Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader


  • This topic is locked This topic is locked
38 replies to this topic

#1 Haggisbasher

Haggisbasher

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 04:13 AM

Hi 

Just registered to-day 23/4/15.

 

I am running a Dell Inspiron 3847 on Windows 8.1.

 

21/4/15 downloaded and opened file on line website and suffered Luckysearches browser Hijacker.

 

 

Used this websites Lucksearches.com Browser Hijacker Removal Guide;

http://www.bleepingcomputer.com/virus-removal/remove-luckysearches.com-browser-hijacker

 

 

Used RKill, Malwarebytes, Adwcleaner, and Sc-cleaner which removed Luckysearches.

 

 

Can you help as I am receiving Trojans and PUPS as follows?

 

 

 Malwarbytes;

 

Malware Database: v2015.04.23.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371569
Time Elapsed: 9 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
Trojan.Downloader, C:\Users\David\AppData\Local\Temp\nslD5BB.tmp, 4016, , [847a2649cac0191d5e25c27440c3ba46]
PUP.Optional.Bundle, C:\Users\David\AppData\Local\Temp\nslD5BC.tmp, 3268, , [c03e2649088267cfec1db1446e97cb35]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [76888de26f1b2e08a4cc29aa3cc712ee], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.ASPackage.A, C:\Users\David\AppData\Roaming\ASPackage, , [76888de26f1b2e08a4cc29aa3cc712ee], 
PUP.Optional.ASPackage.A, C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, , [b7471e51deac61d577fa26adfc07a15f], 
 
Files: 5
Trojan.Downloader, C:\Users\David\AppData\Local\Temp\nslD5BB.tmp, , [847a2649cac0191d5e25c27440c3ba46], 
PUP.Optional.Bundle, C:\Users\David\AppData\Local\Temp\nslD5BC.tmp, , [c03e2649088267cfec1db1446e97cb35], 
PUP.Optional.ASPackage.A, C:\Users\David\AppData\Roaming\ASPackage\Uninstall.exe, , [76888de26f1b2e08a4cc29aa3cc712ee], 
PUP.Optional.ASPackage.A, C:\Users\David\AppData\Roaming\ASPackage\ASPackage.exe, , [76888de26f1b2e08a4cc29aa3cc712ee], 
PUP.Optional.ASPackage.A, C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, , [b7471e51deac61d577fa26adfc07a15f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
 
 
Adwcleaner;
 
 
# AdwCleaner v4.201 - Logfile created 23/04/2015 at 08:44:16
# Updated 08/04/2015 by Xplode
# Database : 2015-04-22.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : David - DAVID
# Running from : C:\Users\David\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
File Deleted : C:\Users\David\Desktop\Continue Live Installation.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
 
