Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pro PC Cleaner, Search Protect, Cloud File Backup & Browsers Hijacked!


  • This topic is locked This topic is locked
25 replies to this topic

#1 BlackRoseImmortal

BlackRoseImmortal

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 31 January 2015 - 01:23 PM

Hello, Bleeping Computer users. I have at least 3 malicious programs on my laptop running Windows 7. They are: Pro PC Cleaner, Search Protect and Cloud File PC Backup. I am unable to uninstall these permanently using Add or Remove programs as they seem to reinstall themselves automatically at Windows startup. All 3 of my browsers (Chrome, Firefox, IE) have been hijacked and the homepage has been set to Trovi search engine. All of my searches are redirected to advertisement pages. This all happened after my Aunt was using my laptop to browse Facebook and eBay. She also installed a Java update shortly before this all happened. It is very important for this laptop to be in working order as it is used for business and any and all help is greatly appreciated. Thank you for your time.

-Blake

FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Blake (administrator) on BLAKE-LAPTOP on 31-01-2015 11:43:51
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available profiles: Blake)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Worldwide Web Research\inetwork.exe
() C:\Program Files (x86)\Open Deployment\iports.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(DOM LLC) C:\Program Files (x86)\Worldwide Web Research\DOM_Component.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Pro PC Cleaner) C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Cloud PC Defender] => C:\Program Files (x86)\Cloud PC Defender\CloudPCDefender.exe
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [Google Update] => C:\Users\Blake\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [inetwork] => C:\Program Files (x86)\Worldwide Web Research\inetwork.exe [851744 2014-11-12] ()
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [iports] => C:\Program Files (x86)\Open Deployment\iports.exe [718704 2014-10-27] ()
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-20] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-20] (Client Connect LTD)
Startup: C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
BHO: Savepass 2.0 -> {11111111-1111-1111-1111-110611611161} -> C:\Program Files (x86)\Savepass 2.0\Savepass 2.0-bho64.dll (OB)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Savepass 2.0 -> {11111111-1111-1111-1111-110611611161} -> C:\Program Files (x86)\Savepass 2.0\Savepass 2.0-bho.dll (OB)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\DOM_Component.dll [304768] (DOM LLC)
Winsock: Catalog9 02 C:\Windows\SysWOW64\DOM_Component.dll [304768] (DOM LLC)
Winsock: Catalog9 03 C:\Windows\SysWOW64\DOM_Component.dll [304768] (DOM LLC)
Winsock: Catalog9 04 C:\Windows\SysWOW64\DOM_Component.dll [304768] (DOM LLC)
Winsock: Catalog9 15 C:\Windows\SysWOW64\DOM_Component.dll [304768] (DOM LLC)
Winsock: Catalog9-x64 01 C:\Windows\system32\DOM_Component64.dll [350784] (DOM LLC)
Winsock: Catalog9-x64 02 C:\Windows\system32\DOM_Component64.dll [350784] (DOM LLC)
Winsock: Catalog9-x64 03 C:\Windows\system32\DOM_Component64.dll [350784] (DOM LLC)
Winsock: Catalog9-x64 04 C:\Windows\system32\DOM_Component64.dll [350784] (DOM LLC)
Winsock: Catalog9-x64 15 C:\Windows\system32\DOM_Component64.dll [350784] (DOM LLC)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\user.js
FF SearchPlugin: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\searchplugins\trovi.xml
FF Extension: Savepass 2.0 - C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\Extensions\EJHVSGU55273264@PBVE110833407.com [2015-01-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-03]
CHR Extension: (Google Search) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Honeycomb Chrome Theme) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihhhgnjnpmjaikooiahhhlemccommcml [2011-09-13]
CHR Extension: (Savepass 2.0) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkcdolaggmoijdgaglfamlafleibeie [2015-01-30]
CHR Extension: (Cyti Web) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopgejofkldgieghfaninmidcmdclpdg [2015-01-31]
CHR Extension: (Google Wallet) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
StartMenuInternet: Google Chrome - C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3503376 2015-01-20] (Client Connect LTD)
R3 DOM_Component; C:\Program Files (x86)\Worldwide Web Research\DOM_Component.exe [1368720 2014-10-30] (DOM LLC)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [558544 2015-01-31] (Client Connect LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R1 {87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64; C:\Windows\System32\drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64.sys [48832 2015-01-30] (StdLib)
S3 ALSysIO; \??\C:\Users\Blake\AppData\Local\Temp\ALSysIO64.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 11:43 - 2015-01-31 11:44 - 00016845 _____ () C:\Users\Blake\Desktop\FRST.txt
2015-01-31 11:42 - 2015-01-31 11:42 - 02130944 _____ (Farbar) C:\Users\Blake\Desktop\FRST64.exe
2015-01-31 09:19 - 2015-01-31 11:44 - 00000000 ____D () C:\FRST
2015-01-31 07:57 - 2015-01-31 07:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-31 01:17 - 2015-01-31 01:17 - 00009412 _____ () C:\Users\Blake\Downloads\javainstaller_setup.application
2015-01-31 01:08 - 2008-01-10 00:00 - 00003264 _____ () C:\Windows\PFRO.log
2015-01-31 01:06 - 2015-01-31 08:18 - 00000000 _____ () C:\end
2015-01-31 01:06 - 2015-01-31 01:06 - 00003480 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 01:05 - 2015-01-31 08:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-31 01:05 - 2015-01-31 01:07 - 00000000 ____D () C:\Users\Blake\AppData\Local\avaxvyvax
2015-01-31 01:05 - 2015-01-31 01:06 - 00000000 ____D () C:\Users\Blake\AppData\Local\SearchProtect
2015-01-31 01:05 - 2015-01-31 01:05 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-01-31 01:04 - 2015-01-31 10:22 - 00004792 _____ () C:\Windows\SysWOW64\DOM_Component.ini
2015-01-31 01:04 - 2015-01-31 10:22 - 00002544 _____ () C:\Windows\SysWOW64\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 10:22 - 00002544 _____ () C:\Windows\system32\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 08:18 - 00000000 ____D () C:\Program Files (x86)\Cloud File Backup
2015-01-31 01:04 - 2014-09-08 23:05 - 00350784 _____ (DOM LLC) C:\Windows\system32\DOM_Component64.dll
2015-01-31 01:04 - 2014-09-08 23:05 - 00304768 _____ (DOM LLC) C:\Windows\SysWOW64\DOM_Component.dll
