Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake ads popping up eveywhere..


  • This topic is locked This topic is locked
19 replies to this topic

#1 emily_rose

emily_rose

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 12 November 2014 - 06:08 PM

Hi all. So i'm pretty sure my laptop has an adware or malware problem. Everytime I open firefox I constantly get annoying, fake, unwanted ads trying to install things. I keep getting ads from Browse2save, adcash, ad go, some sort of fake windows 7 repair page "reimage repair" and a few other random messages telling me my computer is infected or just andom messages popping up trying to make me click on them. Just as I am writing this right now a random voice came out of nowhere on here, i'm guessing it was an invisable ad because I didn't see anything.. but it said "Why can't you just admit you're freaked out by my robot voice.." Um... what should I do? My computer is also running VERY slow and choppy. I keep hearing music and same weird random noises that keep coming up on ads I can't even see.. I ran a full scan of malware bytes and it came up with nothing. How can I get rid of this? Thank you.


Edited by emily_rose, 12 November 2014 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 18 November 2014 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555884 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 08:28 PM

Hi, thank you for responding. I have ran DDS and have the log files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.6.2
Run by Macbook at 17:23:52 on 2014-11-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.989.63 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\applemou.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=hp&installDate=31/01/2014
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=ds&q={searchTerms}&installDate=31/01/2014
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=ds&q={searchTerms}&installDate=31/01/2014
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=ds&q={searchTerms}&installDate=31/01/2014
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [applemou.exe] C:\Program Files (x86)\applemou.exe
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Macbook\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Browser Infrastructure Helper] C:\Users\Macbook\AppData\Local\Smartbar\Application\SnapDo.exe startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [fst_ca_35] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Macbook\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07631A10-7620-40F9-8F0E-A4C63CC6A6FF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0E34554F-19AF-4344-B7DE-6D20A957F48C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0E34554F-19AF-4344-B7DE-6D20A957F48C}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{0E34554F-19AF-4344-B7DE-6D20A957F48C}\449636B672370205C6163656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DCB613C0-924A-4E82-B8BD-2A8452A104D4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EFA4986B-1B39-4208-A9F1-BEE5925EA18C} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=ds&installDate=31/01/2014&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-09-30 00:18; firefox-hotfix@mozilla.org; C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\extensions\firefox-hotfix@mozilla.org.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/08/27 21:10:56];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]
R3 aapltctp;Apple Trackpad Enabler;C:\Windows\System32\drivers\aapltctp.sys [2012-8-27 7168]
R3 aapltp;Apple Trackpad;C:\Windows\System32\drivers\aapltp.sys [2012-8-27 38912]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-8-27 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-8-27 32256]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\System32\drivers\BthKicker.sys [2012-8-27 8704]
S3 iSightUpdate;iSight Update Driver;C:\Windows\System32\drivers\iSightUP.sys [2012-8-27 17920]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-28 59392]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-17 23:22:53    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A36FBBF6-CA9C-410D-8B99-31DC56F96ADD}\mpengine.dll
2014-11-16 22:52:13    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-12 06:47:03    2106216    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-11-12 06:47:03    20080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-11-12 06:47:02    74864    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-11-12 06:47:01    48240    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M  ====================
.
2014-11-12 11:24:43    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 11:24:41    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 22:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2002-09-11 18:57:30    40960    ----a-w-    C:\Program Files (x86)\applemou.exe
.
============= FINISH: 17:26:30.15 ===============
 



#4 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 08:29 PM

Attatch.txt:
 

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 8/27/2012 8:39:51 PM
System Uptime: 11/18/2014 2:51:33 PM (3 hours ago)
.
Motherboard: Apple Inc. |  | Mac-F22788A9
Processor: Intel® Core™2 Duo CPU     T8100  @ 2.10GHz | U2E1 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 30.816 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\APP0001\4&2DF8E9E9&0
Manufacturer:
Name:
PNP Device ID: ACPI\APP0001\4&2DF8E9E9&0
Service:
.
Class GUID:
Description:
Device ID: ACPI\APP0002\C
Manufacturer:
Name:
PNP Device ID: ACPI\APP0002\C
Service:
.
==== System Restore Points ===================
.
RP60: 11/13/2014 3:04:00 PM - Removed Nancy Drew: Ransom of the Seven Ships
RP61: 11/15/2014 2:10:36 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.4)
Advanced Uninstaller PRO - Version 11
Angry Birds Rio
Angry Birds Seasons
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
CoreAVC Professional Edition (remove only)
CutePDF Writer 3.0
CyberLink DVD Menu Template Pack
CyberLink Media Suite
CyberLink MediaEspresso
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink WaveEditor
D3DX10
DivX Setup
Free YouTube to MP3 Converter version 3.11.20.423
Haali Media Splitter
IDT Audio
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 6
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Nancy Drew The Deadly Device 1.00
Photo Common
Photo Gallery
Picasa 3
Plants vs. Zombies
PowerISO
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Smile Desktop version 1.0.12.332
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.3
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 7:39:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/12/2014 7:13:12 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/12/2014 12:44:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
 


