Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovi search engine and browser virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Stonekiwi

Stonekiwi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 10 February 2015 - 07:09 AM

I've tried malware removal and AV software, but it doesn't make a wit of a difference. I was scrolling through the forums, and whilst this topic makes an appearance a few times, it seems to be an individual solution each time.

 

Begging for help.

 

I've used the userguides and tutorials on this site many times, but this is the first time I've had to post a log because I'm at a loss. Appreciate any help you can provide.

 

Kind Regards.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by CrownUser (administrator) on CROWNUSER-PC on 10-02-2015 22:01:57
Running from C:\Users\CrownUser\Downloads
Loaded Profiles: CrownUser (Available profiles: CrownUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Browser)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acute Angle Solutions Ltd) C:\ProgramData\uNWPmaBABC\DXSeDM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\Run: [BitTorrent] => C:\Users\CrownUser\AppData\Roaming\BitTorrent\BitTorrent.exe [1376600 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series"
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\Run: [SoftonicAssistant] => C:\Users\CrownUser\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {109b27ae-3fa5-11e3-836f-00a0c6000000} - E:\laucher.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {30e2bb43-a065-11e1-90a5-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {4a72ac36-9363-11e1-bcef-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {9fbc984b-a7c1-11e2-9fc1-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {ede0c74a-a2e4-11e1-9384-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\MountPoints2: {f6de189d-1ee5-11e1-9828-806e6f6e6963} - D:\Bin\assetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-2609012142-11504936-2181061208-1000 -> {80FF9581-3E21-4FAF-89A4-2261615E8F30} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\CrownUser\AppData\Roaming\Mozilla\Firefox\Profiles\71k5zo77.default-1407835289368
FF Homepage: www.google.com.au
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hdmcaaohmbjedcdifpippgjeppfdjcmc] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha621\ch\MediaViewV1alpha621.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iapojnplkeldolocffnfcehgfciiplkk] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4235\ch\MediaViewV1alpha4235.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lpolenhhnmilmkglpkjpnlcbbllhaikf] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6091\ch\MediaBuzzV1mode6091.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DXSeDM; C:\ProgramData\uNWPmaBABC\DXSeDM.exe [2726256 2015-01-01] (Acute Angle Solutions Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-06] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-06-01] (ASIX Electronics Corp.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-11] (Agere Systems)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [787968 2009-11-09] (Ralink Technology, Corp.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-10-28] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S3 L1E; system32\DRIVERS\L1E62x64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 22:01 - 2015-02-10 22:02 - 00017966 _____ () C:\Users\CrownUser\Downloads\FRST.txt
2015-02-10 22:01 - 2015-02-10 22:02 - 00000000 ____D () C:\FRST
2015-02-10 22:00 - 2015-02-10 22:01 - 02132992 _____ (Farbar) C:\Users\CrownUser\Downloads\FRST64.exe
2015-02-06 20:42 - 2015-02-06 20:44 - 00000000 ____D () C:\Users\CrownUser\AppData\Roaming\Ventrilo
2015-02-06 20:42 - 2015-02-06 20:42 - 00000871 _____ () C:\Users\Public\Desktop\Ventrilo.lnk
2015-02-06 20:42 - 2015-02-06 20:42 - 00000268 _____ () C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2015-02-06 20:42 - 2015-02-06 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
2015-02-06 20:42 - 2015-02-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Ventrilo
2015-02-06 20:41 - 2015-02-06 20:41 - 03786512 _____ () C:\Users\CrownUser\Downloads\ventrilo-3.0.8-Windows-i386.exe
2015-02-02 10:05 - 2015-02-02 10:06 - 00000000 ____D () C:\Users\CrownUser\AppData\Local\{9261DD7B-3547-4152-9F37-F1C99DBDCD79}
2015-01-31 18:13 - 2015-01-31 18:13 - 00000912 _____ () C:\Users\CrownUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-01-31 18:09 - 2015-01-31 18:24 - 00000000 ____D () C:\Users\CrownUser\AppData\Local\osu!
2015-01-31 18:09 - 2015-01-31 18:09 - 03200584 _____ (ppy) C:\Users\CrownUser\Downloads\osu!install.exe
2015-01-29 18:15 - 2015-01-29 18:18 - 64841770 _____ () C:\Users\CrownUser\Downloads\Pentakill-SmiteandIgnite-320kbps.zip
2015-01-21 13:53 - 2015-01-21 17:11 - 1946117111 _____ () C:\Users\CrownUser\Downloads\The.100.S02E04.720p.HDTV.x264-KILLERS.mkv
2015-01-21 13:52 - 2015-01-21 13:52 - 00074784 _____ () C:\Users\CrownUser\Downloads\[kickass.so]the.100.s02e04.720p.hdtv.x264.killers.eztv.torrent
