Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Sever Connection Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 AlCornutt

AlCornutt

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 January 2015 - 07:32 PM

I ran some maleware programs (Adware) and upon its completeiong and rebooting my laptop, I was unable to connect to any websites because my browsers cant find or connect to a proxy server. I have run rkill and MBAM but niether has solved the issue. I tried running ESET but it cant download its files due to the proxy not being found. MiniToolBox also did nothing to solve the issue and using CMD while as an admin has proved fruitless as well. Below is the log from DDS and MBAM, I really have no idea what else I can do at this point. 

 

DDS Logs

 

Attach:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2014 3:08:48 AM
System Uptime: 1/16/2015 6:00:37 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 153.024 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 4 GiB total, 2.547 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP98: 12/31/2014 11:49:55 PM - Installed Minecraft
RP99: 1/1/2015 12:05:15 AM - Installed Minecraft
RP100: 1/1/2015 12:09:17 AM - Installed Minecraft
RP101: 1/1/2015 12:31:56 AM - Removed Java 8 Update 25
RP103: 1/1/2015 1:23:40 AM - Windows Defender Checkpoint
RP104: 1/1/2015 1:39:13 AM - Installed Java 7 Update 71 (64-bit)
RP105: 1/1/2015 3:00:14 AM - Windows Update
RP106: 1/14/2015 12:28:19 AM - Installed Minecraft
RP107: 1/14/2015 12:36:11 AM - Windows Update
RP108: 1/15/2015 12:34:42 PM - Windows Update
RP109: 1/16/2015 6:04:44 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Creative Cloud
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Illustrator CC 2014
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Filter Driver Package
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
Bluetooth Stack for Windows by Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
D3DX10
Dolphin
ETDWare PS/2-X64 8.0.8.0_R01
Google Chrome
iTunes
Java 7 Update 71
Java 7 Update 71 (64-bit)
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Katawa Shoujo
Label@Once 1.0
League of Legends
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Minecraft
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NVIDIA PhysX
PAYDAY 2
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Skype Launcher
Skype™ 6.18
Steam
Team Fortress 2
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR 5.10 beta 4 (64-bit)
World of Warcraft
XML Notepad 2007
.
==== Event Viewer Messages From Past Week ========
.
1/16/2015 6:04:23 PM, Error: Service Control Manager [7034]  - The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
1/15/2015 8:12:14 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/15/2015 8:11:07 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
1/15/2015 8:11:07 PM, Error: Service Control Manager [7001]  - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
1/15/2015 8:11:07 PM, Error: Service Control Manager [7000]  - The Peer Networking Identity Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/15/2015 8:11:06 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
.
==== End Of File ===========================
 