*************************
 
AdwCleaner[R0].txt - [725 bytes] - [19/12/2014 15:02:14]
AdwCleaner[R100].txt - [8017 bytes] - [07/02/2015 22:40:05]
AdwCleaner[R101].txt - [8078 bytes] - [08/02/2015 09:30:13]
AdwCleaner[R102].txt - [8279 bytes] - [09/02/2015 11:46:53]
AdwCleaner[R103].txt - [8535 bytes] - [10/02/2015 09:57:16]
AdwCleaner[R104].txt - [8381 bytes] - [10/02/2015 17:10:37]
AdwCleaner[R105].txt - [8442 bytes] - [12/02/2015 09:34:13]
AdwCleaner[R106].txt - [8639 bytes] - [13/02/2015 12:18:29]
AdwCleaner[R107].txt - [8625 bytes] - [14/02/2015 17:49:33]
AdwCleaner[R108].txt - [8686 bytes] - [15/02/2015 00:41:02]
AdwCleaner[R109].txt - [8747 bytes] - [15/02/2015 10:42:16]
AdwCleaner[R10].txt - [1315 bytes] - [20/12/2014 13:29:51]
AdwCleaner[R110].txt - [8808 bytes] - [15/02/2015 13:56:03]
AdwCleaner[R111].txt - [8869 bytes] - [16/02/2015 00:23:27]
AdwCleaner[R112].txt - [8930 bytes] - [16/02/2015 16:04:38]
AdwCleaner[R113].txt - [8991 bytes] - [17/02/2015 09:22:06]
AdwCleaner[R114].txt - [9052 bytes] - [18/02/2015 09:40:36]
AdwCleaner[R115].txt - [9111 bytes] - [19/02/2015 16:26:26]
AdwCleaner[R116].txt - [9172 bytes] - [20/02/2015 00:29:40]
AdwCleaner[R117].txt - [9233 bytes] - [21/02/2015 18:48:55]
AdwCleaner[R118].txt - [9294 bytes] - [22/02/2015 09:10:11]
AdwCleaner[R119].txt - [9355 bytes] - [24/02/2015 20:54:25]
AdwCleaner[R11].txt - [1519 bytes] - [20/12/2014 15:22:18]
AdwCleaner[R120].txt - [9416 bytes] - [25/02/2015 09:42:04]
AdwCleaner[R121].txt - [9477 bytes] - [02/03/2015 00:57:51]
AdwCleaner[R122].txt - [9538 bytes] - [04/03/2015 17:55:15]
AdwCleaner[R123].txt - [9599 bytes] - [07/03/2015 21:11:05]
AdwCleaner[R124].txt - [9668 bytes] - [10/03/2015 19:19:15]
AdwCleaner[R125].txt - [9728 bytes] - [13/03/2015 09:41:20]
AdwCleaner[R126].txt - [9789 bytes] - [15/03/2015 08:42:06]
AdwCleaner[R127].txt - [9959 bytes] - [21/03/2015 00:30:40]
AdwCleaner[R128].txt - [9974 bytes] - [30/03/2015 21:35:58]
AdwCleaner[R129].txt - [10036 bytes] - [03/04/2015 14:32:30]
AdwCleaner[R12].txt - [1400 bytes] - [20/12/2014 15:41:32]
AdwCleaner[R130].txt - [10099 bytes] - [06/04/2015 08:03:49]
AdwCleaner[R131].txt - [10161 bytes] - [09/04/2015 08:30:33]
AdwCleaner[R132].txt - [10362 bytes] - [12/04/2015 07:41:05]
AdwCleaner[R133].txt - [10346 bytes] - [15/04/2015 21:05:17]
AdwCleaner[R134].txt - [10546 bytes] - [19/04/2015 08:13:34]
AdwCleaner[R135].txt - [52340 bytes] - [21/04/2015 08:39:26]
AdwCleaner[R136].txt - [11160 bytes] - [21/04/2015 08:56:19]
AdwCleaner[R137].txt - [10776 bytes] - [21/04/2015 09:54:54]
AdwCleaner[R138].txt - [10906 bytes] - [21/04/2015 13:07:41]
AdwCleaner[R139].txt - [10961 bytes] - [21/04/2015 18:44:00]
AdwCleaner[R13].txt - [1641 bytes] - [20/12/2014 17:45:07]
AdwCleaner[R140].txt - [11103 bytes] - [22/04/2015 07:23:36]
AdwCleaner[R141].txt - [13054 bytes] - [22/04/2015 09:42:35]
AdwCleaner[R142].txt - [13312 bytes] - [22/04/2015 11:53:22]
AdwCleaner[R143].txt - [11392 bytes] - [22/04/2015 12:16:48]
AdwCleaner[R144].txt - [11534 bytes] - [22/04/2015 14:30:21]
AdwCleaner[R145].txt - [22484 bytes] - [22/04/2015 14:51:43]
AdwCleaner[R146].txt - [11817 bytes] - [22/04/2015 16:09:30]
AdwCleaner[R147].txt - [11823 bytes] - [22/04/2015 16:16:59]
AdwCleaner[R148].txt - [12460 bytes] - [22/04/2015 18:11:35]
AdwCleaner[R149].txt - [12692 bytes] - [22/04/2015 21:49:45]
AdwCleaner[R14].txt - [1846 bytes] - [20/12/2014 17:48:52]
AdwCleaner[R150].txt - [12390 bytes] - [22/04/2015 22:14:12]
AdwCleaner[R151].txt - [12661 bytes] - [22/04/2015 23:35:19]
AdwCleaner[R152].txt - [12723 bytes] - [22/04/2015 23:36:32]
AdwCleaner[R153].txt - [12439 bytes] - [23/04/2015 07:21:24]
AdwCleaner[R154].txt - [12828 bytes] - [23/04/2015 08:36:08]
AdwCleaner[R15].txt - [1967 bytes] - [20/12/2014 19:12:09]
AdwCleaner[R16].txt - [2028 bytes] - [21/12/2014 08:06:57]
AdwCleaner[R17].txt - [2089 bytes] - [21/12/2014 09:31:57]
AdwCleaner[R18].txt - [2210 bytes] - [21/12/2014 09:51:45]
AdwCleaner[R19].txt - [3114 bytes] - [21/12/2014 10:11:51]
AdwCleaner[R1].txt - [740 bytes] - [19/12/2014 15:23:53]
AdwCleaner[R20].txt - [2452 bytes] - [21/12/2014 10:23:18]
AdwCleaner[R21].txt - [2712 bytes] - [21/12/2014 11:02:13]
AdwCleaner[R22].txt - [2694 bytes] - [21/12/2014 11:06:06]
AdwCleaner[R23].txt - [2755 bytes] - [21/12/2014 11:08:54]
AdwCleaner[R24].txt - [2596 bytes] - [22/12/2014 00:54:49]
AdwCleaner[R25].txt - [2657 bytes] - [22/12/2014 08:33:45]
AdwCleaner[R26].txt - [2718 bytes] - [22/12/2014 10:34:38]
AdwCleaner[R27].txt - [2779 bytes] - [22/12/2014 13:29:10]
AdwCleaner[R28].txt - [2840 bytes] - [22/12/2014 22:14:51]
AdwCleaner[R29].txt - [2901 bytes] - [23/12/2014 10:49:52]
AdwCleaner[R2].txt - [799 bytes] - [19/12/2014 17:12:45]
AdwCleaner[R30].txt - [2962 bytes] - [23/12/2014 21:47:00]
AdwCleaner[R31].txt - [3023 bytes] - [24/12/2014 09:48:23]
AdwCleaner[R32].txt - [3084 bytes] - [26/12/2014 01:51:17]
AdwCleaner[R33].txt - [3145 bytes] - [27/12/2014 10:33:20]
AdwCleaner[R34].txt - [3206 bytes] - [28/12/2014 09:52:30]
AdwCleaner[R35].txt - [3267 bytes] - [30/12/2014 10:22:53]
AdwCleaner[R36].txt - [3328 bytes] - [01/01/2015 18:16:46]
AdwCleaner[R37].txt - [3389 bytes] - [05/01/2015 10:44:45]
AdwCleaner[R38].txt - [3450 bytes] - [06/01/2015 19:50:26]
AdwCleaner[R39].txt - [3651 bytes] - [18/01/2015 11:03:08]
AdwCleaner[R3].txt - [858 bytes] - [19/12/2014 18:04:29]
AdwCleaner[R40].txt - [3632 bytes] - [18/01/2015 11:20:50]
AdwCleaner[R41].txt - [3693 bytes] - [18/01/2015 13:14:01]
AdwCleaner[R42].txt - [3754 bytes] - [18/01/2015 18:08:20]
AdwCleaner[R43].txt - [3955 bytes] - [19/01/2015 09:20:22]
AdwCleaner[R44].txt - [3936 bytes] - [19/01/2015 11:50:51]
AdwCleaner[R45].txt - [4137 bytes] - [19/01/2015 12:00:07]
AdwCleaner[R46].txt - [4119 bytes] - [19/01/2015 13:45:29]
AdwCleaner[R47].txt - [4180 bytes] - [19/01/2015 14:45:52]
AdwCleaner[R48].txt - [4240 bytes] - [19/01/2015 14:48:31]
