Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP and PUA detected plus Slow computer/internet, Need a complete check on comp


  • This topic is locked This topic is locked
21 replies to this topic

#1 comp_help2014

comp_help2014

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 03 December 2014 - 12:45 AM

Hi,
 
I used CCcleaner, MBAM, ADWcleaner, JRT and ESET.
 
The log for ADWcleaner is here":
 
# AdwCleaner v4.102 - Report created 30/11/2014 at 15:45:58
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\NM\AppData\Roaming\Mozilla\Firefox\Profiles\eu5tkewl.default-1414670487525\user.js
Folder Found : C:\Users\NM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
 
 

# AdwCleaner v4.102 - Report created 30/11/2014 at 16:25:43
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [1107 octets] - [30/11/2014 15:45:58]
AdwCleaner[R1].txt - [917 octets] - [30/11/2014 16:13:45]
AdwCleaner[S0].txt - [1177 octets] - [30/11/2014 16:08:20]
AdwCleaner[S1].txt - [841 octets] - [30/11/2014 16:25:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [900 octets] ##########
 
 
 
The log for JRT is here:
 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Starter x86
Ran by NM on 01-12-2014 at 11:23:09.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-12-2014 at 11:43:08.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
The log for ESET is here:
 
C:\SwSetup\ATMT\Data1.cab a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\NM\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
 
 
 
After doing all these scans, my computer's internet is still slow. I use a wired connection mostly and when I changed the wifi password, speed increased and then it went down again. Is it more secure to use a wired rather than wifi? And today a new webpage opened without me doing anything. It takes very long for pdf files or word docs to open and the browsers to open. Sometimes my chrome, firefox, IE browser freezes.  Today, I had downloaded DDS and then when I clicked on run, it initially said 'You need to be an administrator to run DDS'. And after a while it started working alright. The other day, I logged into my computer and it took me to a temp account. And I had to log off and log in again. So all these strange things. Please help me resolve this.
 
 
 
DDS logs:
 
1. DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 11.25.2
Run by NM at 10:54:37 on 2014-12-03
#Option MBR scan  is disabled.
Microsoft Windows 7 Starter   6.1.7600.0.1252.91.1033.18.1012.225 [GMT 5.5:30]
.
AV: Quick Heal Total Security 2014 *Disabled/Updated* {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
SP: Quick Heal Total Security 2014 *Disabled/Updated* {DB8FBA10-1533-A429-00B0-F3F913340A5B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall *Enabled* {58D5DAD1-7966-AAFF-115F-61BE9660079D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\quick heal\quick heal total security\SFMDPRT.EXE
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Simplify Media] "c:\program files\hp\hp mediastream\HPMediaStream.exe" -splash
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WTClient] WTClient.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\2596675627A4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\F4C49435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\F4C6468616D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{688DEC32-2768-45C6-8E99-357E9329E347} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= Scdetour.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ScSecAuth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nm\appdata\roaming\mozilla\firefox\profiles\eu5tkewl.default-1414670487525\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R1 bdsflt;bdsflt;c:\windows\system32\drivers\bdsflt.sys [2014-5-24 229480]
R1 bdsnm;bdsnm;c:\windows\system32\drivers\bdsnm.sys [2014-5-24 21096]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-30 17624]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2014-5-24 59608]
R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2014-5-24 61032]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-2-6 81920]
R2 Behavior Detection System;Behavior Detection System;c:\program files\quick heal\quick heal total security\BDSSVC.EXE [2013-8-12 23976]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2013-7-20 51816]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\emlproxy.exe [2014-4-9 34408]
R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2013-8-12 212904]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-9 323584]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2014-5-24 29856]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2013-8-12 28584]
R2 webssx;webssx;c:\windows\system32\drivers\webssx.sys [2014-5-24 52840]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-24 228408]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2014-5-24 33056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2013-8-12 212904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-30 1871160]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-30 968504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 llio;llio;c:\windows\system32\drivers\llio.sys [2014-5-24 58728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-30 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-30 51928]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-6 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-6 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
.
=============== Created Last 30 ================
.
2014-12-03 03:58:30 -------- d--h--w- c:\users\nm\ScStore
2014-12-03 03:58:18 -------- d--h--w- C:\dvmexp
2014-12-01 07:09:35 -------- d-----w- c:\program files\ESET
2014-11-30 12:20:33 -------- d-----w- c:\windows\ERUNT
2014-11-30 11:19:56 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-30 11:19:03 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-30 11:19:03 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-30 11:19:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-30 11:19:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-30 10:02:46 -------- d-----w- c:\program files\CCleaner
2014-11-27 04:56:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{53f7f13c-3a95-4f83-aef5-239218751659}\offreg.dll
2014-11-26 10:42:43 -------- d-----w- c:\programdata\Malwarebytes
2014-11-26 10:41:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-19 11:17:38 -------- d-----w- c:\program files\common files\TI Shared
2014-11-19 11:17:37 -------- d-----w- c:\program files\TI Education
2014-11-14 04:24:06 244336 ----a-w- c:\windows\system32\SCSANDBOXAPI.DLL
2014-11-14 04:19:36 133744 ----a-w- c:\windows\system32\SCSECAUTH.DLL
2014-11-14 04:19:35 4096 ----a-w- c:\windows\system32\DETOURED.DLL
2014-11-14 04:19:35 331888 ----a-w- c:\windows\system32\SCDETOUR.DLL
2014-11-13 13:26:01 40960 ----a-w- c:\windows\system32\maplec.dll
2014-11-13 13:26:01 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2014-11-13 13:26:01 20480 ----a-w- c:\windows\system32\maplecompat.dll
2014-11-13 13:25:35 -------- d-----w- C:\watcom-1.3
2014-11-13 13:19:36 -------- d-----w- c:\program files\Maple 12
.
==================== Find3M  ====================
.
2014-12-02 06:05:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-02 06:05:56 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-14 04:19:33 229480 ----a-w- c:\windows\system32\drivers\bdsflt.sys
2014-11-14 04:19:33 21096 ----a-w- c:\windows\system32\drivers\bdsnm.sys
2014-10-31 12:02:25 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 10:56:05.01 ===============
 
 

Thank you!!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 AM

Posted 08 December 2014 - 12:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558464 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 09 December 2014 - 11:25 PM

Hi,
 
I used CCcleaner, MBAM, ADWcleaner, JRT and ESET. These results I had posted in my previous initial post on this forum.
 
The log for ADWcleaner is here":
 
# AdwCleaner v4.102 - Report created 30/11/2014 at 15:45:58
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\NM\AppData\Roaming\Mozilla\Firefox\Profiles\eu5tkewl.default-1414670487525\user.js
Folder Found : C:\Users\NM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
 
 

# AdwCleaner v4.102 - Report created 30/11/2014 at 16:25:43
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Starter (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [1107 octets] - [30/11/2014 15:45:58]
AdwCleaner[R1].txt - [917 octets] - [30/11/2014 16:13:45]
AdwCleaner[S0].txt - [1177 octets] - [30/11/2014 16:08:20]
AdwCleaner[S1].txt - [841 octets] - [30/11/2014 16:25:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [900 octets] ##########
 
 
 
The log for JRT is here:
 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Starter x86
Ran by NM on 01-12-2014 at 11:23:09.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-12-2014 at 11:43:08.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
The log for ESET is here:
 
C:\SwSetup\ATMT\Data1.cab a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\NM\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
 
 
 