DDS: 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Alec at 18:22:18 on 2015-01-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1043 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe
C:\86247496c5deae50ce7a176d2ad5aa\Setup.exe
C:\windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} - hxxp://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AED8DB00-A607-451A-B03A-BB77E4A0BF1A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AED8DB00-A607-451A-B03A-BB77E4A0BF1A}\142637F6C657475675966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AED8DB00-A607-451A-B03A-BB77E4A0BF1A}\2375942554938393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AED8DB00-A607-451A-B03A-BB77E4A0BF1A}\A43555D2E45647 : DHCPNameServer = 10.80.5.128 10.80.5.132
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2014-5-1 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2014-5-1 38016]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-5-1 204288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2014-5-1 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2014-5-1 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2014-5-1 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-5-1 38096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2014-5-1 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\windows\System32\NlsSrv32.exe --> C:\windows\System32\NlsSrv32.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2014-5-1 42096]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-11-3 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-8-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-5-1 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-8-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-8-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-5-3 1255736]
.
=============== Created Last 30 ================
.
2015-01-17 00:06:08 -------- d-----w- C:\86247496c5deae50ce7a176d2ad5aa
2015-01-17 00:02:18 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-16 02:17:10 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DD10107-4280-4322-BD9A-A2F8F940D3B2}\mpengine.dll
2015-01-14 06:39:01 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-01-14 06:38:56 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-01-14 06:38:56 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-01-14 06:38:56 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-01-14 06:38:51 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-01-14 06:38:44 87040 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-01-14 06:38:27 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-01-14 06:38:24 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 06:38:20 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-01-14 06:38:14 503808 ----a-w- C:\windows\System32\srcore.dll
2015-01-14 06:38:13 50176 ----a-w- C:\windows\System32\srclient.dll
2015-01-14 06:38:13 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-01-14 06:38:13 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-01-14 06:29:10 -------- d-----w- C:\Program Files (x86)\Minecraft
2015-01-04 07:13:47 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-04 07:13:23 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-01-04 07:13:23 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-01-04 07:13:23 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-01-04 07:13:23 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-04 07:13:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 08:10:08 -------- d-----w- C:\AdwCleaner
2015-01-01 07:40:09 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-12-30 05:32:21 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-30 05:32:21 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
.
==================== Find3M  ====================
.
2015-01-14 06:31:22 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 06:31:22 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 15:55:52 298120 ------w- C:\windows\System32\MpSigStub.exe
2015-01-01 06:36:55 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-06 01:36:04 1958585 ----a-w- C:\windows\shost.bin
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-11-04 02:04:43 0 ----a-w- C:\windows\SysWow64\sho2E5A.tmp
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
.
============= FINISH: 18:23:21.46 ===============
 
MBAM:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/4/2015
Scan Time: 7:00:44 PM
Logfile: MBAMLog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.04.17
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alec
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355357
Time Elapsed: 37 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [d62bb3b6d2aaba7c11baea78d62d51af], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Second MBAM Scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/4/2015
Scan Time: 1:14:52 AM
Logfile: PriorScan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.04.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alec
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354062
Time Elapsed: 32 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc6.37.565328, Quarantined, [ca9cec072168270fb17287604fb2ff01], 
PUP.Optional.NorthernThemesService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Northern Themes Service, Quarantined, [4620c330d5b41f1752a9629335ccf907], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\CLASSES\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{99C1EDDE-1A80-48EA-BD58-CEA4B2DFAC81}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F35F0B-FED4-4BB8-9343-D68619D62E6C}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F35F0B-FED4-4BB8-9343-D68619D62E6C}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{99C1EDDE-1A80-48EA-BD58-CEA4B2DFAC81}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKU\S-1-5-21-4013292991-288846359-1112908074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{72351B45-9636-4F99-820B-7C552D27897D}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.Zoomify.A, HKU\S-1-5-21-4013292991-288846359-1112908074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{72351B45-9636-4F99-820B-7C552D27897D}, Quarantined, [293d9c57d2b7999d711d9a42659d12ee], 
PUP.Optional.BackgroundHost.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5249B0FA-6530-41CB-A96E-7043F91BE056}}_is1, Quarantined, [273fc82b2069d95dcd93ca9c0cf7fe02], 
PUP.Optional.Zoomify.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cozhost, Quarantined, [e97d24cf4b3e95a1310de97cb54eee12], 
PUP.Optional.Zoomify.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cozwhost, Quarantined, [7fe70ee52c5d3bfb8fae3134dc27817f], 
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\donutleadsServiceCore, Quarantined, [d6909162553487afae95a0cf8b78b749], 
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\donutleadsServiceCore, Quarantined, [77ef49aa98f154e2530fd0950df68e72], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
 
Registry Values: 1
PUP.Optional.MyRadioPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|myradioplayer Tray, "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe", Quarantined, [2c3a7a79e7a2b581296f994a30d4649c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.NorthernThemesService.A, C:\Users\Alec\AppData\NTSFile, Quarantined, [b4b23db67e0b66d0cf8f491d0ef5a957], 
PUP.Optional.BackgroundHost.A, C:\Program Files (x86)\Background Host, Quarantined, [273fc82b2069d95dcd93ca9c0cf7fe02], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
 