Edited by emily_rose, 18 November 2014 - 08:32 PM.


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 18 November 2014 - 08:29 PM

Hello emily_rose,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 09:00 PM

Hi, thank you so much for replying. I have just ran AdwCleaner and restarted my computer. Here is the adwcleaner log:

 

 

# AdwCleaner v4.101 - Report created 18/11/2014 at 17:52:23
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Macbook - MACBOOK-PC
# Running from : C:\Users\Macbook\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\Browse2Save
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Macbook\AppData\Local\genienext
Folder Deleted : C:\Users\Macbook\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Macbook\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Macbook\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Macbook\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Macbook\Documents\Optimizer Pro
[!] Folder Deleted : C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Folder Deleted : C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\0dngtuu@rororx-.net
File Deleted : C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
File Deleted : C:\Users\Macbook\daemonprocess.txt
File Deleted : C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049012.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049012.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049012.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049012.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AGI
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v33.1 (x86 en-US)

[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.5137d5bf11ed0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"su[...]
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.5137d5bf11ed0.url", "hxxp://progamessafecard.in/sync2/?ext=btos&pid=726&country=CA&regd=130306234815&lsd=141005032922&ver=7&ind=1226614069&ssd=1824546584&xname=Browse2save&hid=35[...]
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.a15d84a30fc9d4fca80a7e5797da621a2b2cb2d04e2624863aee79d0e4333b550com49012.49012.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.aDTYMKB5583855IMJS61442498com62048.62048.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "145f53f5c43b24b2e0f0da9143bb7228");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=0b763135-6666-6873-5864-8fe327ab254c&searchtype=ds&installDate=31/01/2014&q=");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[p6en0ol8.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [10317 octets] - [18/11/2014 17:41:25]
AdwCleaner[S0].txt - [8990 octets] - [18/11/2014 17:52:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9050 octets] ##########



#7 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 09:08 PM

And here are the Farbar results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Macbook (administrator) on MACBOOK-PC on 18-11-2014 18:03:15
Running from C:\Users\Macbook\Downloads
Loaded Profile: Macbook (Available profiles: Macbook)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://splashurl.com/k6ezucm

