Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unrelenting pop-ups after installing a fake version of chrome


  • This topic is locked This topic is locked
21 replies to this topic

#1 Redirectsux

Redirectsux

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 01 January 2015 - 07:33 PM

I accidently selected a fake chrome installer and now I am plagued with pop-ups that mention rocketdeal making it almost impossible to use my browser.

I tried AdwCleaner and Junkware removal tools without success.

 

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16609
Run by Marketing2 at 19:24:08 on 2015-01-01
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.2046.1165 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/search?q=google&rls=com.microsoft:*:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7DKUS
uWindow Title = Internet Explorer provided by Dell
uProxyServer = hxxp=127.0.0.1:49175;https=127.0.0.1:49175;
uProxyOverride = <-loopback>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: offerSOftu: {4450330d-41de-411d-b810-1a5d3ec89269} - c:\programdata\offersoftu\f9lXHRD8zEm9Ds.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: bUyandBrowseu: {c89a20ed-2730-4608-8130-b551f378070f} - c:\programdata\buyandbrowseu\xH46wQwVpCKGpC.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [BtHidUi] c:\program files\csr\vista profile pack\BtHidUi.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [DellRemote] "c:\dell\utilities\dell premium remote control\WMPRemoteTray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [DuelTray] c:\program files\duel systems\dueladapter\DuelTray.exe
mRun: [gmsd_us_9] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: Interfaces\{2F3EDBB4-9FFD-47D5-81D7-C515DB2407FD} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: ccc-core-static - msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marketing2\appdata\roaming\mozilla\firefox\profiles\lohr875e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
R2 DuelService;DuelAdapter Support Service;c:\program files\duel systems\dueladapter\DuelService.exe [2007-4-17 106496]
R2 WMPControllerService;WMPControllerService;c:\dell\utilities\dell premium remote control\WMPControllerService.exe [2007-9-14 638976]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2007-9-15 13824]
R3 cpuz126;cpuz126;c:\program files\duel systems\dueladapter\cpuz.sys [2006-12-14 7808]
R3 DellFn;Driver for Dell Function Keys ACPI Device;c:\windows\system32\drivers\DellFn.sys [2007-9-15 10752]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-5-17 35776]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2007-9-15 847392]
S2 3801b403;SectionAppend;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 DellWkbd;Dell WKbd Filter;c:\windows\system32\drivers\DellWkbd.sys [2007-9-15 8192]
.
=============== Created Last 30 ================
.
2014-12-31 12:56:23    --------    d-----w-    c:\windows\ERUNT
2014-12-31 11:41:03    --------    d-----w-    C:\AdwCleaner
2014-12-28 22:47:34    --------    d-----w-    c:\programdata\bUyandBrowseu
2014-12-28 22:47:16    --------    d-----w-    c:\programdata\offerSOftu
2014-12-26 15:22:45    --------    d-----w-    c:\program files\SectionAppend
2014-12-21 23:10:50    --------    d-----w-    c:\users\marketing2\appdata\local\Macromedia
2014-12-04 01:40:34    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-04 01:40:34    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-04 01:26:53    --------    d-----w-    c:\users\marketing2\appdata\roaming\com.trainerroad.desktop
2014-12-04 01:26:47    --------    d-----w-    c:\program files\TrainerRoad
2014-12-04 01:25:00    --------    d-----w-    c:\program files\TrainerRoad USBDrivers
2014-12-04 01:03:58    --------    d-----w-    c:\programdata\4001812108
2014-12-04 01:02:30    --------    d-----w-    c:\programdata\1790955706
2014-12-04 00:57:18    1958    ----a-w-    c:\windows\patsearch.bin
2014-12-04 00:10:58    18872    ----a-w-    c:\windows\system32\drivers\SPPD.sys
2014-12-04 00:10:16    --------    d-----w-    c:\windows\system32\Flash