Files: 50
PUP.Optional.MaintainerSvc.A, C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe, Quarantined, [ca9cec072168270fb17287604fb2ff01], 
PUP.Optional.NorthernThemesService.A, C:\Users\Alec\AppData\NTSFile\NTS.exe, Quarantined, [4620c330d5b41f1752a9629335ccf907], 
PUP.Optional.SwiftBrowse, C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.bak, Quarantined, [5511fbf84940e2540b8e4ea818e9fa06], 
PUP.Optional.HQVideo.A, C:\Users\Alec\AppData\Roaming\DE.exe, Quarantined, [4422d61d66231620ba3dfabe4cb926da], 
PUP.Optional.HQVideo.A, C:\Users\Alec\AppData\Roaming\XQWGX.exe, Quarantined, [77efb43f6821f83ec92e388092731fe1], 
PUP.Optional.DonutLeads.A, C:\$Recycle.Bin\S-1-5-21-4013292991-288846359-1112908074-1000\$R49KLR3.exe, Quarantined, [da8cdd165e2b8babdfd69248a25f07f9], 
PUP.Optional.DonutLeads.A, C:\$Recycle.Bin\S-1-5-21-4013292991-288846359-1112908074-1000\$RW6EM6E.exe, Quarantined, [7fe76f848dfcdd59123d4f6a679e9f61], 
PUP.Optional.MyPCBackup.A, C:\Users\Alec\AppData\Local\Temp\CloudBackup6230.exe, Quarantined, [a7bfe50e0584d3636a0008dd2cd50ef2], 
PUP.Optional.Conduit.A, C:\Users\Alec\AppData\Local\Temp\nsh7364.exe, Quarantined, [f27424cf7c0d2412598d950dd829659b], 
PUP.Optional.ClientConnect, C:\Users\Alec\AppData\Local\Temp\Setup.exe, Quarantined, [55116a8981086dc9acef559f7193a35d], 
PUP.Optional.Bandoo, C:\Users\Alec\Downloads\iLividSetup-r1631-n-bc.exe, Quarantined, [6ff710e3f099c3735d979e8bed141ee2], 
PUP.Optional.OptimumInstaller.A, C:\Users\Alec\Downloads\Player-Chrome (1).exe, Quarantined, [4f176f843d4cb284795fafbe10f1a957], 
PUP.Optional.OptimumInstaller.A, C:\Users\Alec\Downloads\Player-Chrome.exe, Quarantined, [254119dab9d047efd00874f96a97fd03], 
PUP.Optional.iBryte, C:\Users\Alec\Downloads\Drivers.exe, Quarantined, [4b1b4ba80b7e13232266605f37cab44c], 
PUP.Optional.OptimumInstaller.A, C:\Users\Alec\Downloads\setup (4).exe, Quarantined, [412515de29601422f1e7de8f41c08080], 
PUP.Optional.OptimumInstaller.A, C:\Users\Alec\Downloads\setup (5).exe, Quarantined, [7cea73807e0bd85e409886e77e83b34d], 
PUP.Optional.NorthernThemesService.A, C:\Users\Alec\AppData\NTSFile\db.ini, Quarantined, [b4b23db67e0b66d0cf8f491d0ef5a957], 
PUP.Optional.NorthernThemesService.A, C:\Users\Alec\AppData\NTSFile\helper.dll, Quarantined, [b4b23db67e0b66d0cf8f491d0ef5a957], 
PUP.Optional.NorthernThemesService.A, C:\Users\Alec\AppData\NTSFile\uninst.exe, Quarantined, [b4b23db67e0b66d0cf8f491d0ef5a957], 
PUP.Optional.BackgroundHost.A, C:\Program Files (x86)\Background Host\unins000.dat, Quarantined, [273fc82b2069d95dcd93ca9c0cf7fe02], 
PUP.Optional.BackgroundHost.A, C:\Program Files (x86)\Background Host\JAVA-Extension.exe, Quarantined, [273fc82b2069d95dcd93ca9c0cf7fe02], 
PUP.Optional.BackgroundHost.A, C:\Program Files (x86)\Background Host\unins000.exe, Quarantined, [273fc82b2069d95dcd93ca9c0cf7fe02], 
PUP.Optional.ChromeHitory.A, C:\Users\Alec\AppData\Local\ChromeHitoryDB, Quarantined, [3e285e95c4c52b0bbd55e780cf34e41c], 
PUP.Optional.DonutQuotes, C:\Windows\System32\Tasks\DonutQuotes, Quarantined, [2e38e70ca4e559dd2ac2c5a3d1321ce4], 
Trojan.Agent, C:\Users\Alec\AppData\Roaming\DE.exe, Quarantined, [baac7083d8b146f011ce2d45d62e748c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\GoogleCrashHandler.exe, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\GoogleUpdate.exe, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\GoogleUpdateBroker.exe, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\GoogleUpdateHelper.msi, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\GoogleUpdateOnDemand.exe, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\goopdate.dll, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\goopdateres_en.dll, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\npGoogleUpdate4.dll, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\psmachine.dll, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.118300\psuser.dll, Quarantined, [bea8f9fa3f4a42f464383b0bd42fd22e], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\GoogleCrashHandler.exe, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\GoogleUpdate.exe, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\GoogleUpdateBroker.exe, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\GoogleUpdateHelper.msi, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\GoogleUpdateOnDemand.exe, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\goopdate.dll, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\goopdateres_en.dll, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\npGoogleUpdate4.dll, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\psmachine.dll, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Alec\AppData\Local\Temp\comh.390943\psuser.dll, Quarantined, [a8bea94a93f664d20399400648bbf50b], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\ctr_1417743577, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\errsent.config, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\instlgsent.config, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\instltm_20141204194052, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\ServiceConfig2.json, Quarantined, [c89e21d27a0f75c117142f2837cc60a0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
These are all the logs I have currently besides an rkill log, if I need to upload that I'll do so.