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RH Designs) C:\Program Files (x86)\applemou.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [448800 2011-03-25] (IDT, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2011-03-25] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [200704 2007-04-09] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_ca_35] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\...\Run: [applemou.exe] => C:\Program Files (x86)\applemou.exe [40960 2002-09-11] (RH Designs)
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\...\MountPoints2: E - E:\autorun.exe [open][2] "Setup.exe"
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\...\MountPoints2: {e544129e-f0c0-11e1-a2df-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://splashurl.com/lxswc6n
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6827B83FC84CD01
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://splashurl.com/lsacrxo
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://splashurl.com/mmoq8rp
SearchScopes: HKU\.DEFAULT -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://splashurl.com/mmoq8rp
SearchScopes: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default
FF NewTab: about:blank
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine,S:
FF Homepage: google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Extension: Feven 2.2.1 - C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\DTYMKB5583855@IMJS61442498.com [2014-09-29]
FF Extension: SnapDo - C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\firefox@splashurl.com.xpi [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-28]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-15] () [File not signed]
S2 STacSV; c:\program files (x86)\idt\apple_v50\wdm\STacSV64.exe [251680 2011-03-25] (IDT, Inc.)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 aapltctp; C:\Windows\System32\DRIVERS\aapltctp.sys [7168 2011-03-25] (Apple Inc.)
R3 aapltp; C:\Windows\System32\DRIVERS\aapltp.sys [38912 2011-03-25] (Apple Inc.)
S3 BthKicker; C:\Windows\System32\DRIVERS\BthKicker.sys [8704 2011-03-25] (Apple Inc.)
R3 DevUpper; C:\Windows\System32\DRIVERS\iSightFT.sys [9216 2011-03-25] (Apple Inc.)
S3 iSightUpdate; C:\Windows\System32\DRIVERS\iSightUP.sys [17920 2011-03-25] (Apple Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:03 - 2014-11-18 18:04 - 00011348 _____ () C:\Users\Macbook\Downloads\FRST.txt
2014-11-18 18:02 - 2014-11-18 18:03 - 00000000 ____D () C:\FRST
2014-11-18 18:02 - 2014-11-18 18:02 - 02117120 _____ (Farbar) C:\Users\Macbook\Downloads\FRST64.exe
2014-11-18 17:55 - 2014-11-18 17:55 - 00000718 _____ () C:\Windows\PFRO.log
2014-11-18 17:41 - 2014-11-18 17:52 - 00000000 ____D () C:\AdwCleaner
2014-11-18 17:38 - 2014-11-18 17:39 - 02140160 _____ () C:\Users\Macbook\Downloads\AdwCleaner.exe
2014-11-18 17:26 - 2014-11-18 17:26 - 00011831 _____ () C:\Users\Macbook\Desktop\dds.txt
2014-11-18 17:26 - 2014-11-18 17:26 - 00008733 _____ () C:\Users\Macbook\Desktop\attach.txt
2014-11-18 17:20 - 2014-11-18 17:20 - 00688992 ____R (Swearware) C:\Users\Macbook\Downloads\dds.com
2014-11-15 13:59 - 2014-11-18 17:56 - 00000392 _____ () C:\Windows\setupact.log
2014-11-15 13:59 - 2014-11-15 13:59 - 00423416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 13:59 - 2014-11-15 13:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-15 13:58 - 2014-11-15 13:58 - 00003288 ____N () C:\bootsqm.dat
2014-11-13 15:21 - 2014-11-13 15:21 - 00114320 _____ () C:\Users\Macbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-11 22:46 - 2014-11-12 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:03 - 2009-07-13 20:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 18:03 - 2009-07-13 20:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 18:01 - 2009-07-13 21:13 - 00799082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 17:59 - 2012-08-27 19:34 - 02082928 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 17:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 17:52 - 2012-08-27 19:40 - 00000000 ____D () C:\Users\Macbook
2014-11-18 17:23 - 2012-08-27 21:35 - 00000000 ____D () C:\Users\Macbook\AppData\Roaming\uTorrent
2014-11-18 17:21 - 2012-08-28 01:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 18:25 - 2014-05-03 20:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-13 15:09 - 2012-11-26 18:44 - 00000000 ____D () C:\Users\Macbook\Documents\Smile
2014-11-13 15:08 - 2012-08-28 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
2014-11-13 15:08 - 2012-08-28 17:07 - 00000000 ____D () C:\Program Files (x86)\Nancy Drew
2014-11-13 15:05 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-13 15:01 - 2012-08-28 01:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 03:25 - 2012-08-28 01:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 03:24 - 2012-08-28 01:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 03:24 - 2012-08-28 01:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 14:30 - 2012-08-27 13:20 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Macbook\AppData\Local\Temp\Quarantine.exe
C:\Users\Macbook\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-07 21:21

==================== End Of Log ============================



#8 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 09:09 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Macbook at 2014-11-18 18:05:29
Running from C:\Users\Macbook\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Angry Birds Rio (HKLM-x32\...\{D7B3493D-766C-40AA-9AA9-053B896D76DE}) (Version: 1.1.0 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{928501C9-CB3B-416C-99D7-9B6B89751FAD}) (Version: 2.5.0 - Rovio)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Menu Template Pack (HKLM-x32\...\{0C8EBB00-4909-459C-8347-B2068B7F0319}) (Version: 2.0 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 9.0.2410 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1203_33054 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2109i - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2325.51 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2402 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Free YouTube to MP3 Converter version 3.11.20.423 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.20.423 - DVDVideoSoft Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5927.2 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 6 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217006FF}) (Version: 7.0.60 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nancy Drew The Deadly Device 1.00 (HKLM-x32\...\Nancy Drew The Deadly Device 1.00) (Version:  - )
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Smile Desktop version 1.0.12.332 (HKLM-x32\...\{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1) (Version: 1.0.12.332 - Webshots)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Macbook\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Macbook\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Macbook\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Macbook\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-11-2014 23:04:00 Removed Nancy Drew: Ransom of the Seven Ships
15-11-2014 22:10:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E9C9152-B4B8-4CE0-8AA0-3FE145FCF8A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {6CB4ED6E-BD9F-40D5-AD0B-FB49560328EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {B37FD111-05B8-4EFB-93EF-D55C402D7C3C} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-12-03] (CyberLink)
Task: {F628E31E-D118-4395-8992-A36DE495E732} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-08-27 21:53 - 2012-07-31 10:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-08-27 19:59 - 2010-09-15 16:50 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-11 22:46 - 2014-11-12 17:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-12 03:24 - 2014-11-12 03:24 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Macbook^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smile Desktop.lnk => C:\Windows\pss\Smile Desktop.lnk.Startup
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2856635385-2710276935-1989948858-500 - Administrator - Disabled)
Guest (S-1-5-21-2856635385-2710276935-1989948858-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2856635385-2710276935-1989948858-1002 - Limited - Enabled)
Macbook (S-1-5-21-2856635385-2710276935-1989948858-1000 - Administrator - Enabled) => C:\Users\Macbook