2014-12-04 00:08:58    445008    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-12-04 00:08:58    38480    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-12-04 00:08:27    613057    ----a-w-    c:\users\marketing2\appdata\local\nsn6484.tmp
2014-12-04 00:07:29    --------    d-----w-    c:\programdata\NortonInstaller
2014-12-04 00:00:04    378368    ----a-w-    c:\windows\system32\winhttp.dll
2014-12-03 23:57:37    --------    d-----w-    c:\programdata\Ant
.
==================== Find3M  ====================
.
2014-12-04 00:08:58    2560    ----a-w-    c:\windows\system32\drivers\en-us\wdf01000.sys.mui
2014-12-03 23:58:39    36864    ----a-w-    c:\windows\system32\drivers\en-us\http.sys.mui
2014-12-02 20:55:44    72704    ----a-w-    c:\windows\system32\fontsub.dll
2014-12-02 20:55:44    34304    ----a-w-    c:\windows\system32\atmlib.dll
2014-12-02 20:55:44    289792    ----a-w-    c:\windows\system32\atmfd.dll
2014-12-02 20:55:44    24064    ----a-w-    c:\windows\system32\lpk.dll
2014-12-02 20:55:44    156672    ----a-w-    c:\windows\system32\t2embed.dll
2014-12-02 20:55:44    10240    ----a-w-    c:\windows\system32\dciman32.dll
2014-12-02 20:54:45    61440    ----a-w-    c:\windows\system32\winipsec.dll
2014-12-02 20:54:45    361984    ----a-w-    c:\windows\system32\IPSECSVC.DLL
2014-12-02 20:54:45    28672    ----a-w-    c:\windows\system32\FwRemoteSvr.dll
2014-12-02 20:54:45    272896    ----a-w-    c:\windows\system32\polstore.dll
2014-12-02 20:53:47    84992    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2014-12-02 20:53:47    306688    ----a-w-    c:\windows\system32\drivers\srv.sys
2014-12-02 20:52:49    95232    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2014-12-02 20:52:49    241152    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2014-12-02 20:52:49    160768    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2014-12-02 20:51:48    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2014-12-02 20:51:48    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2014-12-02 20:51:48    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2014-12-02 20:51:48    19968    ----a-w-    c:\windows\system32\ARP.EXE
2014-12-02 20:51:48    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2014-12-02 20:51:48    15360    ----a-w-    c:\windows\system32\netevent.dll
2014-12-02 20:51:48    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2014-12-02 20:51:48    103936    ----a-w-    c:\windows\system32\netiohlp.dll
2014-12-02 20:51:48    10240    ----a-w-    c:\windows\system32\finger.exe
2014-12-02 20:50:35    67584    ----a-w-    c:\windows\system32\wlanhlp.dll
2014-12-02 20:50:35    47104    ----a-w-    c:\windows\system32\wlanapi.dll
2014-12-02 20:50:35    123904    ----a-w-    c:\windows\system32\L2SecHC.dll
2014-12-02 20:50:34    502272    ----a-w-    c:\windows\system32\wlansvc.dll
2014-12-02 20:50:34    297984    ----a-w-    c:\windows\system32\wlansec.dll
2014-12-02 20:50:34    290816    ----a-w-    c:\windows\system32\wlanmsm.dll
2014-12-02 20:49:32    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-12-02 20:49:32    1260032    ----a-w-    c:\windows\system32\msxml3.dll
2014-12-02 20:49:31    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-12-02 20:49:31    1406464    ----a-w-    c:\windows\system32\msxml6.dll
2014-12-02 20:48:28    216576    ----a-w-    c:\windows\system32\msv1_0.dll
2014-12-02 20:47:30    58368    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2014-12-02 20:47:30    211968    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2014-12-02 20:47:30    102400    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2014-12-02 20:46:35    98816    ----a-w-    c:\windows\system32\mfps.dll
2014-12-02 20:46:35    2855424    ----a-w-    c:\windows\system32\mf.dll
2014-12-02 20:46:34    52736    ----a-w-    c:\windows\system32\rrinstaller.exe
2014-12-02 20:46:34    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2014-12-02 20:46:34    2048    ----a-w-    c:\windows\system32\mferror.dll
2014-12-02 20:45:34    3502480    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-12-02 20:45:34    3468168    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-12-02 20:43:44    434176    ----a-w-    c:\windows\system32\vbscript.dll
2014-12-02 20:42:50    71680    ----a-w-    c:\windows\system32\atl.dll