Here are my new DDS.txt results:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 11.25.2
Run by NM at 9:33:43 on 2014-12-10
Microsoft Windows 7 Starter   6.1.7600.0.1252.91.1033.18.1012.63 [GMT 5.5:30]
.
AV: Quick Heal Total Security 2014 *Disabled/Updated* {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
SP: Quick Heal Total Security 2014 *Disabled/Updated* {DB8FBA10-1533-A429-00B0-F3F913340A5B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall *Enabled* {58D5DAD1-7966-AAFF-115F-61BE9660079D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTClient.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\quick heal\quick heal total security\SFMDPRT.EXE
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Simplify Media] "c:\program files\hp\hp mediastream\HPMediaStream.exe" -splash
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WTClient] WTClient.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\2596675627A4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\F4C49435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{50F40929-B20F-4856-832B-6C31F75541F4}\F4C6468616D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{688DEC32-2768-45C6-8E99-357E9329E347} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= Scdetour.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ScSecAuth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nm\appdata\roaming\mozilla\firefox\profiles\eu5tkewl.default-1414670487525\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R1 bdsflt;bdsflt;c:\windows\system32\drivers\bdsflt.sys [2014-5-24 229480]
R1 bdsnm;bdsnm;c:\windows\system32\drivers\bdsnm.sys [2014-5-24 21096]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-30 17624]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2014-5-24 59608]
R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2014-5-24 61032]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-2-6 81920]
R2 Behavior Detection System;Behavior Detection System;c:\program files\quick heal\quick heal total security\BDSSVC.EXE [2013-8-12 23976]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2013-7-20 51816]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\emlproxy.exe [2014-4-9 34408]
R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2013-8-12 212904]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-9 323584]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2014-5-24 29856]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2013-8-12 28584]
R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\quhlpsvc.exe [2014-4-9 105576]
R2 ScSecSvc;Core Browsing Protection;c:\program files\quick heal\quick heal total security\SCSECSVC.EXE [2014-11-14 367216]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-11-13 4799760]
R2 webssx;webssx;c:\windows\system32\drivers\webssx.sys [2014-5-24 52840]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-24 228408]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2014-5-24 33056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2013-8-12 212904]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 llio;llio;c:\windows\system32\drivers\llio.sys [2014-5-24 58728]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-6 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-6 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
.
=============== Created Last 30 ================
.
2014-12-10 03:53:33    --------    d--h--w-    c:\users\nm\ScStore
2014-12-07 11:00:07    --------    d--h--w-    C:\dvmexp
2014-12-01 07:09:35    --------    d-----w-    c:\program files\ESET
2014-11-30 12:20:33    --------    d-----w-    c:\windows\ERUNT
2014-11-30 10:02:46    --------    d-----w-    c:\program files\CCleaner
2014-11-27 04:56:26    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{53f7f13c-3a95-4f83-aef5-239218751659}\offreg.dll
2014-11-26 10:42:43    --------    d-----w-    c:\programdata\Malwarebytes
2014-11-26 10:41:40    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-19 11:17:38    --------    d-----w-    c:\program files\common files\TI Shared
2014-11-19 11:17:37    --------    d-----w-    c:\program files\TI Education
2014-11-14 04:24:06    244336    ----a-w-    c:\windows\system32\SCSANDBOXAPI.DLL
2014-11-14 04:19:36    133744    ----a-w-    c:\windows\system32\SCSECAUTH.DLL
2014-11-14 04:19:35    4096    ----a-w-    c:\windows\system32\DETOURED.DLL
2014-11-14 04:19:35    331888    ----a-w-    c:\windows\system32\SCDETOUR.DLL
2014-11-13 13:26:01    40960    ----a-w-    c:\windows\system32\maplec.dll
2014-11-13 13:26:01    212992    ----a-w-    c:\windows\system32\WMIMPLEX.dll
2014-11-13 13:26:01    20480    ----a-w-    c:\windows\system32\maplecompat.dll
2014-11-13 13:25:35    --------    d-----w-    C:\watcom-1.3
2014-11-13 13:19:36    --------    d-----w-    c:\program files\Maple 12
.
==================== Find3M  ====================
.
2014-12-02 06:05:56    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-02 06:05:56    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-14 04:19:33    229480    ----a-w-    c:\windows\system32\drivers\bdsflt.sys
2014-11-14 04:19:33    21096    ----a-w-    c:\windows\system32\drivers\bdsnm.sys
2014-10-31 12:02:25    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH:  9:35:29.71 ===============

 

I've attached the attach.txt file.