AdwCleaner[R49].txt - [4301 bytes] - [19/01/2015 16:45:07]
AdwCleaner[R4].txt - [917 bytes] - [19/12/2014 20:04:21]
AdwCleaner[R50].txt - [4362 bytes] - [19/01/2015 18:18:40]
AdwCleaner[R51].txt - [4564 bytes] - [20/01/2015 00:02:24]
AdwCleaner[R52].txt - [4545 bytes] - [20/01/2015 09:12:46]
AdwCleaner[R53].txt - [4606 bytes] - [20/01/2015 09:27:02]
AdwCleaner[R54].txt - [4667 bytes] - [20/01/2015 10:10:05]
AdwCleaner[R55].txt - [4728 bytes] - [20/01/2015 13:58:35]
AdwCleaner[R56].txt - [4789 bytes] - [20/01/2015 15:47:23]
AdwCleaner[R57].txt - [4850 bytes] - [20/01/2015 16:03:13]
AdwCleaner[R58].txt - [4911 bytes] - [20/01/2015 16:16:03]
AdwCleaner[R59].txt - [4972 bytes] - [20/01/2015 16:27:05]
AdwCleaner[R5].txt - [976 bytes] - [19/12/2014 20:37:05]
AdwCleaner[R60].txt - [5033 bytes] - [20/01/2015 17:38:27]
AdwCleaner[R61].txt - [5094 bytes] - [21/01/2015 00:29:09]
AdwCleaner[R62].txt - [5295 bytes] - [21/01/2015 09:14:54]
AdwCleaner[R63].txt - [5356 bytes] - [21/01/2015 09:21:06]
AdwCleaner[R64].txt - [5338 bytes] - [21/01/2015 20:56:58]
AdwCleaner[R65].txt - [5539 bytes] - [22/01/2015 08:55:28]
AdwCleaner[R66].txt - [5521 bytes] - [22/01/2015 23:18:07]
AdwCleaner[R67].txt - [5582 bytes] - [23/01/2015 08:21:23]
AdwCleaner[R68].txt - [5704 bytes] - [23/01/2015 17:54:37]
AdwCleaner[R69].txt - [5905 bytes] - [24/01/2015 09:17:03]
AdwCleaner[R6].txt - [1035 bytes] - [19/12/2014 22:59:29]
AdwCleaner[R70].txt - [5887 bytes] - [24/01/2015 12:56:56]
AdwCleaner[R71].txt - [5942 bytes] - [25/01/2015 08:56:12]
AdwCleaner[R72].txt - [6003 bytes] - [25/01/2015 14:57:51]
AdwCleaner[R73].txt - [6064 bytes] - [26/01/2015 08:47:24]
AdwCleaner[R74].txt - [6125 bytes] - [26/01/2015 11:57:48]
AdwCleaner[R75].txt - [6186 bytes] - [26/01/2015 21:04:50]
AdwCleaner[R76].txt - [6308 bytes] - [26/01/2015 21:08:36]
AdwCleaner[R77].txt - [6369 bytes] - [27/01/2015 09:56:03]
AdwCleaner[R78].txt - [6430 bytes] - [27/01/2015 13:19:43]
AdwCleaner[R79].txt - [6626 bytes] - [29/01/2015 22:58:37]
AdwCleaner[R7].txt - [1096 bytes] - [20/12/2014 08:47:51]
AdwCleaner[R80].txt - [6613 bytes] - [30/01/2015 00:51:20]
AdwCleaner[R81].txt - [6674 bytes] - [31/01/2015 10:15:36]
AdwCleaner[R82].txt - [6870 bytes] - [31/01/2015 18:30:10]
AdwCleaner[R83].txt - [6992 bytes] - [01/02/2015 00:45:39]
AdwCleaner[R84].txt - [6979 bytes] - [01/02/2015 08:36:06]
AdwCleaner[R85].txt - [7040 bytes] - [01/02/2015 12:25:06]
AdwCleaner[R86].txt - [7101 bytes] - [01/02/2015 14:22:14]
AdwCleaner[R87].txt - [7162 bytes] - [01/02/2015 23:02:26]
AdwCleaner[R88].txt - [7363 bytes] - [02/02/2015 08:21:39]
AdwCleaner[R89].txt - [7345 bytes] - [02/02/2015 11:43:38]
AdwCleaner[R8].txt - [1194 bytes] - [20/12/2014 11:13:42]
AdwCleaner[R90].txt - [7406 bytes] - [02/02/2015 18:03:49]
AdwCleaner[R91].txt - [7467 bytes] - [03/02/2015 00:08:59]
AdwCleaner[R92].txt - [7668 bytes] - [03/02/2015 08:12:37]
AdwCleaner[R93].txt - [7650 bytes] - [03/02/2015 23:24:56]
AdwCleaner[R94].txt - [7711 bytes] - [04/02/2015 09:56:25]
AdwCleaner[R95].txt - [7772 bytes] - [04/02/2015 16:12:39]
AdwCleaner[R96].txt - [7995 bytes] - [06/02/2015 00:49:33]
AdwCleaner[R97].txt - [7836 bytes] - [06/02/2015 12:53:57]
AdwCleaner[R98].txt - [7896 bytes] - [06/02/2015 15:26:08]
AdwCleaner[R99].txt - [7956 bytes] - [07/02/2015 12:31:07]
AdwCleaner[R9].txt - [1254 bytes] - [20/12/2014 11:32:45]
AdwCleaner[S0].txt - [1704 bytes] - [20/12/2014 17:46:32]
AdwCleaner[S10].txt - [4628 bytes] - [20/01/2015 00:03:25]
AdwCleaner[S11].txt - [5420 bytes] - [21/01/2015 09:22:02]
AdwCleaner[S12].txt - [5603 bytes] - [22/01/2015 08:57:43]
AdwCleaner[S13].txt - [5644 bytes] - [23/01/2015 08:59:19]
AdwCleaner[S14].txt - [5969 bytes] - [24/01/2015 09:18:49]
AdwCleaner[S15].txt - [6248 bytes] - [26/01/2015 21:07:07]
AdwCleaner[S16].txt - [6690 bytes] - [29/01/2015 23:01:29]
AdwCleaner[S17].txt - [6934 bytes] - [31/01/2015 18:45:23]
AdwCleaner[S18].txt - [7056 bytes] - [01/02/2015 00:47:38]
AdwCleaner[S19].txt - [7427 bytes] - [02/02/2015 09:00:15]
AdwCleaner[S1].txt - [1910 bytes] - [20/12/2014 17:50:36]
AdwCleaner[S20].txt - [7732 bytes] - [03/02/2015 08:14:01]
AdwCleaner[S21].txt - [8066 bytes] - [06/02/2015 00:51:01]
AdwCleaner[S22].txt - [8348 bytes] - [09/02/2015 11:48:07]
AdwCleaner[S23].txt - [8605 bytes] - [10/02/2015 10:11:23]
AdwCleaner[S24].txt - [8707 bytes] - [13/02/2015 12:20:52]
AdwCleaner[S25].txt - [10027 bytes] - [21/03/2015 00:42:08]
AdwCleaner[S26].txt - [10429 bytes] - [12/04/2015 07:41:54]
AdwCleaner[S27].txt - [10613 bytes] - [19/04/2015 08:14:38]
AdwCleaner[S28].txt - [27717 bytes] - [21/04/2015 08:40:08]
AdwCleaner[S29].txt - [11232 bytes] - [21/04/2015 08:56:56]
AdwCleaner[S2].txt - [2153 bytes] - [21/12/2014 09:32:54]
AdwCleaner[S30].txt - [10974 bytes] - [21/04/2015 13:08:23]
AdwCleaner[S31].txt - [11171 bytes] - [22/04/2015 07:28:38]
AdwCleaner[S32].txt - [12474 bytes] - [22/04/2015 09:43:34]
AdwCleaner[S33].txt - [13301 bytes] - [22/04/2015 11:54:19]
AdwCleaner[S34].txt - [11602 bytes] - [22/04/2015 14:32:22]
AdwCleaner[S35].txt - [20289 bytes] - [22/04/2015 14:52:39]
AdwCleaner[S36].txt - [11887 bytes] - [22/04/2015 16:10:13]
AdwCleaner[S37].txt - [12536 bytes] - [22/04/2015 18:12:12]
AdwCleaner[S38].txt - [12560 bytes] - [22/04/2015 21:58:35]
AdwCleaner[S39].txt - [12460 bytes] - [22/04/2015 22:15:07]
AdwCleaner[S3].txt - [2274 bytes] - [21/12/2014 09:53:06]
AdwCleaner[S40].txt - [12797 bytes] - [22/04/2015 23:36:57]
AdwCleaner[S41].txt - [12403 bytes] - [23/04/2015 08:44:16]
AdwCleaner[S4].txt - [3184 bytes] - [21/12/2014 10:17:40]
AdwCleaner[S5].txt - [2516 bytes] - [21/12/2014 10:59:26]
AdwCleaner[S6].txt - [2778 bytes] - [21/12/2014 11:04:58]
AdwCleaner[S7].txt - [3713 bytes] - [18/01/2015 11:17:34]
AdwCleaner[S8].txt - [4017 bytes] - [19/01/2015 09:23:36]
AdwCleaner[S9].txt - [4199 bytes] - [19/01/2015 12:01:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S41].txt - [12818  bytes] ##########
 