2014-12-02 20:41:55    297472    ----a-w-    c:\windows\system32\gdi32.dll
2014-12-02 20:39:54    500736    ----a-w-    c:\windows\system32\msdtcprx.dll
2014-12-02 20:39:54    30208    ----a-w-    c:\windows\system32\xolehlp.dll
2014-12-02 20:39:01    156160    ----a-w-    c:\windows\system32\wkssvc.dll
2014-12-02 20:38:07    36352    ----a-w-    c:\windows\system32\tsgqec.dll
2014-12-02 20:38:07    1871872    ----a-w-    c:\windows\system32\mstscax.dll
2014-12-02 20:38:07    116736    ----a-w-    c:\windows\system32\aaclient.dll
2014-12-02 20:37:09    268800    ----a-w-    c:\windows\system32\es.dll
2014-12-02 20:36:17    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2014-12-02 20:34:32    713728    ----a-w-    c:\windows\system32\timedate.cpl
2014-12-02 20:30:48    428032    ----a-w-    c:\windows\system32\EncDec.dll
2014-12-02 20:30:48    177152    ----a-w-    c:\windows\system32\mpg2splt.ax
2014-12-02 20:30:48    1244672    ----a-w-    c:\windows\system32\mcmde.dll
2014-12-02 20:30:47    80896    ----a-w-    c:\windows\system32\MSNP.ax
2014-12-02 20:30:47    68608    ----a-w-    c:\windows\system32\Mpeg2Data.ax
2014-12-02 20:30:47    57856    ----a-w-    c:\windows\system32\MSDvbNP.ax
2014-12-02 20:30:47    292352    ----a-w-    c:\windows\system32\psisdecd.dll
2014-12-02 20:30:47    217088    ----a-w-    c:\windows\system32\psisrndr.ax
2014-12-02 20:28:10    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-12-02 20:27:15    696832    ----a-w-    c:\windows\system32\localspl.dll
2014-12-02 20:25:43    2923520    ----a-w-    c:\windows\explorer.exe
2014-12-02 20:24:57    171520    ----a-w-    c:\windows\system32\wintrust.dll
2014-12-02 20:24:10    7680    ----a-w-    c:\windows\system32\lsass.exe
2014-12-02 20:24:10    72704    ----a-w-    c:\windows\system32\secur32.dll
2014-12-02 20:24:10    494592    ----a-w-    c:\windows\system32\kerberos.dll
2014-12-02 20:24:10    408136    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-12-02 20:24:10    175104    ----a-w-    c:\windows\system32\wdigest.dll
2014-12-02 20:24:10    1233920    ----a-w-    c:\windows\system32\lsasrv.dll
2014-12-02 20:24:09    272384    ----a-w-    c:\windows\system32\schannel.dll
2014-12-02 20:23:02    1808896    ----a-w-    c:\windows\system32\NlsLexicons0046.dll
2014-12-02 20:23:02    1793536    ----a-w-    c:\windows\system32\NlsLexicons0045.dll
2014-12-02 20:23:02    1782272    ----a-w-    c:\windows\system32\NlsLexicons0039.dll
2014-12-02 20:23:02    1558016    ----a-w-    c:\windows\system32\NlsLexicons0049.dll
2014-12-02 20:23:02    1411072    ----a-w-    c:\windows\system32\NlsLexicons0047.dll
2014-12-02 20:23:02    1236992    ----a-w-    c:\windows\system32\NlsLexicons0020.dll
2014-12-02 20:23:01    7964672    ----a-w-    c:\windows\system32\NlsLexicons0024.dll
2014-12-02 20:23:01    5499904    ----a-w-    c:\windows\system32\NlsLexicons0022.dll
2014-12-02 20:23:01    2136064    ----a-w-    c:\windows\system32\NlsLexicons0021.dll
2014-12-02 20:23:00    5791232    ----a-w-    c:\windows\system32\NlsLexicons0026.dll
2014-12-02 20:20:23    29184    ----a-w-    c:\windows\system32\drivers\BTHUSB.SYS
2014-12-02 20:20:23    220160    ----a-w-    c:\windows\system32\drivers\bthport.sys
2014-12-02 20:20:23    19456    ----a-w-    c:\windows\system32\drivers\bthenum.sys
2014-12-02 20:20:23    181760    ----a-w-    c:\windows\system32\fsquirt.exe
2014-12-02 20:19:22    40960    ----a-w-    c:\windows\system32\srclient.dll
2014-12-02 20:19:22    371712    ----a-w-    c:\windows\system32\srcore.dll
2014-12-02 20:19:22    313856    ----a-w-    c:\windows\system32\rstrui.exe
2014-12-02 20:19:22    19000    ----a-w-    c:\windows\system32\kd1394.dll
2014-12-02 20:19:22    16384    ----a-w-    c:\windows\system32\srdelayed.exe
2014-12-02 20:19:21    944184    ----a-w-    c:\windows\system32\winload.exe
2014-12-02 20:19:21    7168    ----a-w-    c:\windows\system32\f3ahvoas.dll
2014-12-02 20:19:21    6656    ----a-w-    c:\windows\system32\kbd106n.dll
.
============= FINISH: 19:24:52.93 ===============
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,506 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:25 PM