 

A few issues I am facing:
 
After performing all these scans, my computer's internet sometimes is still slow. I use a wired connection mostly and when I changed the wifi password, speed increased and then it went down again. Is it more secure to use a wired rather than wifi? And today a new webpage opened without me doing anything. It takes very long for pdf files or word docs to open and the browsers to open. Sometimes my chrome, firefox, IE browser freezes. I think I'm using an older version of IE. But I am not able to install a new version. Please provide a new link for that. Which browser is better to use out of these three? Previously, when I had downloaded DDS and then when I clicked on run, it initially said 'You need to be an administrator to run DDS'. And after a while it started working alright. The other day, I logged into my computer and it took me to a temp account. And I had to log off and log in again. So all these strange things.

 

A few days ago, when I turned on my computer, the browsers were taking very long to open up. And then the action center gave me a message that Both my antivirus software and windows defender say that my antivirus is turned off. But when I opened my QuickHeal antivirus application, it says 'your computer is protected'. So my question is - Should I turn off windows defender? Why did I get this message and then after a while the message got removed and when I checked in action center, it said that both antivirus and windows firewall is turned on and having two of them turned on will conflct with each other. This happened another time too.

 

Everytime I have to perform the antimalware scan because after each scan, I get the 'generic adware' in the malware scan and I have to remove that. I am not sure how this is getting into my system.

 

Also, yesterday when I was working on a Word doc, I felt my pointer was acting strangely. It wasn't moving or moving very slowly, sometimes it just freezes. And a few softwares I have on my system, sometimes, tell me that the software is corrupted. I am the only one using this internet connection, so I don't know why the speed slows down. I can't think of any other issue that I am facing.

 

Thank you in advance for your help!!

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 AM

Posted 15 December 2014 - 09:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#5 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 16 December 2014 - 12:10 AM

Hi,

 

I am running this scan now. I am doing it in normal mode. I also want to inform you that I ran a few tools on my system yesterday when I was waiting for a response to my topic here. These are the tools : Rkill, malwarebytes, superantispyware, trojan remover, ccleaner and my Quickheal antimalware several times. I hope this is ok. Also I found some unusual activity in my gmail account.

 

Here are the results of FARBAR:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by NM (administrator) on NM-PC on 16-12-2014 10:30:30
Running from C:\Users\NM\Downloads
Loaded Profile: NM (Available profiles: NM)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Tablet Driver) C:\Windows\System32\WTClient.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-04] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-12] (IDT, Inc.)
HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-21] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-02] (Hewlett-Packard)
HKLM\...\Run: [WTClient] => C:\Windows\SYSTEM32\WTClient.exe [32768 2009-08-19] (Tablet Driver)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161704 2013-07-20] (Quick Heal Technologies (P) Ltd.)
HKU\S-1-5-21-551812208-478891508-1572922594-1000\...\Run: [Simplify Media] => C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe [21498376 2009-10-23] (Simplify Media, Inc.)
HKU\S-1-5-21-551812208-478891508-1572922594-1000\...\RunOnce: [Adobe Speed Launcher] => 1418704056
AppInit_DLLs: Scdetour.dll => C:\Windows\SYSTEM32\Scdetour.dll [331888 2014-11-14] (Quick Heal Technologies (P) Ltd.)
Lsa: [Notification Packages] scecli ScSecAuth