2015-01-31 01:03 - 2015-01-31 01:09 - 00000000 ____D () C:\Program Files (x86)\Open Deployment
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Worldwide Web Research
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Software Technical Support
2015-01-31 01:02 - 2015-01-31 01:02 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer (1).exe
2015-01-31 00:58 - 2015-01-31 00:59 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer.exe
2015-01-31 00:40 - 2015-01-31 10:20 - 00000392 _____ () C:\Windows\setupact.log
2015-01-31 00:40 - 2015-01-31 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 00:39 - 2015-01-31 00:39 - 00466480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 23:58 - 2015-01-30 18:48 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64.sys
2015-01-30 23:52 - 2015-01-31 10:21 - 00004140 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.job
2015-01-30 23:52 - 2015-01-31 10:21 - 00003430 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1.job
2015-01-30 23:52 - 2015-01-31 10:21 - 00002428 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user.job
2015-01-30 23:52 - 2015-01-31 10:21 - 00002428 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.job
2015-01-30 23:52 - 2015-01-30 23:52 - 00007170 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4
2015-01-30 23:52 - 2015-01-30 23:52 - 00006460 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1
2015-01-30 23:52 - 2015-01-30 23:52 - 00005458 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5
2015-01-30 23:51 - 2015-01-31 10:56 - 00005844 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.job
2015-01-30 23:51 - 2015-01-31 10:21 - 00005500 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.job
2015-01-30 23:51 - 2015-01-31 10:21 - 00005166 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.job
2015-01-30 23:51 - 2015-01-31 10:21 - 00004476 _____ () C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.job
2015-01-30 23:51 - 2015-01-31 10:21 - 00000880 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-30 23:51 - 2015-01-30 23:56 - 00000884 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-30 23:51 - 2015-01-30 23:52 - 00000000 ____D () C:\Program Files (x86)\Savepass 2.0
2015-01-30 23:51 - 2015-01-30 23:52 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-01-30 23:51 - 2015-01-30 23:51 - 00008872 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6
2015-01-30 23:51 - 2015-01-30 23:51 - 00008530 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7
2015-01-30 23:51 - 2015-01-30 23:51 - 00008196 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11
2015-01-30 23:51 - 2015-01-30 23:51 - 00007506 _____ () C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3
2015-01-30 23:51 - 2015-01-30 23:51 - 00003882 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-30 23:51 - 2015-01-30 23:51 - 00003628 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-30 23:51 - 2015-01-30 23:51 - 00000000 ____D () C:\Users\Blake\AppData\Local\globalUpdate
2015-01-30 23:51 - 2015-01-30 23:51 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-30 23:50 - 2015-01-31 10:25 - 00000000 ____D () C:\Users\Blake\Documents\ProPCCleaner
2015-01-30 23:50 - 2015-01-31 10:23 - 00003468 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-30 23:50 - 2015-01-30 23:50 - 00129608 _____ () C:\Users\Blake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 23:50 - 2015-01-30 23:50 - 00003204 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-01-30 23:50 - 2015-01-30 23:50 - 00000000 ____D () C:\Users\Blake\AppData\Local\Pro_PC_Cleaner
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 __SHD () C:\Users\Blake\AppData\Local\EmieBrowserModeList
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 ____D () C:\Users\Blake\AppData\Roaming\Pro PC Cleaner
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-30 23:48 - 2015-01-30 23:48 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-01-30 23:45 - 2015-01-30 23:45 - 00598968 _____ () C:\Users\Blake\Downloads\java_runtime_enviroment_setup.exe.exe
2015-01-13 16:29 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:29 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:29 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:29 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:28 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:28 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:28 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:28 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 11:09 - 2013-02-24 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 11:02 - 2010-09-18 13:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 10:58 - 2008-01-10 15:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001UA.job
2015-01-31 10:28 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:28 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:24 - 2008-01-10 02:32 - 02024063 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 10:21 - 2014-03-08 16:17 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-31 10:21 - 2010-09-18 13:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 10:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 08:00 - 2009-07-13 20:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-31 01:18 - 2008-01-10 15:10 - 00000000 ____D () C:\Users\Blake\AppData\Local\Deployment
2015-01-31 01:17 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 01:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-28 16:58 - 2008-01-10 15:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001Core.job
2015-01-26 22:00 - 2011-06-27 18:19 - 00002372 _____ () C:\Users\Blake\Desktop\Google Chrome.lnk
2015-01-25 22:10 - 2013-02-24 21:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:10 - 2013-02-24 21:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:10 - 2011-06-10 00:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 23:05 - 2013-05-25 15:38 - 00000000 ___RD () C:\Users\Blake\Desktop\TaTa's Ebay Listings
2015-01-20 00:11 - 2010-11-10 06:30 - 03746816 _____ () C:\Users\Blake\Desktop\Rocket List.xls
2015-01-14 16:34 - 2014-12-27 14:15 - 00000000 ____D () C:\Users\Blake\AppData\Local\Adobe
2015-01-13 18:46 - 2008-01-10 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 18:36 - 2010-12-05 15:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 19:07 - 2012-03-06 01:58 - 00070062 _____ () C:\Users\Blake\Desktop\EBAY RECORDS.xlsx
2015-01-09 14:31 - 2010-09-09 15:09 - 00000000 ____D () C:\Users\Blake\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
 