Posted 01 January 2015 - 09:06 PM

Hello Redirectsux,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 07:53 AM

AdwCleaner results:

# AdwCleaner v4.106 - Report created 02/01/2015 at 07:50:32
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Marketing2 - MARKETING2M2010
# Running from : C:\Users\Marketing2\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16609


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[lohr875e.default\prefs.js] - Line Deleted : user_pref("FK", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx[...]
[lohr875e.default\prefs.js] - Line Deleted : user_pref("wCjRN0egZ", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70J[...]

*************************

AdwCleaner[R0].txt - [4648 octets] - [31/12/2014 06:41:08]
AdwCleaner[R1].txt - [1373 octets] - [02/01/2015 07:30:03]
AdwCleaner[S0].txt - [4841 octets] - [31/12/2014 06:44:23]
AdwCleaner[S1].txt - [1316 octets] - [02/01/2015 07:50:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1376 octets] ##########
 



#4 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 07:57 AM

FRST Results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by Marketing2 (administrator) on MARKETING2M2010 on 02-01-2015 07:54:43
Running from C:\Users\Marketing2\Desktop
Loaded Profile: Marketing2 (Available profiles: Marketing2)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Cambridge Silicon Radio) C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
() C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Cambridge Silicon Radio) C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(CSR, plc) C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
() C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Dell, Inc) C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Gyration, Inc) C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\setup_wm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-09-15] (Microsoft Corporation)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [94208 2006-10-11] (Logitech Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [BtHidUi] => C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe [1298432 2006-11-15] (Cambridge Silicon Radio)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [284184 2006-10-31] (Logitech Inc.)
HKLM\...\Run: [LVCOMSX] => C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [244512 2006-11-20] (Logitech Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [747032 2006-11-28] ()
HKLM\...\Run: [DellRemote] => C:\Dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe [118784 2006-06-07] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-05-02] (CyberLink Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [94208 2006-10-11] (Logitech Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [DuelTray] => C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe [69632 2007-04-17] ()
HKLM\...\Run: [gmsd_us_9] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\...\Run: [] => [X]
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2712192379-3641042495-258173479-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2712192379-3641042495-258173479-1000] => http=127.0.0.1:49175;https=127.0.0.1:49175;
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/search?q=google&rls=com.microsoft:*:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7DKUS
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: offerSOftu -> {4450330d-41de-411d-b810-1a5d3ec89269} -> C:\ProgramData\offerSOftu\f9lXHRD8zEm9Ds.dll ()
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: bUyandBrowseu -> {c89a20ed-2730-4608-8130-b551f378070f} -> C:\ProgramData\bUyandBrowseu\xH46wQwVpCKGpC.dll ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: roocckEtdeaul - C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\kdVjlU@j.edu [2014-12-28]
FF Extension: LowratoE - C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\ul@z8.com [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 3801b403; c:\Program Files\SectionAppend\SectionAppend.dll [5105664 2014-12-26] () [File not signed]
R2 BthFilterHelper; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [127488 2006-11-07] (CSR, plc) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
R2 DuelService; C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe [106496 2007-04-17] () [File not signed]
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [109344 2006-11-17] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [101152 2006-11-17] (Logitech Inc.)
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [386592 2007-04-27] (Dell Inc.)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [90112 2007-02-08] (SigmaTel, Inc.) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 WMPControllerService; C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe [638976 2006-06-07] (Dell, Inc) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTHFILT; C:\Windows\System32\DRIVERS\BthFilt.sys [13824 2006-12-11] (CSR, plc)
R3 cpuz126; C:\Program Files\Duel Systems\DuelAdapter\cpuz.sys [7808 2006-12-14] (Windows ® 2000 DDK provider) [File not signed]
S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [31744 2006-10-11] (CSR, plc) [File not signed]
R3 DellFn; C:\Windows\System32\DRIVERS\DellFn.sys [10752 2006-12-11] (CSR, plc)
S3 DellWkbd; C:\Windows\System32\DRIVERS\DellWkbd.sys [8192 2006-12-11] (CSR, plc)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 FilterService; C:\Windows\system32\drivers\lvuvcflt.sys [21536 2007-01-08] (Logitech Inc.)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-17] (http://libusb-win32.sourceforge.net)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [21248 2006-10-11] (Logitech, Inc.)
R3 lv321av; C:\Windows\System32\DRIVERS\lv321av.sys [847392 2007-01-08] (Logitech Inc.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1678368 2006-11-17] ()
R3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1962784 2006-11-17] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [24736 2006-11-17] ()
S3 lvselsus; C:\Windows\system32\drivers\lvselsus.sys [65824 2007-01-08] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 07:54 - 2015-01-02 07:55 - 00014783 _____ () C:\Users\Marketing2\Desktop\FRST.txt
2015-01-02 07:54 - 2015-01-02 07:54 - 00000000 ____D () C:\FRST
2015-01-02 07:53 - 2015-01-02 07:53 - 01114624 _____ (Farbar) C:\Users\Marketing2\Desktop\FRST.exe
2015-01-02 07:29 - 2015-01-02 07:29 - 02173952 _____ () C:\Users\Marketing2\Downloads\AdwCleaner(1).exe