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-551812208-478891508-1572922594-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/26
SearchScopes: HKLM -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\NM\AppData\Roaming\Mozilla\Firefox\Profiles\eu5tkewl.default-1414670487525
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-12]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [23976 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [34408 2014-06-05] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [212904 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [212904 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-09] (DeviceVM, Inc.) [File not signed]
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [28584 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [105576 2014-06-05] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [259424 2014-03-07] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [367216 2014-11-14] (Quick Heal Technologies (P) Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe [221266 2009-10-12] (IDT, Inc.)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [229480 2014-11-14] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [21096 2014-11-14] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [51816 2014-05-31] (Quick Heal Technologies (P) Ltd.)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-30] (DeviceVM, Inc.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29856 2013-07-20] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [59608 2013-09-07] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [58728 2014-03-12] (Quick Heal Technologies (P) Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-15] (Malwarebytes Corporation)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33056 2013-08-24] (Quick Heal Technologies (P) Ltd.)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [23208 2009-06-22] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [14504 2009-06-22] (PenTablet Driver)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [23208 2009-06-22] (Tablet Driver)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [19624 2009-06-22] (Tablet Driver)
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [52840 2013-12-30] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [61032 2013-12-27] (Quick Heal Technologies (P) Ltd.)
S3 27623; \??\C:\Users\NM\AppData\Local\Temp\47180024\27623.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 10:30 - 2014-12-16 10:32 - 00014729 _____ () C:\Users\NM\Downloads\FRST.txt
2014-12-16 10:29 - 2014-12-16 10:31 - 00000000 ____D () C:\FRST
2014-12-16 10:27 - 2014-12-16 10:27 - 01111040 _____ (Farbar) C:\Users\NM\Downloads\FRST.exe
2014-12-16 09:24 - 2014-12-16 09:26 - 00000000 ___HD () C:\Users\NM\ScStore
2014-12-15 17:20 - 2014-12-15 17:20 - 00003128 _____ () C:\Users\NM\untitled1_MAS.bak
2014-12-15 16:19 - 2014-12-16 09:24 - 00002098 _____ () C:\Windows\PFRO.log
2014-12-15 16:06 - 2014-12-15 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathType 6
2014-12-15 15:10 - 2014-12-16 10:31 - 00084904 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 15:07 - 2014-12-16 09:26 - 00000504 _____ () C:\Windows\setupact.log
2014-12-15 15:07 - 2014-12-15 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-15 13:27 - 2014-12-15 13:27 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-15 12:54 - 2014-12-15 12:54 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-15 12:04 - 2014-12-15 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 12:04 - 2014-12-15 15:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 12:03 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-15 12:03 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-15 12:03 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-13 20:37 - 2014-12-16 09:34 - 00000012 ____H () C:\dvmexp.idx
2014-12-13 20:26 - 2014-12-13 20:26 - 00000000 ___HD () C:\dvmexp
2014-12-13 19:33 - 2014-12-13 19:33 - 00000000 ____D () C:\Users\NM\AppData\Roaming\hpqLog
2014-12-12 21:57 - 2014-12-12 21:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-01 11:29 - 2014-12-01 11:29 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-01 11:29 - 2014-12-01 11:29 - 00000000 __RSH () C:\IO.SYS
2014-11-30 17:50 - 2014-11-30 17:50 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 21:24 - 2014-12-02 21:02 - 00000000 ____D () C:\Users\N\Others
2014-11-26 16:12 - 2014-11-28 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-26 16:11 - 2014-11-27 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 15:59 - 2014-12-15 16:59 - 00000188 _____ () C:\AUTOEXEC.BAT
2014-11-17 15:30 - 2014-11-17 15:31 - 00000000 ____D () C:\Users\N\Math