2010-09-25 18:42 - 2010-09-25 22:55 - 0099384 _____ () C:\Users\Blake\AppData\Roaming\inst.exe
2010-09-25 18:42 - 2010-09-25 22:55 - 0007859 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.cat
2010-09-25 18:42 - 2010-09-25 22:55 - 0001167 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.inf
2010-09-25 18:43 - 2010-09-25 22:55 - 0000033 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.log
2010-09-25 18:42 - 2010-09-25 22:55 - 0082816 _____ (VSO Software) C:\Users\Blake\AppData\Roaming\pcouffin.sys
2014-08-17 00:02 - 2014-09-14 14:43 - 0007611 _____ () C:\Users\Blake\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Blake\AppData\Local\Temp\1.tmp.exe
C:\Users\Blake\AppData\Local\Temp\bdbcabfhhbhi.exe
C:\Users\Blake\AppData\Local\Temp\bdbcabfhhh.exe
C:\Users\Blake\AppData\Local\Temp\checker.exe
C:\Users\Blake\AppData\Local\Temp\preconfig.exe
C:\Users\Blake\AppData\Local\Temp\setup1.exe
C:\Users\Blake\AppData\Local\Temp\setup2.exe
C:\Users\Blake\AppData\Local\Temp\setup3.exe
C:\Users\Blake\AppData\Local\Temp\setup4.exe
C:\Users\Blake\AppData\Local\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 20:23
 
==================== End Of Log ============================

Attached Files


Edited by BlackRoseImmortal, 31 January 2015 - 05:49 PM.


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:00 PM

Posted 31 January 2015 - 06:00 PM

Hello BlackRoseImmortal,

  •  

     

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

 

3.

Please run FRST again and post the new FRST.txt.


Edited by fireman4it, 31 January 2015 - 06:00 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 31 January 2015 - 11:50 PM

Hello, Bleepin' Fireman and thank you for your quick reply. I apologize for being slow in responding but I had some errands to run earlier. I will download those programs and post the logs shortly. Thanks again for your help!



#4 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 12:07 AM

AdwCleaner log:
 

# AdwCleaner v4.109 - Report created 31/01/2015 at 23:00:00
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Blake - BLAKE-LAPTOP
# Running from : C:\Users\Blake\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : Orbiter
Service Deleted : {87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
[#] Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files (x86)\Pro PC Cleaner
Folder Deleted : C:\Program Files (x86)\Savepass 2.0
Folder Deleted : C:\Users\Blake\AppData\Local\Temp\Cyti Web
Folder Deleted : C:\Users\Blake\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Blake\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Blake\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Blake\AppData\Roaming\Pro PC Cleaner
Folder Deleted : C:\Users\Blake\Documents\ProPCCleaner
Folder Deleted : C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\Extensions\EJHVSGU55273264@PBVE110833407.com
Folder Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkcdolaggmoijdgaglfamlafleibeie
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64.sys
File Deleted : C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\user.js
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-1
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-11
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-3
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-4
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-5
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-6
Task Deleted : 7c1f0781-e46a-4214-9ddf-6a05c92de23c-7
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611611161}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611611161}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35a19911-67ec-4e46-843e-867760c12584}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40120d92-046b-4023-8315-14abef7fa22a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35a19911-67ec-4e46-843e-867760c12584}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40120d92-046b-4023-8315-14abef7fa22a}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Pro PC Cleaner
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savepass 2.0
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Savepass 2.0
Key Deleted : HKLM\SOFTWARE\Pro PC Cleaner
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 2.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v32.0.1 (x86 en-US)
 
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP78F4E3EE-D744-41E[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.aEJHVSGU55273264PBVE110833407com66161.66161.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.aEJHVSGU55273264PBVE110833407com6616166161b66161r66161o66161w66161s66161e66161r66161.66161n66161e66161w66161t66161a66161b66161.66161u66161r66161l66161", "hxxp://www.trovi.com/?gd[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.aEJHVSGU55273264PBVE110833407com6616166161b66161r66161o66161w66161s66161e66161r66161.66161s66161e66161a66161r66161c66161h66161.66161d66161e66161f66161a66161u66161l66161t66161e661[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.aEJHVSGU55273264PBVE110833407com6616166161b66161r66161o66161w66161s66161e66161r66161.66161s66161e66161a66161r66161c66161h66161.66161s66161e66161l66161e66161c66161t66161e66161d661[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.aEJHVSGU55273264PBVE110833407com6616166161b66161r66161o66161w66161s66161e66161r66161.66161s66161t66161a66161r66161t66161u66161p66161.66161h66161o66161m66161e66161p66161a66161g661[...]
[bm32ivi6.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14b3edbd935ffe850abd2872ce789f31");
 
-\\ Google Chrome v
 
[C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=58&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [19204 octets] - [31/01/2015 22:55:20]
AdwCleaner[S0].txt - [16854 octets] - [31/01/2015 23:00:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16915 octets] ##########


#5 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 12:19 AM

Currently running Malwarebytes scan, will post log shortly.



#6 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 12:55 AM

Malwarebytes log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/31/2015
Scan Time: 11:12:20 PM
Logfile: Scan History Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.01.01
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Blake
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337905
Time Elapsed: 27 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 12
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-1560893884-281677460-626559596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [72d3a3765a30340252beb93d1ae88977], 
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-1560893884-281677460-626559596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [72d3a3765a30340252beb93d1ae88977], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [f3525dbcd1b9fa3c90afef13a362e41c], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [74d1fd1c4f3b58de0e30b15145c060a0], 
PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\Savepass 2.0-nv, Quarantined, [8cb9a970cebc191d244e9a0170934fb1], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\zoompic_29, Quarantined, [50f5be5b4347a39398a35a28b053bf41], 
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZOOMPIC, Quarantined, [2c1942d7b9d10d293208add5a55e0df3], 
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Savepass 2.0-nv, Quarantined, [76cf92873753ab8bf67d712a80837e82], 
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savepass 2.0, Quarantined, [2d18b366becccd69304463380cf746ba], 
PUP.Optional.SavePass.A, HKU\S-1-5-21-1560893884-281677460-626559596-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Savepass 2.0-nv, Quarantined, [c97cea2fcdbd3df9284b1586b64d0000], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
 