 
 
 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 07:32 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 08:55 AM

Hi Jurgen

 

I've scanned with FRST and this is the result;

 

 

 

 

 

 

 

 

Addition Notepad

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by David at 2015-04-23 14:31:40
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MG5100 series User Registration (HKLM-x32\...\Canon MG5100 series User Registration) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell System Detect (HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\73f463568823ebbe) (Version: 6.0.0.14 - Dell)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LiveWPPUpdate (HKLM-x32\...\LiveWPPUpdate) (Version:  - Anti-phishing database updater for Web Protector Plus. This service keeps your computer updated with the newest database of known Internet threats.)
luckysearches uninstall (HKLM-x32\...\luckysearches uninstall) (Version:  - luckysearches)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Music Manager (HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\MusicManager) (Version:  - Google, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Web Protector IE (HKLM-x32\...\WebProtector) (Version: 1.0.0.2 - WebProtector)
Web Protector Plus (uninstall only) (HKLM\...\WebProtectorPlus) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1697393911-1726832963-182751780-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1697393911-1726832963-182751780-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1697393911-1726832963-182751780-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-04-2015 08:19:48 Windows Update
12-04-2015 07:34:02 Scheduled Checkpoint
15-04-2015 07:40:41 Windows Update
22-04-2015 07:58:28 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1EE74371-8BC3-4392-BCC6-89F4E3694F87} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {2FCCC10D-FE23-40A4-8CFD-8EB129B5C76A} - System32\Tasks\JKUGLCES => C:\ProgramData\3a206372318d4ae1afa340a3325b60c0\3a206372318d4ae1afa340a3325b60c0.exe [2015-04-19] ()
Task: {3F1484E3-A25B-497A-8CB8-4701B8756F3F} - System32\Tasks\Dz6qfkEJboWqVnhBM => C:\Users\David\AppData\Roaming\Dz6qfkEJboWqVnhBM.exe <==== ATTENTION
Task: {3FF4B379-F181-4A78-B779-FF7E2447FBFB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {42A49A38-9613-4C2E-86A0-B1D77A5A6383} - System32\Tasks\jpfQatV81gKRTSaBr => C:\Users\David\AppData\Roaming\jpfQatV81gKRTSaBr.exe <==== ATTENTION
Task: {4906EADE-F195-45EF-85FE-DC34E517E7FF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DAVID-David David => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {5918ACF6-FD4F-4CE7-A625-753E763D92EC} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe
Task: {643D819A-E741-49BF-B26B-DEB08D2939DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {707A1841-487F-40CC-8A25-01120590CD31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
Task: {7568E164-831E-42EB-9968-5981E1ABBB41} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7FD39448-DD55-4F17-B585-EFEFF5EBE260} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {84952C8F-9ED3-4FA8-8C36-54B08D6A0C34} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {870FF82B-870C-4E7E-8451-A4B8FD166B0A} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {8DDF02C7-2711-49AA-BC81-9036172C79D3} - System32\Tasks\HICLIMPMS => C:\ProgramData\668eeb42f168435c8a12d2a94281c70f\668eeb42f168435c8a12d2a94281c70f.exe [2015-04-21] ()
Task: {9311437E-463C-4554-B4CE-07835F348A27} - System32\Tasks\Web Protector Plus => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe [2015-02-19] ()
Task: {B9F173B7-963F-4D93-8235-26F772F533EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BC2E4FDA-2748-41FD-B69A-C88BD9956580} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {BDAAA267-B2D2-4CF7-AF7F-89FB227E24AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CE06F3FF-3BAD-4420-93C8-600242D83B42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D759BBC3-5618-4A99-A4FC-3E797096AC1D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {E537A960-382E-48A4-B503-4C16C0664FE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {EE294E79-6C7B-4FE7-B8E0-67FF0C3EE037} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {F24CD926-DD64-46F3-8093-EB98D33ACF33} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1697393911-1726832963-182751780-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F24D79C1-1CA5-4A3F-8B9B-5F5EFF2EA9C5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {F7D068A0-49C9-47BA-A9AD-26AC1E3AFC0F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {FD0FB0EF-FEA9-4AA1-B0D6-7BCA5118A144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
Task: C:\WINDOWS\Tasks\Dz6qfkEJboWqVnhBM.job => C:\Users\David\AppData\Roaming\Dz6qfkEJboWqVnhBM.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1697393911-1726832963-182751780-1001Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1697393911-1726832963-182751780-1001Core1d02113a0230b18.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jpfQatV81gKRTSaBr.job => C:\Users\David\AppData\Roaming\jpfQatV81gKRTSaBr.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-23 08:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-22 20:13 - 2015-04-22 20:13 - 00171520 _____ () C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\nso46CF.tmp
2015-04-22 14:41 - 2015-04-22 14:41 - 00174592 _____ () C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp
2015-04-22 14:39 - 2015-04-22 14:39 - 00139264 _____ () C:\Users\David\AppData\Roaming\4C4C4544-1429709915-3010-804C-B5C04F505A31\jnsrA02E.tmp
2015-04-21 08:37 - 2015-04-21 08:37 - 00201216 _____ () C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\jnsd859E.tmp
2015-04-22 14:42 - 2015-04-22 14:42 - 00118272 _____ () C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp
2015-03-18 08:38 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-20 17:43 - 2014-12-20 17:44 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-05 00:20 - 2013-09-05 00:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 00:24 - 2013-09-05 00:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-09-18 20:37 - 2014-07-03 04:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-02-19 16:27 - 2015-02-19 16:27 - 00253440 _____ () C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe
2014-12-23 10:50 - 2014-12-23 10:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-19 14:16 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 20:41 - 2013-03-05 20:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-01-29 12:23 - 2013-12-09 22:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-18 20:37 - 2014-07-31 00:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-12-19 14:31 - 2012-11-26 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 20:37 - 2012-11-26 06:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-04-16 21:46 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 21:46 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-16 21:46 - 2015-04-13 22:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\allis_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\100_8456.jpg
HKU\S-1-5-21-1697393911-1726832963-182751780-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\allis_000\Pictures\IMG_20150120_142403.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "WinCheck"
HKLM\...\StartupApproved\Run32: => "gmsd_gb_293"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1697393911-1726832963-182751780-500 - Administrator - Disabled)
allis_000 (S-1-5-21-1697393911-1726832963-182751780-1004 - Limited - Enabled) => C:\Users\allis_000
David (S-1-5-21-1697393911-1726832963-182751780-1001 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1697393911-1726832963-182751780-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1697393911-1726832963-182751780-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ)
Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2015 02:30:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: user32.dll, version: 6.3.9600.17415, time stamp: 0x54503d20
Exception code: 0xc0000005
Fault offset: 0x0000c76a
Faulting process id: 0xf7c
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5
 