 



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:32 AM

Posted 17 January 2015 - 09:41 AM

EDIT

Edited by Machiavelli, 17 January 2015 - 01:20 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 17 January 2015 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Try this and see if you Internet connection is not working.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:xxxxx if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

====

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 22 January 2015 - 09:32 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 23 January 2015 - 10:47 AM

This topic has been re-opened at the request of the person who originally posted.

#6 AlCornutt

AlCornutt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 23 January 2015 - 09:26 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Alec (administrator) on ALEC-PC on 22-01-2015 21:00:45
Running from C:\Users\Alec\Desktop
Loaded Profiles: Alec (Available profiles: Alec)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NlsSrv32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4013292991-288846359-1112908074-1000 -> {3BC47101-C463-4E99-8C94-9A404EC7936C} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS586
SearchScopes: HKU\S-1-5-21-4013292991-288846359-1112908074-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=IC17A9052-3A56-49FF-97A4-C9ECD36AB231&SearchSource=55&CUI=&UM=6&UP=SPBC4B9392-4D75-42CE-A962-EE43B68AD426&SSPV=
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hppp&ts=1416942131&from=cor&uid=TOSHIBAXMK3275GSX_816QC37RTXX816QC37RT&i=psd&t=34c903600\t/verysilent /hideuninstall"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
CHR Extension: (AdBlock) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-04]
CHR Extension: (Google Wallet) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 nlsX86cc; C:\windows\SysWOW64\NlsSrv32.exe [66560 2012-08-24] (Nalpeiron Ltd.) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Tosrfcom; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 21:00 - 2015-01-22 21:02 - 00016578 _____ () C:\Users\Alec\Desktop\FRST.txt
2015-01-22 21:00 - 2015-01-22 21:00 - 00000000 ____D () C:\FRST
2015-01-22 21:00 - 2015-01-22 20:57 - 02126848 _____ (Farbar) C:\Users\Alec\Desktop\FRST64.exe
2015-01-16 18:23 - 2015-01-16 18:23 - 00019101 _____ () C:\Users\Alec\Desktop\dds.txt
2015-01-16 18:23 - 2015-01-16 18:23 - 00006586 _____ () C:\Users\Alec\Desktop\attach.txt
2015-01-16 18:02 - 2015-01-16 18:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 01:29 - 2015-01-16 01:29 - 00000017 _____ () C:\Users\Alec\AppData\Local\resmon.resmoncfg
2015-01-16 01:22 - 2015-01-16 01:22 - 00000588 _____ () C:\Users\Alec\Desktop\Result.txt
2015-01-16 01:21 - 2015-01-16 01:14 - 00401920 _____ (Farbar) C:\Users\Alec\Desktop\MiniToolBox.exe
2015-01-14 00:39 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 00:38 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 00:38 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 00:38 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 00:38 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 00:38 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 00:38 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:38 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:38 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 00:38 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 00:38 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 00:38 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 00:38 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 00:29 - 2015-01-14 00:30 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-01-14 00:29 - 2015-01-14 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-04 01:13 - 2015-01-14 00:19 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 01:13 - 2015-01-04 01:13 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 01:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-04 01:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-04 01:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-04 01:10 - 2015-01-16 18:13 - 00002040 _____ () C:\Users\Alec\Desktop\Rkill.txt