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 00:16:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AngryBirdsSeasons.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c8

Start Time: 01d0023ea31d22b9

Termination Time: 113

Application Path: C:\Program Files (x86)\Rovio\Angry Birds Seasons\AngryBirdsSeasons.exe

Report Id: ff1a0a54-6e31-11e4-840d-001f5b7be434

Error: (11/12/2014 07:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1254
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/12/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10078

Error: (11/12/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10078

Error: (11/12/2014 07:09:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 04:31:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438

Error: (11/12/2014 04:31:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438

Error: (11/12/2014 04:31:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 04:31:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8408

Error: (11/12/2014 04:31:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8408


System errors:
=============
Error: (11/18/2014 05:54:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1053

Error: (11/18/2014 05:54:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.

Error: (11/18/2014 05:52:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2014 05:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2014 05:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2014 05:52:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2014 05:52:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/18/2014 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2014 05:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2014 05:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 90%
Total physical RAM: 988.73 MB
Available physical RAM: 89.75 MB
Total Pagefile: 2012.73 MB
Available Pagefile: 702.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.48 GB) (Free:30.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 8C63B5F2)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=43.8 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=104.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 18 November 2014 - 09:15 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   2.07KB   5 downloads

 

How is the computer running after you run this fix?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 18 November 2014 - 09:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Macbook at 2014-11-18 18:29:09 Run:1
Running from C:\Users\Macbook\Downloads
Loaded Profile: Macbook (Available profiles: Macbook)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
roupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [fst_ca_35] => [X]
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\...\Run: [applemou.exe] => C:\Program Files (x86)\applemou.exe [40960 2002-09-11] (RH Designs)
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://splashurl.com/lxswc6n
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6827B83FC84CD01
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://splashurl.com/lsacrxo
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://splashurl.com/mmoq8rp
SearchScopes: HKU\.DEFAULT -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://splashurl.com/mmoq8rp
SearchScopes: HKU\S-1-5-21-2856635385-2710276935-1989948858-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF Extension: Feven 2.2.1 - C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\DTYMKB5583855@IMJS61442498.com [2014-09-29]
FF Extension: SnapDo - C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\firefox@splashurl.com.xpi [2014-05-13]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]
C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\firefox@splashurl.com.xpi
C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\DTYMKB5583855@IMJS61442498.com
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]


*****************

roupPolicy: Group Policy on Chrome detected <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_35 => value deleted successfully.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Windows\CurrentVersion\Run\\applemou.exe => value deleted successfully.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" => Key deleted successfully.
"HKCR\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" => Key not found.
HKU\S-1-5-21-2856635385-2710276935-1989948858-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\DTYMKB5583855@IMJS61442498.com => Moved successfully.
C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\firefox@splashurl.com.xpi => Moved successfully.
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found] not found.
"C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\firefox@splashurl.com.xpi" => File/Directory not found.
"C:\Users\Macbook\AppData\Roaming\Mozilla\Firefox\Profiles\p6en0ol8.default\Extensions\DTYMKB5583855@IMJS61442498.com" => File/Directory not found.
gusvc => Service deleted successfully.

==== End of Fixlog ====

 

 

It seems to be working alot better so far. There hasn't been any pop ups or strange ads since running the fix. Computer seems to be running alot faster and smoother as well. If anything else comes up I will let you know. Thank you very much!!