Error: (04/23/2015 01:55:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x1a3c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: David)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2015 11:57:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: David)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2015 11:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x4e4
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 10:38:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x13c4
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 10:25:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0xfd0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x1278
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 08:35:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x104c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/23/2015 08:25:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x774
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
 
System errors:
=============
Error: (04/23/2015 01:56:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (04/23/2015 01:11:21 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/23/2015 11:56:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (04/23/2015 11:53:05 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/23/2015 10:39:07 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (04/23/2015 10:26:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (04/23/2015 09:55:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Infonaut 1.10.0.14 Client Service service failed to start due to the following error: 
%%2
 
Error: (04/23/2015 09:55:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mail update Service service failed to start due to the following error: 
%%2
 
Error: (04/23/2015 09:15:26 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (04/23/2015 08:44:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Infonaut 1.10.0.14 Client Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2015 02:30:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19user32.dll6.3.9600.1741554503d20c00000050000c76af7c01d07dc99e7fc95dC:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\user32.dlldc638486-e9bc-11e4-82bc-485ab6328b26
 
Error: (04/23/2015 01:55:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec1801a3c01d07dc4d34a1340C:\WINDOWS\explorer.exeUSER32.dll11002871-e9b8-11e4-82bc-485ab6328b26
 
Error: (04/23/2015 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: David)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (04/23/2015 11:57:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: David)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (04/23/2015 11:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec1804e401d07db4109d7025C:\WINDOWS\explorer.exeUSER32.dll4e4ed3f8-e9a7-11e4-82bc-485ab6328b26
 
Error: (04/23/2015 10:38:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec18013c401d07da945c4626cC:\WINDOWS\explorer.exeUSER32.dll837c983f-e99c-11e4-82bc-485ab6328b26
 
Error: (04/23/2015 10:25:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec180fd001d07da77a526fc8C:\WINDOWS\explorer.exeUSER32.dllb804b087-e99a-11e4-82bc-485ab6328b26
 
Error: (04/23/2015 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec180127801d07d9d94e007e0C:\WINDOWS\explorer.exeUSER32.dlld28ef61f-e990-11e4-82bb-485ab6328b26
 
Error: (04/23/2015 08:35:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec180104c01d07d98144ce5b6C:\WINDOWS\explorer.exeUSER32.dll52005fa6-e98b-11e4-82ba-485ab6328b26
 
Error: (04/23/2015 08:25:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2USER32.dll6.3.9600.17736550f4336c000014200000000000ec18077401d07d96b1cce234C:\WINDOWS\explorer.exeUSER32.dllef8fc7f2-e989-11e4-82ba-485ab6328b26
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8108.94 MB
Available physical RAM: 5947.69 MB
Total Pagefile: 9388.94 MB
Available Pagefile: 6474.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.11 GB) (Free:850.19 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.66 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.75 GB) (Free:0.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF1229CE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 11:22 AM

Hi,
the FRST.txt is missing:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 02:13 PM

Hi Jurgen

I keep trying to send the FRST.txt file and I keep getting timed out with an error message.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 02:46 PM

Hi,
please try to attach the log.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 03:14 PM

Hi Jurgen,

File keeps getting timed out. I don't know if it's because my computer has been hijacked or other reasons, so I will try sending it in two halves.

 

This is the first part;

Loaded Profiles: David & allis_000 (Available profiles: David & allis_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\nso46CF.tmp
() C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\David\AppData\Roaming\4C4C4544-1429709915-3010-804C-B5C04F505A31\jnsrA02E.tmp
() C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\jnsd859E.tmp
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(LiveWPPUpdate) C:\Program Files (x86)\LiveWPPUpdate\LiveUpdateWPP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-26] (Google Inc.)
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1697393911-1726832963-182751780-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-22]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{c8894671-0919-9e86-c889-9467109119c4}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysearches.com/?type=hp&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysearches.com/?type=hp&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=ds&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021&q={searchTerms}
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysearches.com/?type=hp&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysearches.com/?type=hp&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
HKU\S-1-5-21-1697393911-1726832963-182751780-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=ds&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021&q={searchTerms}
HKU\S-1-5-21-1697393911-1726832963-182751780-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-1697393911-1726832963-182751780-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll (Web Protector)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1697393911-1726832963-182751780-1004 -> {ED93AE14-9CF9-40FF-900A-BE13A9B0C801} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-02] (Thinknice Co. Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll [2015-03-31] (Web Protector)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
 
FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1697393911-1726832963-182751780-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1697393911-1726832963-182751780-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-26] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.luckysearches.com/?type=hp&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-23]
CHR HKU\S-1-5-21-1697393911-1726832963-182751780-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1697393911-1726832963-182751780-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.luckysearches.com/?type=sc&ts=1429782437&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 cosewidu; C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\nso46CF.tmp [171520 2015-04-22] () [File not signed]
R2 cuzipyqi; C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp [174592 2015-04-22] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-02] (XTab system)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LiveUpdateWPP Manager; C:\Program Files (x86)\LiveWPPUpdate\LiveUpdateWPP.exe [427008 2015-04-21] (LiveWPPUpdate) [File not signed]
R2 ludezobi; C:\Users\David\AppData\Roaming\4C4C4544-1429709915-3010-804C-B5C04F505A31\jnsrA02E.tmp [139264 2015-04-22] () [File not signed]
R2 nijyxibi; C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\jnsd859E.tmp [201216 2015-04-21] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 tovoveco; C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp [118272 2015-04-22] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-04-23] (SysTool PasSame LIMITED)
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


#8 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 03:26 PM

Attached File  FRST 23-4-15.txt   470.88KB   3 downloads

 

Hi Jurgen

I couldn't send the second part, timed out again.