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 10:32 - 2009-07-14 10:04 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 10:32 - 2009-07-14 10:04 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 10:22 - 2014-05-24 20:12 - 00000340 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2014-12-16 09:36 - 2014-05-17 20:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 09:35 - 2014-05-17 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-16 09:35 - 2014-05-17 20:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-16 09:34 - 2014-05-24 20:05 - 00000000 ____D () C:\Windows\system32\gprodat
2014-12-16 09:24 - 2014-05-10 17:22 - 00000000 ____D () C:\Users\NM
2014-12-16 09:24 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 17:57 - 2014-05-10 21:22 - 00000000 ____D () C:\Users\NM\AppData\Roaming\vlc
2014-12-15 17:15 - 2014-05-10 20:55 - 00000000 ____D () C:\Users\N
2014-12-15 16:23 - 2014-05-10 17:23 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-15 16:19 - 2009-07-14 10:03 - 00444776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-15 16:18 - 2014-05-24 20:16 - 00000460 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2014-12-15 16:07 - 2014-11-13 19:05 - 00123576 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-15 16:06 - 2014-05-14 14:25 - 00000000 ____D () C:\Users\NM\AppData\Roaming\Design Science
2014-12-15 16:06 - 2014-05-10 22:05 - 00000000 ____D () C:\Program Files\MathType
2014-12-15 13:27 - 2009-11-24 09:46 - 00000000 ____D () C:\ProgramData\Temp
2014-12-13 20:37 - 2014-05-10 17:31 - 00000000 ____D () C:\temp
2014-12-13 19:51 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Help
2014-12-13 19:37 - 2009-11-24 08:46 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-12-13 19:36 - 2009-11-24 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-13 19:35 - 2009-11-24 08:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-13 19:17 - 2009-11-24 08:53 - 00000000 ____D () C:\Program Files\Windows Live
2014-12-13 10:54 - 2014-06-07 19:41 - 00000000 ____D () C:\Users\N\Evelyn
2014-12-13 10:51 - 2014-05-12 13:53 - 00000000 ____D () C:\Users\N\John Macarthur
2014-12-13 01:18 - 2014-05-10 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-12 13:05 - 2014-06-08 16:05 - 00000000 ____D () C:\Users\N\Christian stuff
2014-12-10 22:36 - 2014-06-05 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 10:29 - 2014-05-12 13:59 - 00000000 ____D () C:\Users\N\SCF - The Cross
2014-12-05 06:56 - 2014-05-11 23:13 - 00000000 ____D () C:\Users\NM\AppData\Roaming\BitTorrent
2014-12-03 10:32 - 2009-11-24 11:29 - 00000000 ____D () C:\Program Files\Hp
2014-12-02 17:43 - 2009-11-24 09:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-30 15:39 - 2009-09-07 05:21 - 00000000 ____D () C:\Windows\Panther
2014-11-28 12:18 - 2014-05-26 20:05 - 00000543 _____ () C:\Windows\system32\nvscnrpt.log
2014-11-25 17:26 - 2014-05-10 21:58 - 00000000 ____D () C:\Users\N\Movies
2014-11-24 01:08 - 2014-05-20 22:43 - 00000000 ____D () C:\Users\NM\AppData\Roaming\Skype
2014-11-23 06:32 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-21 20:22 - 2014-08-03 13:15 - 00131012 _____ () C:\Windows\system32\debug.log
2014-11-19 23:34 - 2014-10-06 14:33 - 00016290 _____ () C:\Users\N\Song Lyrics.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 08:14

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 AM

Posted 16 December 2014 - 09:45 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

SearchScopes: HKLM -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll No File
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 27623; \??\C:\Users\NM\AppData\Local\Temp\47180024\27623.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please run the AdwCleaner tool and get the latest version.

==

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 December 2014 - 05:05 AM

Hi,

 

Thank you for your response.

 

I deleted the FRST.exe program from my computer but the FRST folder is still there in my C:drive.Should I download the tool again?

 

Thanks



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 AM

Posted 17 December 2014 - 10:00 AM

I deleted the FRST.exe program from my computer but the FRST folder is still there in my C:drive

It's a working folder created by the tool.

Download the tool again and you can place it in that folder with the Fixlist.txt file you created.

Run the tool and fix it.

#9 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 December 2014 - 01:04 PM

Hi,

 

Fixlog.txt results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by NM at 2014-12-17 22:42:41 Run:1
Running from C:\FRST
Loaded Profile: NM (Available profiles: NM)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> DefaultScope {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-551812208-478891508-1572922594-1000 -> {027FD8C7-8FD3-4766-9534-5D12E99A8F7C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll No File
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 27623; \??\C:\Users\NM\AppData\Local\Temp\47180024\27623.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

End

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{027FD8C7-8FD3-4766-9534-5D12E99A8F7C}" => Key deleted successfully.
"HKCR\CLSID\{027FD8C7-8FD3-4766-9534-5D12E99A8F7C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-551812208-478891508-1572922594-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-551812208-478891508-1572922594-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{027FD8C7-8FD3-4766-9534-5D12E99A8F7C}" => Key deleted successfully.
"HKCR\CLSID\{027FD8C7-8FD3-4766-9534-5D12E99A8F7C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0" => Key deleted successfully.
ACDaemon => Service deleted successfully.
GameConsoleService => Service deleted successfully.
gusvc => Service deleted successfully.
27623 => Service deleted successfully.
btwaudio => Service deleted successfully.
btwavdt => Service deleted successfully.
btwl2cap => Service deleted successfully.
btwrchid => Service deleted successfully.
Tablet2k => Service deleted successfully.