2015-01-01 02:10 - 2015-01-01 03:27 - 00000000 ____D () C:\AdwCleaner
2015-01-01 01:43 - 2015-01-01 01:43 - 00002970 _____ () C:\windows\System32\Tasks\{8EEE6452-90FE-4036-9E89-CBDF8160AE5A}
2015-01-01 01:42 - 2015-01-01 01:42 - 00000000 ____D () C:\windows\Sun
2015-01-01 01:40 - 2015-01-01 01:39 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-01-01 01:40 - 2015-01-01 01:39 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-01-01 01:40 - 2015-01-01 01:39 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-01-01 01:40 - 2015-01-01 01:39 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-01 01:39 - 2015-01-01 01:39 - 00000000 ____D () C:\Program Files\Java
2015-01-01 01:38 - 2015-01-01 01:38 - 31029672 _____ (Oracle Corporation) C:\Users\Alec\Documents\jre-7u71-windows-x64.exe
2015-01-01 00:30 - 2015-01-01 00:30 - 00638888 _____ (Oracle Corporation) C:\Users\Alec\Documents\chromeinstall-8u25 (1).exe
2015-01-01 00:27 - 2015-01-01 00:27 - 00076248 _____ () C:\Users\Alec\Documents\FLVPlayer-Chrome.exe
2015-01-01 00:19 - 2015-01-01 00:19 - 00638888 _____ (Oracle Corporation) C:\Users\Alec\Documents\chromeinstall-8u25.exe
2015-01-01 00:07 - 2015-01-01 00:08 - 00000000 ____D () C:\Users\Alec\Documents\game
2015-01-01 00:06 - 2015-01-01 00:06 - 01291528 _____ (Mojang) C:\Users\Alec\Documents\Minecraft.exe
2015-01-01 00:02 - 2015-01-01 00:02 - 02314240 _____ () C:\Users\Alec\Desktop\MinecraftInstaller (1).msi
2014-12-31 23:48 - 2014-12-31 23:48 - 02314240 _____ () C:\Users\Alec\Documents\MinecraftInstaller.msi
2014-12-29 23:32 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-29 23:32 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 21:00 - 2014-05-01 01:00 - 00000000 ____D () C:\Users\Alec\AppData\Local\Adobe
2015-01-22 20:59 - 2014-05-01 01:39 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 20:58 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-22 20:58 - 2009-07-13 22:51 - 00065428 _____ () C:\windows\setupact.log
2015-01-22 20:57 - 2014-05-01 00:06 - 02040281 _____ () C:\windows\WindowsUpdate.log
2015-01-22 20:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:49 - 2009-07-13 23:13 - 00782228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-22 20:48 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-22 20:41 - 2014-05-01 01:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 20:31 - 2014-05-01 01:01 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 20:31 - 2014-05-01 01:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 20:31 - 2011-07-21 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:18 - 2014-05-01 01:39 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:20 - 2014-05-03 02:56 - 00774934 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-16 01:27 - 2014-05-01 06:47 - 00000000 ____D () C:\Users\Alec\AppData\Roaming\.minecraft
2015-01-15 12:47 - 2014-08-15 22:06 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 12:35 - 2014-08-15 22:05 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 00:57 - 2010-11-20 21:47 - 02834212 _____ () C:\windows\PFRO.log
2015-01-14 00:35 - 2014-09-16 21:19 - 00000033 _____ () C:\Users\Alec\AppData\Roaming\AdobeWLCMCache.dat
2015-01-14 00:28 - 2014-05-01 06:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-14 00:27 - 2014-05-01 01:02 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-08 09:55 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-04 20:21 - 2014-11-02 21:25 - 00000000 ____D () C:\Users\Alec\Documents\Old Papers
2015-01-04 02:40 - 2014-11-03 23:29 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
2015-01-01 03:28 - 2014-06-12 14:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-01 03:28 - 2014-06-12 14:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-01 03:03 - 2014-06-12 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-01 01:41 - 2014-05-01 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-01 00:36 - 2014-10-18 23:00 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 00:20 - 2011-07-21 19:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-30 00:49 - 2014-10-18 14:30 - 00000000 ____D () C:\Users\Alec\Desktop\Payday 2 Modder
2014-12-29 23:19 - 2014-10-20 15:41 - 00000000 ____D () C:\Users\Alec\Documents\Payday
 