 

I'll try sending it as an attachment.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 04:05 PM

That's fine...thanks :)


Edited by deeprybka, 23 April 2015 - 04:06 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 04:37 PM

Please re-run these tools:

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 April 2015 - 06:06 PM

Hi Jurgen

Here are the results;

 

# AdwCleaner v4.202 - Logfile created 23/04/2015 at 23:47:50
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : David - DAVID
# Running from : C:\Users\David\Downloads\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : IHProtect Service
[#] Service Deleted : WindowsMangerProtect
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\7820443d00000252
Folder Deleted : C:\ProgramData\{9a6cfa7d-fa96-699a-9a6c-cfa7dfa9e9f7}
Folder Deleted : C:\ProgramData\{ba4ece9b-ad3b-ef24-ba4e-ece9bad33a6e}
Folder Deleted : C:\ProgramData\{c8894671-0919-9e86-c889-9467109119c4}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\PrriceLess
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Program Files (x86)\gmsd_gb_299
Folder Deleted : C:\Users\David\AppData\Local\gmsd_gb_299
Folder Deleted : C:\Users\David\AppData\Roaming\WebExtend
Folder Deleted : C:\Users\David\AppData\Roaming\luckysearches
Folder Deleted : C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31
Folder Deleted : C:\Users\David\AppData\Roaming\4C4C4544-1429709915-3010-804C-B5C04F505A31
Folder Deleted : C:\Users\David\AppData\Roaming\4C4C4544-1429775321-3010-804C-B5C04F505A31
Folder Deleted : C:\ProgramData\ineimlnobocjphecimnnjpepcnfgogmk
File Deleted : C:\Users\David\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\David\Desktop\Continue Live Installation.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\P8986029d_259d_41cd_8a5f_4ca609d185c4_.P8986029d_259d_41cd_8a5f_4ca609d185c4_
Key Deleted : HKLM\SOFTWARE\Classes\P8986029d_259d_41cd_8a5f_4ca609d185c4_.P8986029d_259d_41cd_8a5f_4ca609d185c4_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pdb763a36_d09a_458c_a99f_6719bd9f654f_.Pdb763a36_d09a_458c_a99f_6719bd9f654f_
Key Deleted : HKLM\SOFTWARE\Classes\Pdb763a36_d09a_458c_a99f_6719bd9f654f_.Pdb763a36_d09a_458c_a99f_6719bd9f654f_.9
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_299]
Key Deleted : HKLM\SOFTWARE\35002e19-ab2e-d4a8-0be0-39369a25d811
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8986029d-259d-41cd-8a5f-4ca609d185c4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{db763a36-d09a-458c-a99f-6719bd9f654f}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8986029d-259d-41cd-8a5f-4ca609d185c4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db763a36-d09a-458c-a99f-6719bd9f654f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8986029d-259d-41cd-8a5f-4ca609d185c4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{db763a36-d09a-458c-a99f-6719bd9f654f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8986029d-259d-41cd-8a5f-4ca609d185c4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{db763a36-d09a-458c-a99f-6719bd9f654f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8986029d-259d-41cd-8a5f-4ca609d185c4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db763a36-d09a-458c-a99f-6719bd9f654f}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\luckysearchesSoftware
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckysearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_gb_299_is1
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\allis_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ineimlnobocjphecimnnjpepcnfgogmk
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.luckysearches.com/?type=hppp&ts=1429782444&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.luckysearches.com/?type=hppp&ts=1429782444&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.luckysearches.com/web/?type=dspp&ts=1429782444&from=buzz&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S745502155021&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [725 bytes] - [19/12/2014 15:02:14]
AdwCleaner[R100].txt - [8017 bytes] - [07/02/2015 22:40:05]
AdwCleaner[R101].txt - [8078 bytes] - [08/02/2015 09:30:13]
AdwCleaner[R102].txt - [8279 bytes] - [09/02/2015 11:46:53]
AdwCleaner[R103].txt - [8535 bytes] - [10/02/2015 09:57:16]
AdwCleaner[R104].txt - [8381 bytes] - [10/02/2015 17:10:37]
AdwCleaner[R105].txt - [8442 bytes] - [12/02/2015 09:34:13]
AdwCleaner[R106].txt - [8639 bytes] - [13/02/2015 12:18:29]
AdwCleaner[R107].txt - [8625 bytes] - [14/02/2015 17:49:33]
AdwCleaner[R108].txt - [8686 bytes] - [15/02/2015 00:41:02]
AdwCleaner[R109].txt - [8747 bytes] - [15/02/2015 10:42:16]
AdwCleaner[R10].txt - [1315 bytes] - [20/12/2014 13:29:51]
AdwCleaner[R110].txt - [8808 bytes] - [15/02/2015 13:56:03]