Edited by emily_rose, 18 November 2014 - 09:36 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 19 November 2014 - 12:54 AM

Glad things are better lets run a couple other scanners for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 19 November 2014 - 02:54 AM

Is this the right log for mbam?

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 11/18/2014 11:15:43 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Starting,
Protection, 11/18/2014 11:15:44 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Started,
Protection, 11/18/2014 11:15:45 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Starting,
Update, 11/18/2014 11:15:58 PM, SYSTEM, MACBOOK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.11.18.1,
Update, 11/18/2014 11:16:05 PM, SYSTEM, MACBOOK-PC, Manual, Malware Database, 2014.3.4.9, 2014.11.19.1,
Protection, 11/18/2014 11:16:12 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Started,
Update, 11/18/2014 11:16:20 PM, SYSTEM, MACBOOK-PC, Manual, program, 2.0.1.1004, 2.0.3.1025,
Protection, 11/18/2014 11:16:52 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/18/2014 11:16:52 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/18/2014 11:16:52 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Stopping,
Protection, 11/18/2014 11:16:55 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Stopped,
Protection, 11/18/2014 11:18:05 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Starting,
Protection, 11/18/2014 11:18:06 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Started,
Protection, 11/18/2014 11:18:06 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Starting,
Update, 11/18/2014 11:18:10 PM, SYSTEM, MACBOOK-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.18.1,
Protection, 11/18/2014 11:18:11 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Started,
Update, 11/18/2014 11:18:14 PM, SYSTEM, MACBOOK-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.19.1,
Protection, 11/18/2014 11:18:14 PM, SYSTEM, MACBOOK-PC, Protection, Refresh, Starting,
Protection, 11/18/2014 11:18:14 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/18/2014 11:18:14 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/18/2014 11:18:28 PM, SYSTEM, MACBOOK-PC, Protection, Refresh, Success,
Protection, 11/18/2014 11:18:30 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/18/2014 11:18:32 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Started,
Scan, 11/18/2014 11:41:15 PM, SYSTEM, MACBOOK-PC, Manual, Start:11/18/2014 11:18:50 PM, Duration:20 min 57 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,
Protection, 11/18/2014 11:45:57 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Starting,
Protection, 11/18/2014 11:45:58 PM, SYSTEM, MACBOOK-PC, Protection, Malware Protection, Started,
Protection, 11/18/2014 11:45:58 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/18/2014 11:46:49 PM, SYSTEM, MACBOOK-PC, Protection, Malicious Website Protection, Started,

(end)



#13 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 19 November 2014 - 05:34 AM

Finally the EMSIsoft is complete. That did take quite some time to finish off. It came back with 8 detections but for some reason would only quarantine 7 of them and not the first one it found. The first one was an "Application.Win32.InstallAd (A) and it appears to be a registery key with no risk. When I try and quarantine it it processes but doesn't actually remove the file. Should I try and delete it? Here is the log:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/19/2014 12:07:18 AM
User account: Macbook-PC\Macbook

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    11/19/2014 12:08:20 AM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir     detected: Application.Toolbar (A)
C:\AdwCleaner\Quarantine\C\Users\Macbook\AppData\Local\genienext\nengine.dll.vir     detected: Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Users\Macbook\AppData\Roaming\newnext.me\nengine.dll.vir     detected: Adware.Win32.Agent (A)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll     detected: Gen:Adware.Heur.im9@g1KEkEj (B)

Scanned    212716
Found    8

Scan end:    11/19/2014 2:29:06 AM
Scan time:    2:20:46

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    Quarantined Gen:Adware.Heur.im9@g1KEkEj (B)
C:\AdwCleaner\Quarantine\C\Users\Macbook\AppData\Roaming\newnext.me\nengine.dll.vir    Quarantined Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Users\Macbook\AppData\Local\genienext\nengine.dll.vir    Quarantined Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir    Quarantined Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)

Quarantined    7



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 19 November 2014 - 11:26 AM

Thats not the right log for MBAM.  No need to worry about the one emisoft wont delete.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 emily_rose

emily_rose
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 19 November 2014 - 08:13 PM

Yeah I didn't think so.. when I followed the instructions you gave me that was the only log that was there. Even when I checked Malwarebytes in ProgramData it was the same log that was under application logs in the program. Is there another log somewhere that I missed? Should I run the scan again?


Edited by emily_rose, 19 November 2014 - 08:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users