Registry Values: 1
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZOOMPIC|UninstallString, C:\ProgramData\makulitsidwe\1.1.0.29\Uninstaller.exe /ga=1503, Quarantined, [2c1942d7b9d10d293208add5a55e0df3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.Extutil.A, C:\Users\Blake\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [a0a579a04e3c191d072b7ee1a85b7888], 
PUP.Optional.Managera.A, C:\Users\Blake\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [b88d6faa9ded2d09e35064fb82818c74], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content, Quarantined, [3f06b1684644ef4777d319649370847c], 
 
Files: 40
PUP.Optional.Nova.A, C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547\9f0ae498-6eb5-40da-9eec-2438de2daab1.dll, Quarantined, [f550b0691b6fd561513b31d431d19868], 
PUP.Optional.Nova.A, C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547\d2b2db34-8e54-4c03-a5d0-af5732384e2b.dll, Quarantined, [fe474ccd0a8050e65f2d0401e1216997], 
PUP.Optional.SearchProtect.A, C:\Users\Blake\AppData\Local\Temp\nsu7F6F.tmp, Quarantined, [9ea7d4451f6b49eda089ebc76b96cc34], 
PUP.Optional.OutBrowse, C:\Users\Blake\AppData\Local\Temp\preconfig.exe, Quarantined, [98adda3f147623135f863967a2639769], 
PUP.Optional.CrossRider.A, C:\Users\Blake\AppData\Local\Temp\1.tmp.exe, Quarantined, [57eeaf6a5337aa8c36e036b0c43d4eb2], 
PUP.Optional.OutBrowse, C:\Users\Blake\AppData\Local\Temp\nsp82F6.tmp\ob01.dll, Quarantined, [bd88d5446426979f7a6b346c2cd91ae6], 
PUP.Optional.OutBrowse, C:\Users\Blake\AppData\Local\Temp\nsz762A.tmp\ob01.dll, Quarantined, [ef563ddc9eec74c24f96435d996c867a], 
PUP.Optional.SearchProtect.A, C:\Users\Blake\AppData\Local\Temp\81422687835\0AB14RN0.exe, Quarantined, [dc6947d2008ac3732fc8dbcb60a1758b], 
PUP.Optional.OutBrowse, C:\Users\Blake\Downloads\java_runtime_enviroment_setup.exe.exe, Quarantined, [93b243d63b4fc86e667f356bd431f907], 
PUP.Optional.SearchProtect, C:\Users\Blake\AppData\Local\avaxvyvax\avaxvyvax.exe, Quarantined, [a79e1306008a7db9efa3e031867c0bf5], 
PUP.Optional.SearchProtect.A, C:\Users\Blake\AppData\Local\avaxvyvax\pbqrmvbub, Quarantined, [bc8954c5deac7fb7a386d8da24dd6b95], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Quarantined, [69dcc1586327c37332f7e6cc897835cb], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, Quarantined, [56efe5347c0e41f59693ecc68081c43c], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [80c51ffac6c481b5da6819e917eec23e], 
PUP.Optional.Extutil.A, C:\Users\Blake\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [a0a579a04e3c191d072b7ee1a85b7888], 
PUP.Optional.Extutil.A, C:\Users\Blake\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [a0a579a04e3c191d072b7ee1a85b7888], 
PUP.Optional.Extutil.A, C:\Users\Blake\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [a0a579a04e3c191d072b7ee1a85b7888], 
PUP.Optional.Managera.A, C:\Users\Blake\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [b88d6faa9ded2d09e35064fb82818c74], 
PUP.Optional.Managera.A, C:\Users\Blake\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [b88d6faa9ded2d09e35064fb82818c74], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\GoogleCrashHandler.exe, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\GoogleUpdate.exe, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\GoogleUpdateBroker.exe, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\GoogleUpdateHelper.msi, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\GoogleUpdateOnDemand.exe, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\goopdate.dll, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\goopdateres_en.dll, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\npGoogleUpdate4.dll, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\psmachine.dll, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.GlobalUpdate.A, C:\Users\Blake\AppData\Local\Temp\comh.446086\psuser.dll, Quarantined, [9ca97f9af09af145e24eb0b1b053d828], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\logo.ico, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\Uninstaller.exe, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\utils.exe, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\zoompic.xpi, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\zoompicutil32.dll, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content\dgapi.js, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content\dgmain.js, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content\dgmain_app_bg.js, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content\dgmain_app_cs.js, Quarantined, [3f06b1684644ef4777d319649370847c], 
PUP.Optional.WebSpeed.A, C:\ProgramData\makulitsidwe\1.1.0.29\content\jquery4toolbar.js, Quarantined, [3f06b1684644ef4777d319649370847c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 01:05 AM

FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Blake (administrator) on BLAKE-LAPTOP on 31-01-2015 23:58:02
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available profiles: Blake)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
() C:\Program Files (x86)\Open Deployment\iports.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(DOM LLC) C:\Program Files (x86)\Worldwide Web Research\DOM_Component.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Cloud PC Defender] => C:\Program Files (x86)\Cloud PC Defender\CloudPCDefender.exe
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [Google Update] => C:\Users\Blake\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [inetwork] => C:\Program Files (x86)\Worldwide Web Research\inetwork.exe [851744 2014-11-12] ()
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [iports] => C:\Program Files (x86)\Open Deployment\iports.exe [718704 2014-10-27] ()
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd"
Startup: C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\searchplugins\trovi.xml
FF Extension: No Name - C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\extensions\EJHVSGU55273264@PBVE110833407.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-03]
CHR Extension: (Google Search) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Honeycomb Chrome Theme) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihhhgnjnpmjaikooiahhhlemccommcml [2011-09-13]
CHR Extension: (Cyti Web) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopgejofkldgieghfaninmidcmdclpdg [2015-01-31]
CHR Extension: (Google Wallet) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
StartMenuInternet: Google Chrome - C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DOM_Component; C:\Program Files (x86)\Worldwide Web Research\DOM_Component.exe [1368720 2014-10-30] (DOM LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ALSysIO; \??\C:\Users\Blake\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 23:55 - 2015-01-31 23:55 - 02131456 _____ (Farbar) C:\Users\Blake\Desktop\FRST64.exe
2015-01-31 23:11 - 2015-01-31 23:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 23:11 - 2015-01-31 23:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 23:11 - 2015-01-31 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 23:10 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 23:10 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 23:10 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 22:55 - 2015-01-31 23:00 - 00000000 ____D () C:\AdwCleaner
2015-01-31 22:46 - 2015-01-31 22:46 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\Blake\Desktop\mbam-setup.exe
2015-01-31 22:45 - 2015-01-31 22:45 - 02194432 _____ () C:\Users\Blake\Desktop\AdwCleaner.exe
2015-01-31 11:45 - 2015-01-31 11:46 - 00022812 _____ () C:\Users\Blake\Desktop\Addition.txt
2015-01-31 11:43 - 2015-01-31 23:58 - 00012885 _____ () C:\Users\Blake\Desktop\FRST.txt
2015-01-31 09:19 - 2015-01-31 23:58 - 00000000 ____D () C:\FRST
2015-01-31 07:57 - 2015-01-31 07:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-31 01:17 - 2015-01-31 01:17 - 00009412 _____ () C:\Users\Blake\Downloads\javainstaller_setup.application
2015-01-31 01:08 - 2015-01-31 23:43 - 00015950 _____ () C:\Windows\PFRO.log
2015-01-31 01:06 - 2015-01-31 01:06 - 00003480 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 01:05 - 2015-01-31 23:41 - 00000000 ____D () C:\Users\Blake\AppData\Local\avaxvyvax
2015-01-31 01:04 - 2015-01-31 23:44 - 00004792 _____ () C:\Windows\SysWOW64\DOM_Component.ini
2015-01-31 01:04 - 2015-01-31 23:44 - 00002544 _____ () C:\Windows\SysWOW64\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 23:44 - 00002544 _____ () C:\Windows\system32\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 08:18 - 00000000 ____D () C:\Program Files (x86)\Cloud File Backup
2015-01-31 01:04 - 2014-09-08 23:05 - 00350784 _____ (DOM LLC) C:\Windows\system32\DOM_Component64.dll
2015-01-31 01:04 - 2014-09-08 23:05 - 00304768 _____ (DOM LLC) C:\Windows\SysWOW64\DOM_Component.dll
2015-01-31 01:03 - 2015-01-31 01:09 - 00000000 ____D () C:\Program Files (x86)\Open Deployment
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Worldwide Web Research
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Software Technical Support
2015-01-31 01:02 - 2015-01-31 01:02 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer (1).exe
2015-01-31 00:58 - 2015-01-31 00:59 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer.exe
2015-01-31 00:40 - 2015-01-31 23:43 - 00001410 _____ () C:\Windows\setupact.log
2015-01-31 00:40 - 2015-01-31 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 00:39 - 2015-01-31 00:39 - 00466480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 23:51 - 2015-01-31 23:41 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-01-30 23:50 - 2015-01-30 23:50 - 00129608 _____ () C:\Users\Blake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 __SHD () C:\Users\Blake\AppData\Local\EmieBrowserModeList
2015-01-13 16:29 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:29 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:29 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:29 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:28 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:28 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:28 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:28 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 23:58 - 2008-01-10 15:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001UA.job
2015-01-31 23:50 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:50 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:49 - 2008-01-10 02:32 - 01073614 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 23:43 - 2014-03-08 16:17 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-31 23:43 - 2010-09-18 13:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 23:43 - 2010-09-10 14:55 - 00000000 ____D () C:\Windows\pss
2015-01-31 23:43 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 23:09 - 2013-02-24 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 22:57 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 15:02 - 2010-09-18 13:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 08:00 - 2009-07-13 20:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-31 01:18 - 2008-01-10 15:10 - 00000000 ____D () C:\Users\Blake\AppData\Local\Deployment
2015-01-31 01:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-28 16:58 - 2008-01-10 15:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001Core.job
2015-01-26 22:00 - 2011-06-27 18:19 - 00002372 _____ () C:\Users\Blake\Desktop\Google Chrome.lnk
2015-01-25 22:10 - 2013-02-24 21:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:10 - 2013-02-24 21:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:10 - 2011-06-10 00:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 23:05 - 2013-05-25 15:38 - 00000000 ___RD () C:\Users\Blake\Desktop\TaTa's Ebay Listings
2015-01-20 00:11 - 2010-11-10 06:30 - 03746816 _____ () C:\Users\Blake\Desktop\Rocket List.xls
2015-01-14 16:34 - 2014-12-27 14:15 - 00000000 ____D () C:\Users\Blake\AppData\Local\Adobe
2015-01-13 18:46 - 2008-01-10 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 18:36 - 2010-12-05 15:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 19:07 - 2012-03-06 01:58 - 00070062 _____ () C:\Users\Blake\Desktop\EBAY RECORDS.xlsx
2015-01-09 14:31 - 2010-09-09 15:09 - 00000000 ____D () C:\Users\Blake\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
 