AdwCleaner[R111].txt - [8869 bytes] - [16/02/2015 00:23:27]
AdwCleaner[R112].txt - [8930 bytes] - [16/02/2015 16:04:38]
AdwCleaner[R113].txt - [8991 bytes] - [17/02/2015 09:22:06]
AdwCleaner[R114].txt - [9052 bytes] - [18/02/2015 09:40:36]
AdwCleaner[R115].txt - [9111 bytes] - [19/02/2015 16:26:26]
AdwCleaner[R116].txt - [9172 bytes] - [20/02/2015 00:29:40]
AdwCleaner[R117].txt - [9233 bytes] - [21/02/2015 18:48:55]
AdwCleaner[R118].txt - [9294 bytes] - [22/02/2015 09:10:11]
AdwCleaner[R119].txt - [9355 bytes] - [24/02/2015 20:54:25]
AdwCleaner[R11].txt - [1519 bytes] - [20/12/2014 15:22:18]
AdwCleaner[R120].txt - [9416 bytes] - [25/02/2015 09:42:04]
AdwCleaner[R121].txt - [9477 bytes] - [02/03/2015 00:57:51]
AdwCleaner[R122].txt - [9538 bytes] - [04/03/2015 17:55:15]
AdwCleaner[R123].txt - [9599 bytes] - [07/03/2015 21:11:05]
AdwCleaner[R124].txt - [9668 bytes] - [10/03/2015 19:19:15]
AdwCleaner[R125].txt - [9728 bytes] - [13/03/2015 09:41:20]
AdwCleaner[R126].txt - [9789 bytes] - [15/03/2015 08:42:06]
AdwCleaner[R127].txt - [9959 bytes] - [21/03/2015 00:30:40]
AdwCleaner[R128].txt - [9974 bytes] - [30/03/2015 21:35:58]
AdwCleaner[R129].txt - [10036 bytes] - [03/04/2015 14:32:30]
AdwCleaner[R12].txt - [1400 bytes] - [20/12/2014 15:41:32]
AdwCleaner[R130].txt - [10099 bytes] - [06/04/2015 08:03:49]
AdwCleaner[R131].txt - [10161 bytes] - [09/04/2015 08:30:33]
AdwCleaner[R132].txt - [10362 bytes] - [12/04/2015 07:41:05]
AdwCleaner[R133].txt - [10346 bytes] - [15/04/2015 21:05:17]
AdwCleaner[R134].txt - [10546 bytes] - [19/04/2015 08:13:34]
AdwCleaner[R135].txt - [52340 bytes] - [21/04/2015 08:39:26]
AdwCleaner[R136].txt - [11160 bytes] - [21/04/2015 08:56:19]
AdwCleaner[R137].txt - [10776 bytes] - [21/04/2015 09:54:54]
AdwCleaner[R138].txt - [10906 bytes] - [21/04/2015 13:07:41]
AdwCleaner[R139].txt - [10961 bytes] - [21/04/2015 18:44:00]
AdwCleaner[R13].txt - [1641 bytes] - [20/12/2014 17:45:07]
AdwCleaner[R140].txt - [11103 bytes] - [22/04/2015 07:23:36]
AdwCleaner[R141].txt - [13054 bytes] - [22/04/2015 09:42:35]
AdwCleaner[R142].txt - [13312 bytes] - [22/04/2015 11:53:22]
AdwCleaner[R143].txt - [11392 bytes] - [22/04/2015 12:16:48]
AdwCleaner[R144].txt - [11534 bytes] - [22/04/2015 14:30:21]
AdwCleaner[R145].txt - [22484 bytes] - [22/04/2015 14:51:43]
AdwCleaner[R146].txt - [11817 bytes] - [22/04/2015 16:09:30]
AdwCleaner[R147].txt - [11823 bytes] - [22/04/2015 16:16:59]
AdwCleaner[R148].txt - [12460 bytes] - [22/04/2015 18:11:35]
AdwCleaner[R149].txt - [12692 bytes] - [22/04/2015 21:49:45]
AdwCleaner[R14].txt - [1846 bytes] - [20/12/2014 17:48:52]
AdwCleaner[R150].txt - [12390 bytes] - [22/04/2015 22:14:12]
AdwCleaner[R151].txt - [12661 bytes] - [22/04/2015 23:35:19]
AdwCleaner[R152].txt - [12723 bytes] - [22/04/2015 23:36:32]
AdwCleaner[R153].txt - [12439 bytes] - [23/04/2015 07:21:24]
AdwCleaner[R154].txt - [12828 bytes] - [23/04/2015 08:36:08]
AdwCleaner[R155].txt - [24161 bytes] - [23/04/2015 23:47:00]
AdwCleaner[R15].txt - [1967 bytes] - [20/12/2014 19:12:09]
AdwCleaner[R16].txt - [2028 bytes] - [21/12/2014 08:06:57]
AdwCleaner[R17].txt - [2089 bytes] - [21/12/2014 09:31:57]
AdwCleaner[R18].txt - [2210 bytes] - [21/12/2014 09:51:45]
AdwCleaner[R19].txt - [3114 bytes] - [21/12/2014 10:11:51]
AdwCleaner[R1].txt - [740 bytes] - [19/12/2014 15:23:53]
AdwCleaner[R20].txt - [2452 bytes] - [21/12/2014 10:23:18]
AdwCleaner[R21].txt - [2712 bytes] - [21/12/2014 11:02:13]
AdwCleaner[R22].txt - [2694 bytes] - [21/12/2014 11:06:06]
AdwCleaner[R23].txt - [2755 bytes] - [21/12/2014 11:08:54]
AdwCleaner[R24].txt - [2596 bytes] - [22/12/2014 00:54:49]
AdwCleaner[R25].txt - [2657 bytes] - [22/12/2014 08:33:45]
AdwCleaner[R26].txt - [2718 bytes] - [22/12/2014 10:34:38]
AdwCleaner[R27].txt - [2779 bytes] - [22/12/2014 13:29:10]
AdwCleaner[R28].txt - [2840 bytes] - [22/12/2014 22:14:51]
AdwCleaner[R29].txt - [2901 bytes] - [23/12/2014 10:49:52]
AdwCleaner[R2].txt - [799 bytes] - [19/12/2014 17:12:45]
AdwCleaner[R30].txt - [2962 bytes] - [23/12/2014 21:47:00]
AdwCleaner[R31].txt - [3023 bytes] - [24/12/2014 09:48:23]
AdwCleaner[R32].txt - [3084 bytes] - [26/12/2014 01:51:17]
AdwCleaner[R33].txt - [3145 bytes] - [27/12/2014 10:33:20]
AdwCleaner[R34].txt - [3206 bytes] - [28/12/2014 09:52:30]
AdwCleaner[R35].txt - [3267 bytes] - [30/12/2014 10:22:53]
AdwCleaner[R36].txt - [3328 bytes] - [01/01/2015 18:16:46]
AdwCleaner[R37].txt - [3389 bytes] - [05/01/2015 10:44:45]
AdwCleaner[R38].txt - [3450 bytes] - [06/01/2015 19:50:26]
AdwCleaner[R39].txt - [3651 bytes] - [18/01/2015 11:03:08]
AdwCleaner[R3].txt - [858 bytes] - [19/12/2014 18:04:29]
AdwCleaner[R40].txt - [3632 bytes] - [18/01/2015 11:20:50]
AdwCleaner[R41].txt - [3693 bytes] - [18/01/2015 13:14:01]