2015-01-01 19:24 - 2015-01-01 19:24 - 00017523 _____ () C:\Users\Marketing2\Desktop\dds.txt
2015-01-01 19:24 - 2015-01-01 19:24 - 00004531 _____ () C:\Users\Marketing2\Desktop\attach.txt
2015-01-01 19:22 - 2015-01-01 19:22 - 00688992 ____R (Swearware) C:\Users\Marketing2\Downloads\dds.com
2014-12-31 07:59 - 2014-12-31 07:59 - 00000647 _____ () C:\Users\Marketing2\Desktop\JRT.txt
2014-12-31 07:56 - 2014-12-31 07:56 - 00000000 ____D () C:\Windows\ERUNT
2014-12-31 07:55 - 2014-12-31 07:55 - 01707939 _____ (Thisisu) C:\Users\Marketing2\Downloads\JRT.exe
2014-12-31 06:41 - 2015-01-02 07:50 - 00000000 ____D () C:\AdwCleaner
2014-12-31 06:40 - 2014-12-31 06:40 - 02173952 _____ () C:\Users\Marketing2\Downloads\AdwCleaner.exe
2014-12-28 17:47 - 2014-12-28 17:47 - 00000000 ____D () C:\ProgramData\offerSOftu
2014-12-28 17:47 - 2014-12-28 17:47 - 00000000 ____D () C:\ProgramData\bUyandBrowseu
2014-12-26 10:22 - 2014-12-26 10:22 - 00000000 ____D () C:\Program Files\SectionAppend
2014-12-21 18:10 - 2014-12-21 18:10 - 00000000 ____D () C:\Users\Marketing2\AppData\Local\Macromedia
2014-12-03 20:40 - 2015-01-02 07:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 20:40 - 2014-12-21 17:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-03 20:40 - 2014-12-21 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-03 20:26 - 2014-12-03 20:26 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrainerRoad.lnk
2014-12-03 20:26 - 2014-12-03 20:26 - 00000784 _____ () C:\Users\Public\Desktop\TrainerRoad.lnk
2014-12-03 20:26 - 2014-12-03 20:26 - 00000000 ____D () C:\Users\Marketing2\Documents\TrainerRoad
2014-12-03 20:26 - 2014-12-03 20:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-03 20:26 - 2014-12-03 20:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-03 20:26 - 2014-12-03 20:26 - 00000000 ____D () C:\Program Files\TrainerRoad
2014-12-03 20:26 - 2014-12-03 20:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-03 20:25 - 2014-12-03 20:25 - 06682480 _____ () C:\Users\Marketing2\Downloads\TrainerRoad.2.6.2.exe
2014-12-03 20:25 - 2014-12-03 20:25 - 00000000 ____D () C:\Program Files\DIFX
2014-12-03 20:24 - 2014-12-03 20:24 - 05793728 _____ (TrainerRoad LLC ) C:\Users\Marketing2\Downloads\InstallUSBDrivers.exe
2014-12-03 20:16 - 2014-12-03 20:16 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-03 20:16 - 2014-12-03 20:16 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-03 20:16 - 2014-12-03 20:16 - 00000000 ____D () C:\Users\Marketing2\AppData\Roaming\Mozilla
2014-12-03 20:16 - 2014-12-03 20:16 - 00000000 ____D () C:\Users\Marketing2\AppData\Local\Mozilla
2014-12-03 20:16 - 2014-12-03 20:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-03 20:16 - 2014-12-03 20:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-03 20:16 - 2014-12-03 20:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-03 20:05 - 2014-12-03 20:05 - 00000047 _____ () C:\Users\Marketing2\AppData\Roaming\WB.CFG
2014-12-03 20:03 - 2014-12-03 20:03 - 00000000 ____D () C:\ProgramData\4001812108
2014-12-03 20:02 - 2014-12-03 20:03 - 00000000 ____D () C:\ProgramData\1790955706
2014-12-03 19:57 - 2014-12-03 19:57 - 00001958 _____ () C:\Windows\patsearch.bin
2014-12-03 19:11 - 2014-12-03 19:58 - 00000003 _____ () C:\Users\Marketing2\AppData\Local\proxy.log
2014-12-03 19:10 - 2014-12-03 19:57 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-12-03 19:10 - 2014-12-03 19:10 - 00000000 ____D () C:\Windows\system32\Flash
2014-12-03 19:09 - 2014-12-03 19:09 - 00000000 ____H () C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-12-03 19:09 - 2014-12-03 19:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-03 19:08 - 2014-12-03 19:08 - 00613057 _____ (CMI Limited) C:\Users\Marketing2\AppData\Local\nsn6484.tmp
2014-12-03 19:08 - 2014-12-03 19:08 - 00445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-12-03 19:08 - 2014-12-03 19:08 - 00038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-12-03 19:08 - 2014-12-03 19:08 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2014-12-03 19:00 - 2014-12-03 19:00 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-12-03 18:57 - 2014-12-03 18:57 - 00000000 ____D () C:\ProgramData\Ant
2014-12-03 18:46 - 2014-12-03 18:46 - 00001919 _____ () C:\Windows\IE9_main.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 07:53 - 2007-09-14 23:14 - 01715317 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 07:52 - 2007-09-15 00:02 - 00000000 ____D () C:\MDT
2015-01-02 07:51 - 2007-09-15 00:08 - 00060962 _____ () C:\Windows\PFRO.log
2015-01-02 07:51 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 07:51 - 2006-11-02 07:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 07:51 - 2006-11-02 07:47 - 00003456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 07:50 - 2007-09-14 23:35 - 00001660 _____ () C:\Windows\bthservsdp.dat
2015-01-02 07:50 - 2006-11-02 08:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 06:29 - 2006-11-02 05:33 - 00716948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 19:41 - 2007-09-24 14:48 - 00000000 ____D () C:\Users\Marketing2\AppData\Local\Adobe
2014-12-21 17:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-03 20:26 - 2007-09-24 14:48 - 00000000 ____D () C:\Users\Marketing2\AppData\Roaming\Adobe
2014-12-03 20:26 - 2007-09-14 23:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-03 20:26 - 2007-09-14 23:59 - 00000000 ____D () C:\Program Files\Adobe
2014-12-03 20:25 - 2007-09-21 11:27 - 00000000 ____D () C:\Users\Marketing2
2014-12-03 20:25 - 2007-09-14 23:24 - 00021978 _____ () C:\Windows\DPINST.LOG
2014-12-03 20:04 - 2007-09-21 11:27 - 00000951 _____ () C:\Users\Marketing2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-03 19:58 - 2006-11-02 05:23 - 00000342 _____ () C:\Windows\win.ini
2014-12-03 19:57 - 2006-11-02 07:52 - 00040978 _____ () C:\Windows\setupact.log
2014-12-03 19:57 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.dll
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.exe
C:\Users\Marketing2\AppData\Local\Temp\AC7987BB-DA00-BC8D-A5AB-97011EF9C0CE.exe
C:\Users\Marketing2\AppData\Local\Temp\BSI.exe
C:\Users\Marketing2\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Marketing2\AppData\Local\Temp\nss7D0.exe
C:\Users\Marketing2\AppData\Local\Temp\optprosetup.exe
C:\Users\Marketing2\AppData\Local\Temp\Quarantine.exe
C:\Users\Marketing2\AppData\Local\Temp\sqlite3.dll
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite33317090-19ac-4106-9ca0-26afb3745e3e.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 06:30