==================== Files in the root of some directories =======
2014-09-16 21:19 - 2015-01-14 00:35 - 0000033 _____ () C:\Users\Alec\AppData\Roaming\AdobeWLCMCache.dat
2014-09-21 01:28 - 2014-09-21 01:56 - 0111720 _____ () C:\Users\Alec\AppData\Roaming\MixPad.dmp
2014-11-03 23:03 - 2014-11-12 00:08 - 0000157 _____ () C:\Users\Alec\AppData\Roaming\WB.CFG
2014-11-05 16:19 - 2014-11-05 16:19 - 0022528 _____ () C:\Users\Alec\AppData\Local\159256007dsisetup1592589552.exe
2014-06-27 10:13 - 2014-06-27 12:22 - 0028160 _____ () C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 16:19 - 2014-11-05 16:19 - 0000001 _____ () C:\Users\Alec\AppData\Local\DSI.DAT
2014-12-04 20:56 - 2014-12-04 20:56 - 0628496 _____ (CMI Limited) C:\Users\Alec\AppData\Local\nsaDF3C.tmp
2014-07-08 12:25 - 2014-07-08 12:25 - 0000218 _____ () C:\Users\Alec\AppData\Local\recently-used.xbel
2015-01-16 01:29 - 2015-01-16 01:29 - 0000017 _____ () C:\Users\Alec\AppData\Local\resmon.resmoncfg
2014-10-26 19:27 - 2014-10-26 19:27 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-06-29 23:12 - 2014-06-29 23:12 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-10-27 20:07 - 2014-11-12 22:00 - 0000340 _____ () C:\ProgramData\lxea.log
2014-06-15 20:37 - 2014-10-26 19:24 - 0003346 _____ () C:\ProgramData\lxeaJSW.log
2014-06-15 20:07 - 2014-11-12 22:00 - 0006488 _____ () C:\ProgramData\lxeascan.log
2014-10-26 19:27 - 2014-10-26 19:27 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-06-18 17:09 - 2014-06-18 17:09 - 0721671 _____ () C:\ProgramData\SPL55F8.tmp
2014-06-30 20:22 - 2014-06-30 20:22 - 2816150 _____ () C:\ProgramData\SPL83F6.tmp
2014-12-04 19:51 - 2014-12-04 20:04 - 0001585 _____ () C:\ProgramData\tempimage.bmp
2014-06-29 23:09 - 2014-06-29 23:09 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\Alec\AppData\Local\Temp\APNSetup.exe
C:\Users\Alec\AppData\Local\Temp\burnsetup.exe
C:\Users\Alec\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Alec\AppData\Local\Temp\ICReinstall_photoshop_Mv_DM.exe
C:\Users\Alec\AppData\Local\Temp\inhtjgva.dll
C:\Users\Alec\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alec\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Alec\AppData\Local\Temp\openssl.exe
C:\Users\Alec\AppData\Local\Temp\optprosetup.exe
C:\Users\Alec\AppData\Local\Temp\Quarantine.exe
C:\Users\Alec\AppData\Local\Temp\SpOrder.dll
C:\Users\Alec\AppData\Local\Temp\sqlite3.dll
C:\Users\Alec\AppData\Local\Temp\switchsetup.exe
C:\Users\Alec\AppData\Local\Temp\wpsetup.exe
C:\Users\Alec\AppData\Local\Temp\zulusetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-16 19:03
 