2010-09-25 18:42 - 2010-09-25 22:55 - 0099384 _____ () C:\Users\Blake\AppData\Roaming\inst.exe
2010-09-25 18:42 - 2010-09-25 22:55 - 0007859 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.cat
2010-09-25 18:42 - 2010-09-25 22:55 - 0001167 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.inf
2010-09-25 18:43 - 2010-09-25 22:55 - 0000033 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.log
2010-09-25 18:42 - 2010-09-25 22:55 - 0082816 _____ (VSO Software) C:\Users\Blake\AppData\Roaming\pcouffin.sys
2014-08-17 00:02 - 2014-09-14 14:43 - 0007611 _____ () C:\Users\Blake\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Blake\AppData\Local\Temp\bdbcabfhhbhi.exe
C:\Users\Blake\AppData\Local\Temp\bdbcabfhhh.exe
C:\Users\Blake\AppData\Local\Temp\checker.exe
C:\Users\Blake\AppData\Local\Temp\Quarantine.exe
C:\Users\Blake\AppData\Local\Temp\setup1.exe
C:\Users\Blake\AppData\Local\Temp\setup2.exe
C:\Users\Blake\AppData\Local\Temp\setup3.exe
C:\Users\Blake\AppData\Local\Temp\setup4.exe
C:\Users\Blake\AppData\Local\Temp\SpOrder.dll
C:\Users\Blake\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 20:23
 
==================== End Of Log ============================


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:00 PM

Posted 01 February 2015 - 01:59 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   16.46KB   3 downloads

 

 

Let me know how the machine is running after this fix?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 02:43 PM

Hello, and thank you once again for your help! Here is the Fixlog.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Blake at 2015-02-01 13:36:38 Run:1
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available profiles: Blake)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [inetwork] => C:\Program Files (x86)\Worldwide Web Research\inetwork.exe [851744 2014-11-12] ()
C:\Program Files (x86)\Worldwide Web Research
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [iports] => C:\Program Files (x86)\Open Deployment\iports.exe [718704 2014-10-27] ()
C:\Program Files (x86)\Open Deployment
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF SearchPlugin: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\searchplugins\trovi.xml
FF Extension: No Name - C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\extensions\EJHVSGU55273264@PBVE110833407.com [Not Found]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MB06BA7D1-EE54-477A-90ED-2AEF6CAA5733&SearchSource=55&CUI=&UM=8&UP=SP78F4E3EE-D744-41EA-BC5D-1A5FCA0AD56F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
R3 DOM_Component; C:\Program Files (x86)\Worldwide Web Research\DOM_Component.exe [1368720 2014-10-30] (DOM LLC)
S3 ALSysIO; \??\C:\Users\Blake\AppData\Local\Temp\ALSysIO64.sys [X]
2015-01-31 01:06 - 2015-01-31 01:06 - 00003480 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 01:05 - 2015-01-31 23:41 - 00000000 ____D () C:\Users\Blake\AppData\Local\avaxvyvax
2015-01-31 01:04 - 2015-01-31 23:44 - 00004792 _____ () C:\Windows\SysWOW64\DOM_Component.ini
2015-01-31 01:04 - 2015-01-31 23:44 - 00002544 _____ () C:\Windows\SysWOW64\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 23:44 - 00002544 _____ () C:\Windows\system32\DOM_ComponentOff.ini
2015-01-31 01:04 - 2015-01-31 08:18 - 00000000 ____D () C:\Program Files (x86)\Cloud File Backup
2015-01-31 01:04 - 2014-09-08 23:05 - 00350784 _____ (DOM LLC) C:\Windows\system32\DOM_Component64.dll
2015-01-31 01:04 - 2014-09-08 23:05 - 00304768 _____ (DOM LLC) C:\Windows\SysWOW64\DOM_Component.dll
2015-01-31 01:03 - 2015-01-31 01:09 - 00000000 ____D () C:\Program Files (x86)\Open Deployment
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Worldwide Web Research
Emptytemp:
Task: {0648BFA3-A323-4241-BA72-A08BC5D7EDBA} - System32\Tasks\avaxvyvax => C:\Users\Blake\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
ask: {20958F38-F815-450F-826E-CE2BEC03A99E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-30] (globalUpdate) <==== ATTENTION
ask: {3C61069A-FA99-4567-828F-E06D9BB92A57} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.exe [2015-01-30] (OB) <==== ATTENTION
Task: {460BC138-DC82-4DE3-8457-8FDD93AA7146} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.exe [2015-01-30] (OB) <==== ATTENTION
ask: {58C6ACB9-C11E-4B80-8B1B-AAE6DE84CD71} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.exe [2015-01-30] (OB) <==== ATTENTION
Task: {719F3D04-9729-4BC9-8FA2-7545F41EDB9C} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
Task: {7749AAFA-66E8-46E1-81AB-3E223F84C3E4} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.exe [2015-01-30] (OB) <==== ATTENTION
Task: {7A9A763A-5367-4F09-8B81-26AFBCC9584E} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.exe [2015-01-30] (OB) <==== ATTENTION
Task: {843FE8D4-E740-479C-87DA-C0A1C38DF0C2} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.exe [2015-01-30] (OB) <==== ATTENTION
Task: {A075E020-17BE-4282-9ADD-92DB6FC40D2E} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.exe [2015-01-30] (OB) <==== ATTENTION
Task: {A248043C-68A6-417B-9E5E-A94DBC945B83} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] ()
Task: {DFEF1AE5-6DAE-4ACC-AC01-41B9033E43B5} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1 => C:\Program Files (x86)\Savepass 2.0\Savepass 2.0-codedownloader.exe [2015-01-30] (OB) <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1.job => C:\Program Files (x86)\Savepass 2.0\Savepass 2.0-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.job => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