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by Marketing2 at 2015-01-02 07:55:28
Running from C:\Users\Marketing2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.2007.0318 - )
Branding (Version: 1.00.0000 - Your Company Name) Hidden
Broadcom Management Programs (HKLM\...\{D6771E19-1BB6-43B1-811E-ECC5A4613579}) (Version: 10.03.01 - Broadcom Corporation)
Business Complete Care Services Agreement (HKLM\...\{64658686-0CD4-4CF6-983D-0A6BE32007DB}) (Version: 1.10.0000 - Dell)
bUyandBrowseu (HKLM\...\{E2D23061-C457-77CB-7789-7139D13F4910}) (Version:  - "")
ccc-core-static (Version: 0108.2146.2565.38893 - ATI) Hidden
ccc-core-update1 (Version: 1.00.0000 - ATI) Hidden
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
Computrace (HKLM\...\{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}) (Version: 1.0.0.0 - Absolute Software Inc.)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Dell Premium Remote Control (HKLM\...\{125EB8DD-8316-4559-9951-E969929381BD}) (Version: 1.0.046 - Dell)
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DuelAdapter (HKLM\...\{81AEDAEB-7C98-4FD9-8FEB-86947DA94300}) (Version: 1.0.1 - Duel Systems)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
KhalSetup (Version: 1.00.0000 - Logitech) Hidden
Logitech QuickCam (HKLM\...\{BFD0113A-BD9F-489D-96CE-AA0382C006A7}) (Version: 10.40.0000 - Logitech Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
offerSOftu (HKLM\...\{B43ADAE2-EB7C-9E3F-2EE9-6D55C686D263}) (Version:  - "")
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Pocket Controller-Professional (HKLM\...\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}) (Version:  - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SectionAppend (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3801b403}) (Version:  - Software Publisher) <==== ATTENTION
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 0108.2146.2565.38893 - ATI) Hidden
Skype Setup (HKLM\...\{8CD1F21C-D3A2-4B07-8493-31752E93A3E4}) (Version: 2.5.31.151 - Skype Technologies)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
TrainerRoad (HKLM\...\com.trainerroad.desktop) (Version: 2.6.2 - Trainer Road LLC)
TrainerRoad (Version: 2.6.2 - Trainer Road LLC) Hidden
TrainerRoad USB Drivers version 1.2 (HKLM\...\{650BFBD5-A986-454C-9471-28A60C83F228}_is1) (Version: 1.2 - TrainerRoad LLC)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Vista Profile Pack (HKLM\...\{529ABF8F-1ED2-404D-987D-2DBFCF88C3E6}) (Version: 1.0.84.0 - Bluetooth)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-12-2014 19:17:29 Scheduled Checkpoint
28-12-2014 18:17:46 Scheduled Checkpoint
30-12-2014 07:25:10 Scheduled Checkpoint
31-12-2014 08:22:09 Scheduled Checkpoint
01-01-2015 19:08:40 Scheduled Checkpoint
01-01-2015 19:29:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {74E7B230-7806-45BA-817B-4F1FF6F1C9A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2006-11-28 18:35 - 2006-11-28 18:35 - 00747032 _____ () C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
2006-11-20 18:04 - 2006-11-20 18:04 - 01058328 _____ () C:\Program Files\Logitech\QuickCam10\LAppRes.dll
2007-09-14 23:45 - 2006-06-07 14:28 - 00118784 _____ () C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
2007-04-17 12:24 - 2007-04-17 12:24 - 00069632 _____ () C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2014-12-03 20:16 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2007-04-17 12:24 - 2007-04-17 12:24 - 00106496 _____ () C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2007-09-15 07:08 - 2007-01-08 16:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2712192379-3641042495-258173479-500 - Administrator - Disabled)
Guest (S-1-5-21-2712192379-3641042495-258173479-501 - Limited - Disabled)
Marketing2 (S-1-5-21-2712192379-3641042495-258173479-1000 - Administrator - Enabled) => C:\Users\Marketing2