2015-01-21 13:50 - 2015-01-21 16:57 - 1366434593 _____ () C:\Users\CrownUser\Downloads\The.100.S02E05.720p.HDTV.x264-KILLERS.mkv
2015-01-21 13:49 - 2015-01-21 15:33 - 1053110528 _____ () C:\Users\CrownUser\Downloads\The 100 S02E03 1080p HDTV [G2G].mp4
2015-01-21 13:49 - 2015-01-21 13:49 - 00052684 _____ () C:\Users\CrownUser\Downloads\[katproxy.com]the.100.s02e05.720p.hdtv.x264.killers.eztv.torrent
2015-01-21 13:48 - 2015-01-21 13:48 - 00040691 _____ () C:\Users\CrownUser\Downloads\[katproxy.com]the.100.s02e03.1080p.hdtv.g2g.mp4.torrent
2015-01-21 13:48 - 2015-01-21 13:48 - 00012993 _____ () C:\Users\CrownUser\Downloads\[katproxy.com]los.100.temporada.2.hdtv.cap.204.español.castellano.torrent
2015-01-18 21:19 - 2015-01-18 21:19 - 00029969 _____ () C:\Users\CrownUser\Downloads\[kickass.so]the.100.s02e02.hdtv.x264.lol.ettv.torrent
2015-01-18 21:19 - 2015-01-18 21:19 - 00000000 ____D () C:\Users\CrownUser\Downloads\The 100 S02E02 HDTV x264-LOL[ettv]
2015-01-18 21:18 - 2015-01-18 21:18 - 00000000 ____D () C:\Users\CrownUser\Downloads\The.100.S02E01.720p.HDTV.x264-xRed
2015-01-18 21:17 - 2015-01-18 21:17 - 00024745 _____ () C:\Users\CrownUser\Downloads\[kickass.so]the.100.s02e01.720p.hdtv.x264.xred.torrent
2015-01-18 18:57 - 2015-01-18 18:59 - 00000000 ____D () C:\Users\CrownUser\Downloads\Death At A Funeral (2007)
2015-01-18 18:57 - 2015-01-18 18:57 - 00012856 _____ () C:\Users\CrownUser\Downloads\[kickass.so]death.at.a.funeral.2007.720p.brrip.x264.602mb.yify.torrent
2015-01-18 18:57 - 2015-01-18 18:57 - 00012856 _____ () C:\Users\CrownUser\Downloads\[kickass.so]death.at.a.funeral.2007.720p.brrip.x264.602mb.yify (1).torrent
2015-01-14 12:02 - 2014-12-19 13:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:02 - 2014-12-12 03:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:01 - 2014-12-19 11:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:01 - 2014-12-12 15:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:01 - 2014-12-12 15:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:01 - 2014-12-12 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:01 - 2014-12-12 15:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:01 - 2014-12-12 15:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:01 - 2014-12-12 15:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:01 - 2014-12-12 15:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:01 - 2014-12-06 14:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:01 - 2014-12-06 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:01 - 2014-12-06 13:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 22:01 - 2013-04-18 11:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 21:57 - 2010-09-30 10:34 - 01265580 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 21:48 - 2014-08-09 02:15 - 00000000 ____D () C:\ProgramData\c26c87bb6d5b1173
2015-02-10 21:48 - 2013-12-29 20:50 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-02-10 21:33 - 2010-09-30 10:34 - 00002314 _____ () C:\Users\CrownUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-10 19:08 - 2015-01-08 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
2015-02-10 19:08 - 2014-05-02 17:07 - 00001919 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-09 16:18 - 2013-12-07 09:18 - 00000000 ____D () C:\Users\CrownUser\AppData\Roaming\BitTorrent
2015-02-08 00:15 - 2013-10-25 16:45 - 00000000 ____D () C:\Users\CrownUser\AppData\Roaming\Skype
2015-02-07 15:31 - 2009-07-14 14:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 15:31 - 2009-07-14 14:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:45 - 2014-07-19 09:08 - 00000000 ____D () C:\Users\CrownUser\AppData\Roaming\TS3Client
2015-02-06 20:01 - 2013-04-18 11:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:01 - 2013-04-18 11:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:01 - 2011-06-29 08:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:23 - 2009-07-14 15:13 - 00784366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 18:19 - 2013-10-24 14:43 - 00037077 _____ () C:\Windows\setupact.log
2015-02-06 18:18 - 2013-10-24 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 18:18 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 11:25 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 18:18 - 2014-02-09 19:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-03 18:17 - 2014-02-09 18:55 - 00000000 ____D () C:\Users\CrownUser\AppData\Local\Battle.net
2015-01-26 11:16 - 2013-10-25 14:28 - 00000000 ____D () C:\Users\CrownUser\AppData\Roaming\vlc
2015-01-15 03:20 - 2015-01-01 20:57 - 00000000 ____D () C:\Users\CrownUser\AppData\Local\SoftonicAssistant
2015-01-15 03:20 - 2013-10-26 08:31 - 00870124 _____ () C:\Windows\PFRO.log
2015-01-15 03:03 - 2013-10-24 10:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2010-10-01 09:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:20 - 2011-01-22 14:54 - 00000000 ____D () C:\ProgramData\Temp
 