==== End of Fixlog ====

 

 

 

 

Adwcleaner results:

 

# AdwCleaner v4.105 - Report created 17/12/2014 at 23:20:03
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Starter  (32 bits)
# Username : NM - NM-PC
# Running from : C:\Users\NM\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvc

***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1281 octets] - [17/12/2014 23:06:21]
AdwCleaner[S0].txt - [1216 octets] - [17/12/2014 23:20:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1276 octets] ##########
 

 

 

Securitycheck results:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7  x86 (UAC is disabled!)  
 Out of date service pack!!
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Quick Heal Total Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 15  
 Java 8 Update 25  
 Java version 32-bit out of Date!
  Adobe Flash Player     15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Quick Heal Quick Heal Total Security onlinent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

About my computer - Yes, after running these tools, there seems to be a difference. Could you tell me something - Several times

I accessed my gmail and it said this account is open in another location. I used to ignore that but I did a google check and it said that someone was accessing my account, so I signed off all other sessions. It is not happening now but I have set up 2 step verification for my gmail account, then how is it possible for someone to be accessing my system from another location?

 

Secondly, I ran the antimalware scan from my Quickheal antivirus yesterday and the annoying generic adware popped up. I did go to the physical location and removed it there several times but it popped up again. I haven't done the antimalware scan now after running the tools you told me to run but I will do it after posting this and let you know.

 

Oh and my chrome browser would crash so I use firefox now. Also, the Adwcleaner said something about a PUP which was related to Skype. Should I remove Skype from my system and any other software from my system that might cause problems. Should I keep my windows defender on when my anitvirus is also running?

 

Thanks so much for your help!!

Also how do I keep my softwares uptodate?

 

Thanks.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 AM

Posted 17 December 2014 - 01:51 PM

It is not happening now but I have set up 2 step verification for my gmail account, then how is it possible for someone to be accessing my system from another location?

Keep an eye on this. It might just be that your e-mail address has been spoofed and being used by someone else.
If that continues get a new e-mail account and when all you contacts have been informed of the new address cancel the old one.

===

Oh and my chrome browser would crash


Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Adwcleaner said something about a PUP which was related to Skype

It will only remove the Browser object.
You can keep it if you use it.
===

Remove this old version of Java using the Add/Remove programs applet
Java™ 6 Update 15
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

Windows 7 x86 (UAC is disabled!)
Out of date service pack!!


I strongly suggest you update to SP1.
http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

===

How is the computer running now?

#11 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2014 - 12:38 AM

Hi,

 

Thank you so much for your help. I have a couple of questions.

 

1. Regarding my gmail. Which email client do I use now? I  have several gmail accounts. Which other email client do I use which is safer? How does spoofing happen? How do I ensure that it does not happen on the new email accounts I open? Also, what about my old emails which I need. Should I forward them to the new email account I open?

 

2. You said to update to SP1. Can I do that by the link you gave me?  I don't think I have an original copy of Windows.

 

My computer is faster now. Thanks much.



#12 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2014 - 12:41 AM

You said, regarding my old email account, that if 'it' continues, then get another email account. How will I know if it is continuing?



#13 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2014 - 12:43 AM

Can I remove Adwcleaner and Farbar and other tools you told me to install from my system now?



#14 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2014 - 01:09 AM

Hi again,

 

Can I use a desktop email client versus a web client? Which one would you recommend?

 

Thanks!



#15 comp_help2014

comp_help2014
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2014 - 01:18 AM

Just a question - Was my computer hacked by any chance?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users