2014-11-12 12:22 - 2014-11-12 12:23 - 00851744 _____ () C:\Program Files (x86)\Worldwide Web Research\inetwork.exe
2014-10-27 22:06 - 2014-10-27 22:07 - 00718704 _____ () C:\Program Files (x86)\Open Deployment\iports.exe
2014-07-14 00:41 - 2014-07-14 00:41 - 00008704 _____ () C:\Program Files (x86)\Pro PC Cleaner\Logging.dll
2014-07-14 00:41 - 2014-07-14 00:41 - 00058880 _____ () C:\Program Files (x86)\Pro PC Cleaner\Helper.dll
2014-07-14 00:41 - 2014-07-14 00:41 - 00076288 _____ () C:\Program Files (x86)\Pro PC Cleaner\Setup.dll
2014-08-21 16:08 - 2014-08-21 16:08 - 00007680 _____ () C:\Program Files (x86)\Pro PC Cleaner\bo.dll
2014-10-27 22:14 - 2014-11-05 12:37 - 02062432 _____ () C:\Program Files (x86)\Open Deployment\plg0.dll
2014-10-27 22:14 - 2014-11-05 12:37 - 02162784 _____ () C:\Program Files (x86)\Open Deployment\plg1.dll
AlternateDataStreams: C:\Users\Blake\AppData\Local\Temp:pXBgYqeFJX1xIh9YPa1S
AlternateDataStreams: C:\Users\Blake\AppData\Local\Temporary Internet Files:F3HqQslX5KiE8vWPbk010dN
KLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DOM_Component => ""="service"
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\inetwork => value deleted successfully.
C:\Program Files (x86)\Worldwide Web Research => Moved successfully.
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iports => value deleted successfully.
C:\Program Files (x86)\Open Deployment => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\searchplugins\trovi.xml => Moved successfully.
C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\extensions\EJHVSGU55273264@PBVE110833407.com not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
DOM_Component => Service stopped successfully.
DOM_Component => Service deleted successfully.
ALSysIO => Service deleted successfully.
C:\Windows\System32\Tasks\avaxvyvax => Moved successfully.
C:\Users\Blake\AppData\Local\avaxvyvax => Moved successfully.
C:\Windows\SysWOW64\DOM_Component.ini => Moved successfully.
C:\Windows\SysWOW64\DOM_ComponentOff.ini => Moved successfully.
C:\Windows\system32\DOM_ComponentOff.ini => Moved successfully.
C:\Program Files (x86)\Cloud File Backup => Moved successfully.
C:\Windows\system32\DOM_Component64.dll => Moved successfully.
C:\Windows\SysWOW64\DOM_Component.dll => Moved successfully.
"C:\Program Files (x86)\Open Deployment" => File/Directory not found.
"C:\Program Files (x86)\Worldwide Web Research" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0648BFA3-A323-4241-BA72-A08BC5D7EDBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0648BFA3-A323-4241-BA72-A08BC5D7EDBA}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaxvyvax not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyvax" => Key deleted successfully.
ask: {20958F38-F815-450F-826E-CE2BEC03A99E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-30] (globalUpdate) <==== ATTENTION => Error: No automatic fix found for this entry.
ask: {3C61069A-FA99-4567-828F-E06D9BB92A57} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.exe [2015-01-30] (OB) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460BC138-DC82-4DE3-8457-8FDD93AA7146} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user => Key not found. 
ask: {58C6ACB9-C11E-4B80-8B1B-AAE6DE84CD71} - System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6 => C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.exe [2015-01-30] (OB) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719F3D04-9729-4BC9-8FA2-7545F41EDB9C} => Key not found. 
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7749AAFA-66E8-46E1-81AB-3E223F84C3E4} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9A763A-5367-4F09-8B81-26AFBCC9584E} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{843FE8D4-E740-479C-87DA-C0A1C38DF0C2} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A075E020-17BE-4282-9ADD-92DB6FC40D2E} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A248043C-68A6-417B-9E5E-A94DBC945B83} => Key not found. 
C:\Windows\System32\Tasks\ProPCCleaner_Popup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFEF1AE5-6DAE-4ACC-AC01-41B9033E43B5} => Key not found. 
C:\Windows\System32\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1 => Key not found. 
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-1.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5_user.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.job not found.
C:\Windows\Tasks\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
"C:\Program Files (x86)\Worldwide Web Research\inetwork.exe" => File/Directory not found.
"C:\Program Files (x86)\Open Deployment\iports.exe" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner\Logging.dll" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner\Helper.dll" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner\Setup.dll" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner\bo.dll" => File/Directory not found.
"C:\Program Files (x86)\Open Deployment\plg0.dll" => File/Directory not found.
"C:\Program Files (x86)\Open Deployment\plg1.dll" => File/Directory not found.
C:\Users\Blake\AppData\Local\Temp => ":pXBgYqeFJX1xIh9YPa1S" ADS removed successfully.
"C:\Users\Blake\AppData\Local\Temporary Internet Files" => ":F3HqQslX5KiE8vWPbk010dN" ADS not found.
KLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DOM_Component => ""="service" => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 95.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:37:06 ====


