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 16:02 - 2013-01-22 19:29 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-12 16:02 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 15:38 - 2013-11-23 14:51 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474714382-3684658267-3398471121-1000UA.job
2014-11-12 15:31 - 2013-07-12 20:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-12 15:24 - 2012-06-30 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 19:24 - 2012-06-30 17:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 19:24 - 2012-06-30 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 12:39 - 2012-08-14 11:33 - 00000000 ____D () C:\Users\computer\AppData\Roaming\Mozilla
2014-11-11 11:46 - 2013-07-12 20:32 - 00000000 ___HD () C:\$AVG
2014-11-11 11:38 - 2014-09-05 16:46 - 00037704 _____ () C:\Windows\PFRO.log
2014-11-10 19:16 - 2012-06-30 17:08 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 12:13 - 2012-07-18 18:18 - 00000000 ____D () C:\Users\computer\AppData\Roaming\Skype
2014-11-01 10:38 - 2013-11-23 14:51 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474714382-3684658267-3398471121-1000Core.job
2014-10-30 14:45 - 2012-08-14 11:32 - 00000000 ____D () C:\Users\computer\AppData\Roaming\BitTorrent
2014-10-28 18:15 - 2009-07-13 23:53 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 12:20 - 2014-01-24 01:36 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 12:18 - 2014-06-21 20:47 - 00000000 ____D () C:\AdwCleaner
2014-10-20 11:47 - 2013-02-20 09:23 - 00000000 __SHD () C:\AI_RecycleBin
2014-10-20 11:30 - 2013-09-18 14:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-20 10:27 - 2013-07-12 20:31 - 00000000 ____D () C:\Program Files\AVG
2014-10-13 16:16 - 2014-10-10 14:05 - 00000000 ____D () C:\Users\computer\Documents\Article Info
 
Some content of TEMP:
====================
C:\Users\computer\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\computer\AppData\Local\Temp\SAS6_Update.exe
C:\Users\computer\AppData\Local\Temp\SHSetup.exe
C:\Users\computer\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-06 12:33
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 13 November 2014 - 08:41 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []
S2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
S3 digitalpower; system32\drivers\digitalpower.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 urvpndrv; system32\DRIVERS\covpnwlh.sys [X]
C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#7 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 17 November 2014 - 12:14 AM

Is seems to be running ok, now. I'm going to go to bed and check it again tomorrow and report back. Thanks. 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-11-2014 03
Ran by computer at 2014-11-16 23:57:53 Run:1
Running from C:\FRST
Loaded Profile: computer (Available profiles: computer)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []
S2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
S3 digitalpower; system32\drivers\digitalpower.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 urvpndrv; system32\DRIVERS\covpnwlh.sys [X]
C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx
 
End
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\cfffenfdjeibfomfbppoljahojkbbobb" => Key deleted successfully.
"C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx" => File/Directory not found.
vToolbarUpdater18.1.5 => Service deleted successfully.
digitalpower => Service deleted successfully.
esgiguard => Service deleted successfully.
urvpndrv => Service deleted successfully.
"C:\Users\computer\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx" => File/Directory not found.
 
==== End of Fixlog ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 17 November 2014 - 10:07 AM

One more scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#9 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 19 November 2014 - 03:28 PM

 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Google Chrome (38.0.2125.104) 
 Google Chrome (38.0.2125.111) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (master_preferences...) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 20 November 2014 - 07:56 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 25.
 
You can manually check your present version and update as recommended.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
JavaFX 2.1.1    
 Java 7 Update 51
 
===
 
Get the latest version of the Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>
 

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
===


#11 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 20 November 2014 - 06:29 PM

Ok, my laptop is out of use due to a faulty adapter. I'll get the adapter in a few days from ebay and then I will update java. 



#12 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 November 2014 - 10:51 PM

Not sure why it is saying my java is out of date. I have updated it, like 3 times.  
 
 
Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 CCleaner     
 JavaFX 2.1.1    
 Java 8 Update 25  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Google Chrome (38.0.2125.111) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (master_preferences...) 
 Google Chrome (old_chrome.exe..) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 25 November 2014 - 10:35 AM

The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.
 
Your OK.
 
===
 
Get the latest version of the Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>
 
If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
===


#14 prosell

prosell
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 November 2014 - 09:10 PM

I still have the virus adchoices. It never went away. 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 01 December 2014 - 09:33 AM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users