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 06:29:51 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/01/2015 07:48:33 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 06:35:25 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/01/2015 01:52:13 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 01:51:56 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (01/01/2015 01:00:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 00:25:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ANTConsoleX.exe, version 0.0.0.0, time stamp 0x53220106, faulting module ANTConsoleX.exe, version 0.0.0.0, time stamp 0x53220106, exception code 0xc0000094, fault offset 0x0001832e,
process id 0x11c8, application start time 0xANTConsoleX.exe0.

Error: (01/01/2015 00:15:36 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.


System errors:
=============
Error: (01/02/2015 07:50:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dell Internal Network Card Power Management1

Error: (01/01/2015 07:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dell Internal Network Card Power Management1

Error: (01/01/2015 07:48:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/01/2015 01:52:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dell Internal Network Card Power Management1

Error: (01/01/2015 01:52:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/01/2015 01:00:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/31/2014 08:28:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/31/2014 08:22:46 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.8 did not allow the name to be claimed by
this computer.

Error: (12/31/2014 08:20:36 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.8 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (01/02/2015 06:29:51 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (01/01/2015 07:48:33 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 06:35:25 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (01/01/2015 01:52:13 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 01:51:56 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (01/01/2015 01:00:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/01/2015 00:25:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ANTConsoleX.exe0.0.0.053220106ANTConsoleX.exe0.0.0.053220106c00000940001832e11c801d025e6130cda2a

Error: (01/01/2015 00:15:36 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9


CodeIntegrity Errors:
===================================
  Date: 2014-12-03 19:55:23.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:28.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:28.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:28.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2008-04-16 22:48:25.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of memory in use: 45%
Total physical RAM: 2045.85 MB
Available physical RAM: 1118.14 MB
Total Pagefile: 4307.74 MB
Available Pagefile: 3289.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.37 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:81.09 GB) (Free:37.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 93.2 GB) (Disk ID: B0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=81.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End Of Log ============================



#5 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 08:30 AM

Not sure if this is related, but thought I would include it in case it may prove helpful. In addition to the pop-ups and the redirects that I find when using the web, I also appear unable to upload any files. I tried to attach the attach.txt file after using the DDS tool, but it didn't work.

I also TrainerRoad, a cycle training program that uploads my workouts to their website. I was able to successfully upload a file on 12/31/2014, but have not been able to since. Prior to starting this topic I tried AdwCleaner and Junkware Removal Tools. It was after I ran those files that I noticed I was unable to upload files.

Thanks,

Tim



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,506 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:25 PM

Posted 02 January 2015 - 11:11 AM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

bUyandBrowseu
offerSOftu


Additional instructions can be found here if needed.

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   7.49KB   3 downloads

 

 

Let me know how the machine is running after this fix.

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 11:52 AM

Machine is running much better. I was able to upload files and I am not getting any pop-ups or redirects. Thank you!