#10 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 02:49 PM

The computer seems to be running A LOT faster now. My searches are not being redirected any more, although my homepage in Google Chrome was still set to Trovi Search Engine. I went into the Chrome settings and changed my homepage back to Google, deleted the Trovi homepage entry, and restarted the computer. So far it is still set to Google and hasn't been changed back. I also had 2 extensions that I had to remove from Chrome, namely Cyti Web and Savepass 2.0. Other than that everything seems to be running great. Should I uninstall and reinstall my browsers just to be safe?


Edited by BlackRoseImmortal, 01 February 2015 - 02:53 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:00 PM

Posted 01 February 2015 - 05:54 PM

 

Other than that everything seems to be running great. Should I uninstall and reinstall my browsers just to be safe?

I dont think there is a need for that yet.

 

Please run FRST and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 06:13 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Blake (administrator) on BLAKE-LAPTOP on 01-02-2015 17:08:38
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available profiles: Blake)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKU\S-1-5-21-1560893884-281677460-626559596-1001\...\Run: [Google Update] => C:\Users\Blake\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1560893884-281677460-626559596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1560893884-281677460-626559596-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Blake\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Blake\AppData\Local\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Blake\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Blake\AppData\Local\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Unity Player) - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-03]
CHR Extension: (Google Search) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Google Wallet) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
StartMenuInternet: Google Chrome - C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 17:08 - 2015-02-01 17:09 - 00011089 _____ () C:\Users\Blake\Desktop\FRST.txt
2015-01-31 23:55 - 2015-01-31 23:55 - 02131456 _____ (Farbar) C:\Users\Blake\Desktop\FRST64.exe
2015-01-31 23:11 - 2015-02-01 14:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 23:11 - 2015-01-31 23:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 23:11 - 2015-01-31 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 23:10 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 23:10 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 23:10 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 22:55 - 2015-01-31 23:00 - 00000000 ____D () C:\AdwCleaner
2015-01-31 22:46 - 2015-01-31 22:46 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\Blake\Desktop\mbam-setup.exe
2015-01-31 22:45 - 2015-01-31 22:45 - 02194432 _____ () C:\Users\Blake\Desktop\AdwCleaner.exe
2015-01-31 09:19 - 2015-02-01 17:09 - 00000000 ____D () C:\FRST
2015-01-31 07:57 - 2015-02-01 13:38 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-31 01:17 - 2015-01-31 01:17 - 00009412 _____ () C:\Users\Blake\Downloads\javainstaller_setup.application
2015-01-31 01:08 - 2015-02-01 13:31 - 00016300 _____ () C:\Windows\PFRO.log
2015-01-31 01:03 - 2015-01-31 01:07 - 00000000 ____D () C:\Program Files (x86)\Software Technical Support
2015-01-31 01:02 - 2015-01-31 01:02 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer (1).exe
2015-01-31 00:58 - 2015-01-31 00:59 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Blake\Downloads\update_installer.exe
2015-01-31 00:40 - 2015-02-01 15:13 - 00001578 _____ () C:\Windows\setupact.log
2015-01-31 00:40 - 2015-01-31 00:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 00:39 - 2015-01-31 00:39 - 00466480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 23:51 - 2015-01-31 23:41 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-01-30 23:50 - 2015-01-30 23:50 - 00129608 _____ () C:\Users\Blake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 23:49 - 2015-01-30 23:49 - 00000000 __SHD () C:\Users\Blake\AppData\Local\EmieBrowserModeList
2015-01-13 16:29 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:29 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:29 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:29 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:29 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:28 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:28 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:28 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:28 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:28 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 17:09 - 2013-02-24 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 17:02 - 2010-09-18 13:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 16:58 - 2008-01-10 15:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001UA.job
2015-02-01 16:58 - 2008-01-10 15:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1560893884-281677460-626559596-1001Core.job
2015-02-01 16:20 - 2008-01-10 02:32 - 01123288 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 15:20 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 15:20 - 2009-07-13 22:45 - 00023264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 15:13 - 2014-03-08 16:17 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-01 15:13 - 2010-09-18 13:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 15:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 15:12 - 2010-09-10 14:55 - 00000000 ____D () C:\Windows\pss
2015-02-01 13:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-31 22:57 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:00 - 2009-07-13 20:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-31 01:18 - 2008-01-10 15:10 - 00000000 ____D () C:\Users\Blake\AppData\Local\Deployment
2015-01-26 22:00 - 2011-06-27 18:19 - 00002372 _____ () C:\Users\Blake\Desktop\Google Chrome.lnk
2015-01-25 22:10 - 2013-02-24 21:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:10 - 2013-02-24 21:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:10 - 2011-06-10 00:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 23:05 - 2013-05-25 15:38 - 00000000 ___RD () C:\Users\Blake\Desktop\TaTa's Ebay Listings
2015-01-20 00:11 - 2010-11-10 06:30 - 03746816 _____ () C:\Users\Blake\Desktop\Rocket List.xls
2015-01-14 16:34 - 2014-12-27 14:15 - 00000000 ____D () C:\Users\Blake\AppData\Local\Adobe
2015-01-13 18:46 - 2008-01-10 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 18:36 - 2010-12-05 15:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 19:07 - 2012-03-06 01:58 - 00070062 _____ () C:\Users\Blake\Desktop\EBAY RECORDS.xlsx
2015-01-09 14:31 - 2010-09-09 15:09 - 00000000 ____D () C:\Users\Blake\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
 
2010-09-25 18:42 - 2010-09-25 22:55 - 0099384 _____ () C:\Users\Blake\AppData\Roaming\inst.exe
2010-09-25 18:42 - 2010-09-25 22:55 - 0007859 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.cat
2010-09-25 18:42 - 2010-09-25 22:55 - 0001167 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.inf
2010-09-25 18:43 - 2010-09-25 22:55 - 0000033 _____ () C:\Users\Blake\AppData\Roaming\pcouffin.log
2010-09-25 18:42 - 2010-09-25 22:55 - 0082816 _____ (VSO Software) C:\Users\Blake\AppData\Roaming\pcouffin.sys
2014-08-17 00:02 - 2014-09-14 14:43 - 0007611 _____ () C:\Users\Blake\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 20:23
 
==================== End Of Log ============================


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:00 PM

Posted 01 February 2015 - 06:15 PM

Your log looks good. Lets check for any leftovers.

 

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 06:30 PM

Thanks for the quick replies. I'm running a scan with ESET right now. Will post the log when done.


Edited by BlackRoseImmortal, 01 February 2015 - 06:30 PM.


#15 BlackRoseImmortal

BlackRoseImmortal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 01 February 2015 - 09:15 PM

ESET log:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-11.exe.vir a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-3.exe.vir a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-4.exe.vir a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-5.exe.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.exe.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-64.exe.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-7.exe.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\8c2039bc-46a8-4ece-8671-0e3732b6ec26.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\cf471432-6828-47c8-9546-021956343207.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\Savepass 2.0-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\Savepass 2.0-bho.dll.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\Savepass 2.0-bho64.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\Savepass 2.0-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savepass 2.0\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.30_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\bm32ivi6.default\Extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}Gw64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Open Deployment\plg0.dll a variant of Win32/MediaMine.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Open Deployment\plg1.dll a variant of Win32/MediaMine.B trojan cleaned by deleting - quarantined
C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547\2cd1a9b3-b5aa-4694-a79f-310225be207a.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547\74f41bbe-a969-4bd2-86a7-0ec7d4920547.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users