==================== End Of Log ============================

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 24 January 2015 - 09:26 AM




Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=IC17A9052-3A56-49FF-97A4-C9ECD36AB231&SearchSource=55&CUI=&UM=6&UP=SPBC4B9392-4D75-42CE-A962-EE43B68AD426&SSPV=
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hppp&ts=1416942131&from=cor&uid=TOSHIBAXMK3275GSX_816QC37RTXX816QC37RT&i=psd&t=34c903600\t/verysilent /hideuninstall"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
Task: {181FF4F6-FADD-4C9F-9100-E1A311185A0B} - \DonutQuotes No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:xxxxx if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

====


How is the computer running now?

#8 AlCornutt

AlCornutt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 24 January 2015 - 02:08 PM

I'm a bit confused as to where exactly I'm supposed to put the text file since FRST64 is on my desktop, not in a folder. 

 

Edit: Nevermind, I pasted it onto the desktop and the program asked me to restart


Edited by AlCornutt, 24 January 2015 - 02:25 PM.


#9 AlCornutt

AlCornutt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 24 January 2015 - 02:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Alec at 2015-01-24 13:24:23 Run:1
Running from C:\Users\Alec\Desktop
Loaded Profiles: Alec (Available profiles: Alec)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=IC17A9052-3A56-49FF-97A4-C9ECD36AB231&SearchSource=55&CUI=&UM=6&UP=SPBC4B9392-4D75-42CE-A962-EE43B68AD426&SSPV=
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hppp&ts=1416942131&from=cor&uid=TOSHIBAXMK3275GSX_816QC37RTXX816QC37RT&i=psd&t=34c903600\t/verysilent /hideuninstall"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
Task: {181FF4F6-FADD-4C9F-9100-E1A311185A0B} - \DonutQuotes No Task File <==== ATTENTION
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => Key deleted successfully.
HKCR\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181FF4F6-FADD-4C9F-9100-E1A311185A0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181FF4F6-FADD-4C9F-9100-E1A311185A0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:24:25 ====
 
 
 
I was actually able to post this on my laptop, it works now! I'm not sure if this is related but my wifi indicator does show an odd yellow astrik despite me being both on the internet and connected to my homes wifi.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 24 January 2015 - 03:57 PM

Restart the computer one more time.

If still no joy run this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#11 AlCornutt

AlCornutt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 25 January 2015 - 12:31 PM

I think I'm good to go. I ended up closing my laptop down and starting it back up with no problems so far. Thanks!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 26 January 2015 - 08:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 01 February 2015 - 09:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users