==================== Files in the root of some directories =======
 
2014-05-25 08:38 - 2014-05-25 08:38 - 0007602 _____ () C:\Users\CrownUser\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\CrownUser\AppData\Local\Temp\CloudBackup9636.exe
C:\Users\CrownUser\AppData\Local\Temp\optprosetup.exe
C:\Users\CrownUser\AppData\Local\Temp\Quarantine.exe
C:\Users\CrownUser\AppData\Local\Temp\Setup-2-.exe
C:\Users\CrownUser\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CrownUser\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 00:49
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 14 February 2015 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove Programs applet delete these processes in bold..

deaol44me (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - deal44mE) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha4235) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha621) (Version: 1.1 - Media View) <==== ATTENTION
Softonic Assistant (HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\SoftonicAssistant) (Version: 0.1.6 - Softonic International S.A.) <==== ATTENTION
speed browser (HKLM-x32\...\speed browser) (Version: 40.0.2214.45 - Smart Applications)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Acute Angle Solutions Ltd) C:\ProgramData\uNWPmaBABC\DXSeDM.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
(Smart Applications) C:\Program Files (x86)\speed browser\Application\browser.exe
HKU\S-1-5-21-2609012142-11504936-2181061208-1000\...\Run: [SoftonicAssistant] => C:\Users\CrownUser\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hdmcaaohmbjedcdifpippgjeppfdjcmc] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha621\ch\MediaViewV1alpha621.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iapojnplkeldolocffnfcehgfciiplkk] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4235\ch\MediaViewV1alpha4235.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lpolenhhnmilmkglpkjpnlcbbllhaikf] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6091\ch\MediaBuzzV1mode6091.crx [Not Found]
R2 DXSeDM; C:\ProgramData\uNWPmaBABC\DXSeDM.exe [2726256 2015-01-01] (Acute Angle Solutions Ltd)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S3 L1E; system32\DRIVERS\L1E62x64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
C:\Users\CrownUser\AppData\Local\Temp\CloudBackup9636.exe
C:\Users\CrownUser\AppData\Local\Temp\optprosetup.exe
C:\Users\CrownUser\AppData\Local\Temp\Setup-2-.exe
C:\Users\CrownUser\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CrownUser\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
AlternateDataStreams: C:\ProgramData\Temp:27D40D6F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\ProgramData\uNWPmaBABC
C:\Program Files (x86)\speed browser

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please post the logs and let me know what problem persists.

#3 Stonekiwi

Stonekiwi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 15 February 2015 - 03:48 AM

Nasdaq, Firstly thank you for the reply.

 

Secondly, thank you so much for a comprehensive, effective solution. Worked perfectly first time through, and there are no problems (that I'm aware of) remaining.

 

Computer is running much faster (booting, internet, general use) and I am very pleased with the result.

 

Thank you for your time - it is much appreciated.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 15 February 2015 - 10:17 AM


One last scan.
Please post the content of the file do not attach it.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 Stonekiwi

Stonekiwi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 16 February 2015 - 06:43 PM

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 17 February 2015 - 09:26 AM

Using the AddRemove programs applet remove the old version of Java 7 Update 21

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 21 February 2015 - 10:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users