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2015
Ran by Marketing2 at 2015-01-02 11:43:05 Run:1
Running from C:\Users\Marketing2\Desktop
Loaded Profile: Marketing2 (Available profiles: Marketing2)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [gmsd_us_9] => [X]
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)
C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2712192379-3641042495-258173479-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2712192379-3641042495-258173479-1000] => http=127.0.0.1:49175;https=127.0.0.1:49175;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: offerSOftu -> {4450330d-41de-411d-b810-1a5d3ec89269} -> C:\ProgramData\offerSOftu\f9lXHRD8zEm9Ds.dll ()
BHO: bUyandBrowseu -> {c89a20ed-2730-4608-8130-b551f378070f} -> C:\ProgramData\bUyandBrowseu\xH46wQwVpCKGpC.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
FF Extension: roocckEtdeaul - C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\kdVjlU@j.edu [2014-12-28]
FF Extension: LowratoE - C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\ul@z8.com [2014-12-28]
C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\ul@z8.com
 C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\kdVjlU@j.edu
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 3801b403; c:\Program Files\SectionAppend\SectionAppend.dll [5105664 2014-12-26] () [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-12-28 17:47 - 2014-12-28 17:47 - 00000000 ____D () C:\ProgramData\offerSOftu
2014-12-28 17:47 - 2014-12-28 17:47 - 00000000 ____D () C:\ProgramData\bUyandBrowseu
2014-12-26 10:22 - 2014-12-26 10:22 - 00000000 ____D () C:\Program Files\SectionAppend
2014-12-03 20:03 - 2014-12-03 20:03 - 00000000 ____D () C:\ProgramData\4001812108
2014-12-03 20:02 - 2014-12-03 20:03 - 00000000 ____D () C:\ProgramData\1790955706
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.dll
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.exe
C:\Users\Marketing2\AppData\Local\Temp\AC7987BB-DA00-BC8D-A5AB-97011EF9C0CE.exe
C:\Users\Marketing2\AppData\Local\Temp\BSI.exe
C:\Users\Marketing2\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Marketing2\AppData\Local\Temp\nss7D0.exe
C:\Users\Marketing2\AppData\Local\Temp\optprosetup.exe
C:\Users\Marketing2\AppData\Local\Temp\Quarantine.exe
C:\Users\Marketing2\AppData\Local\Temp\sqlite3.dll
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite33317090-19ac-4106-9ca0-26afb3745e3e.dll
Hosts:
Emptytemp:





















*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_9 => value deleted successfully.
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk => Moved successfully.
C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe => Moved successfully.
"C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2712192379-3641042495-258173479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4450330d-41de-411d-b810-1a5d3ec89269} => Key not found.
"HKCR\CLSID\{4450330d-41de-411d-b810-1a5d3ec89269}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c89a20ed-2730-4608-8130-b551f378070f} => Key not found.
"HKCR\CLSID\{c89a20ed-2730-4608-8130-b551f378070f}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\kdVjlU@j.edu => Moved successfully.
C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\ul@z8.com => Moved successfully.
"C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\ul@z8.com" => File/Directory not found.
"C:\Users\Marketing2\AppData\Roaming\Mozilla\Firefox\Profiles\lohr875e.default\Extensions\kdVjlU@j.edu" => File/Directory not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
3801b403 => Service deleted successfully.
CLTNetCnService => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\ProgramData\offerSOftu => Moved successfully.
C:\ProgramData\bUyandBrowseu => Moved successfully.
C:\Program Files\SectionAppend => Moved successfully.
C:\ProgramData\4001812108 => Moved successfully.
C:\ProgramData\1790955706 => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.dll => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\3EFAA24A-DDC3-843A-0636-9AA64BBF44F1.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\AC7987BB-DA00-BC8D-A5AB-97011EF9C0CE.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\BSI.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\ICSW_0L1L2X1P.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\nss7D0.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Marketing2\AppData\Local\Temp\System.Data.SQLite33317090-19ac-4106-9ca0-26afb3745e3e.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:43:36 ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,506 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:25 PM

Posted 02 January 2015 - 01:01 PM

Glad to hear things are better. Lets check for any leftovers now.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

Things to include in your next reply::

MBAM log

Eset log

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 01:35 PM

mbam.log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/2/2015
Scan Time: 1:07:35 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Marketing2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294654
Time Elapsed: 13 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3801b403}, Quarantined, [2e7043af1871c86eae682062798a4db3],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.WebInstrNew.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, Quarantined, [9806e80a1e6b77bf0402481a4bb8aa56],
PUP.Optional.Proxy.A, C:\Users\Marketing2\AppData\Local\proxy.log, Quarantined, [7a24be342861d95d16b52d4c6c97649c],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 01:40 PM

I attempted to download the eset program but internet explorer is telling me that it can't open that site.

Computer is still running well with no pop-ups or redirects.



#11 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 January 2015 - 01:42 PM

I am able to get to eset with firefox, but I know you wrote that it has to be done with IE so I'll await further instructions.



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,506 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:25 PM

Posted 02 January 2015 - 04:16 PM

Lets use this one instead of ESET.

 

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 January 2015 - 12:58 PM

I've tried the Emsisoft program 3 times now. It seems to keep getting hung up at the same point, about 60% into the scan on a java.jar file.

I let it run overnight and it still got hung up.

Is there anything different that I can try?

Thanks



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,506 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:25 PM

Posted 03 January 2015 - 01:33 PM

Try and run it in safemode.

 

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 January 2015 - 08:37 PM

It worked in Safe Mode.

I didn't see an option for a report but I've attached the scan log.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users