AdwCleaner[R42].txt - [3754 bytes] - [18/01/2015 18:08:20]
AdwCleaner[R43].txt - [3955 bytes] - [19/01/2015 09:20:22]
AdwCleaner[R44].txt - [3936 bytes] - [19/01/2015 11:50:51]
AdwCleaner[R45].txt - [4137 bytes] - [19/01/2015 12:00:07]
AdwCleaner[R46].txt - [4119 bytes] - [19/01/2015 13:45:29]
AdwCleaner[R47].txt - [4180 bytes] - [19/01/2015 14:45:52]
AdwCleaner[R48].txt - [4240 bytes] - [19/01/2015 14:48:31]
AdwCleaner[R49].txt - [4301 bytes] - [19/01/2015 16:45:07]
AdwCleaner[R4].txt - [917 bytes] - [19/12/2014 20:04:21]
AdwCleaner[R50].txt - [4362 bytes] - [19/01/2015 18:18:40]
AdwCleaner[R51].txt - [4564 bytes] - [20/01/2015 00:02:24]
AdwCleaner[R52].txt - [4545 bytes] - [20/01/2015 09:12:46]
AdwCleaner[R53].txt - [4606 bytes] - [20/01/2015 09:27:02]
AdwCleaner[R54].txt - [4667 bytes] - [20/01/2015 10:10:05]
AdwCleaner[R55].txt - [4728 bytes] - [20/01/2015 13:58:35]
AdwCleaner[R56].txt - [4789 bytes] - [20/01/2015 15:47:23]
AdwCleaner[R57].txt - [4850 bytes] - [20/01/2015 16:03:13]
AdwCleaner[R58].txt - [4911 bytes] - [20/01/2015 16:16:03]
AdwCleaner[R59].txt - [4972 bytes] - [20/01/2015 16:27:05]
AdwCleaner[R5].txt - [976 bytes] - [19/12/2014 20:37:05]
AdwCleaner[R60].txt - [5033 bytes] - [20/01/2015 17:38:27]
AdwCleaner[R61].txt - [5094 bytes] - [21/01/2015 00:29:09]
AdwCleaner[R62].txt - [5295 bytes] - [21/01/2015 09:14:54]
AdwCleaner[R63].txt - [5356 bytes] - [21/01/2015 09:21:06]
AdwCleaner[R64].txt - [5338 bytes] - [21/01/2015 20:56:58]
AdwCleaner[R65].txt - [5539 bytes] - [22/01/2015 08:55:28]
AdwCleaner[R66].txt - [5521 bytes] - [22/01/2015 23:18:07]
AdwCleaner[R67].txt - [5582 bytes] - [23/01/2015 08:21:23]
AdwCleaner[R68].txt - [5704 bytes] - [23/01/2015 17:54:37]
AdwCleaner[R69].txt - [5905 bytes] - [24/01/2015 09:17:03]
AdwCleaner[R6].txt - [1035 bytes] - [19/12/2014 22:59:29]
AdwCleaner[R70].txt - [5887 bytes] - [24/01/2015 12:56:56]
AdwCleaner[R71].txt - [5942 bytes] - [25/01/2015 08:56:12]
AdwCleaner[R72].txt - [6003 bytes] - [25/01/2015 14:57:51]
AdwCleaner[R73].txt - [6064 bytes] - [26/01/2015 08:47:24]
AdwCleaner[R74].txt - [6125 bytes] - [26/01/2015 11:57:48]
AdwCleaner[R75].txt - [6186 bytes] - [26/01/2015 21:04:50]
AdwCleaner[R76].txt - [6308 bytes] - [26/01/2015 21:08:36]
AdwCleaner[R77].txt - [6369 bytes] - [27/01/2015 09:56:03]
AdwCleaner[R78].txt - [6430 bytes] - [27/01/2015 13:19:43]
AdwCleaner[R79].txt - [6626 bytes] - [29/01/2015 22:58:37]
AdwCleaner[R7].txt - [1096 bytes] - [20/12/2014 08:47:51]
AdwCleaner[R80].txt - [6613 bytes] - [30/01/2015 00:51:20]
AdwCleaner[R81].txt - [6674 bytes] - [31/01/2015 10:15:36]
AdwCleaner[R82].txt - [6870 bytes] - [31/01/2015 18:30:10]
AdwCleaner[R83].txt - [6992 bytes] - [01/02/2015 00:45:39]
AdwCleaner[R84].txt - [6979 bytes] - [01/02/2015 08:36:06]
AdwCleaner[R85].txt - [7040 bytes] - [01/02/2015 12:25:06]
AdwCleaner[R86].txt - [7101 bytes] - [01/02/2015 14:22:14]
AdwCleaner[R87].txt - [7162 bytes] - [01/02/2015 23:02:26]
AdwCleaner[R88].txt - [7363 bytes] - [02/02/2015 08:21:39]
AdwCleaner[R89].txt - [7345 bytes] - [02/02/2015 11:43:38]
AdwCleaner[R8].txt - [1194 bytes] - [20/12/2014 11:13:42]
AdwCleaner[R90].txt - [7406 bytes] - [02/02/2015 18:03:49]
AdwCleaner[R91].txt - [7467 bytes] - [03/02/2015 00:08:59]
AdwCleaner[R92].txt - [7668 bytes] - [03/02/2015 08:12:37]
AdwCleaner[R93].txt - [7650 bytes] - [03/02/2015 23:24:56]
AdwCleaner[R94].txt - [7711 bytes] - [04/02/2015 09:56:25]
AdwCleaner[R95].txt - [7772 bytes] - [04/02/2015 16:12:39]
AdwCleaner[R96].txt - [7995 bytes] - [06/02/2015 00:49:33]
AdwCleaner[R97].txt - [7836 bytes] - [06/02/2015 12:53:57]
AdwCleaner[R98].txt - [7896 bytes] - [06/02/2015 15:26:08]
AdwCleaner[R99].txt - [7956 bytes] - [07/02/2015 12:31:07]
AdwCleaner[R9].txt - [1254 bytes] - [20/12/2014 11:32:45]
AdwCleaner[S0].txt - [1704 bytes] - [20/12/2014 17:46:32]
AdwCleaner[S10].txt - [4628 bytes] - [20/01/2015 00:03:25]
AdwCleaner[S11].txt - [5420 bytes] - [21/01/2015 09:22:02]
AdwCleaner[S12].txt - [5603 bytes] - [22/01/2015 08:57:43]
AdwCleaner[S13].txt - [5644 bytes] - [23/01/2015 08:59:19]
AdwCleaner[S14].txt - [5969 bytes] - [24/01/2015 09:18:49]
AdwCleaner[S15].txt - [6248 bytes] - [26/01/2015 21:07:07]
AdwCleaner[S16].txt - [6690 bytes] - [29/01/2015 23:01:29]
AdwCleaner[S17].txt - [6934 bytes] - [31/01/2015 18:45:23]
AdwCleaner[S18].txt - [7056 bytes] - [01/02/2015 00:47:38]
AdwCleaner[S19].txt - [7427 bytes] - [02/02/2015 09:00:15]
AdwCleaner[S1].txt - [1910 bytes] - [20/12/2014 17:50:36]
AdwCleaner[S20].txt - [7732 bytes] - [03/02/2015 08:14:01]
AdwCleaner[S21].txt - [8066 bytes] - [06/02/2015 00:51:01]
AdwCleaner[S22].txt - [8348 bytes] - [09/02/2015 11:48:07]
AdwCleaner[S23].txt - [8605 bytes] - [10/02/2015 10:11:23]
AdwCleaner[S24].txt - [8707 bytes] - [13/02/2015 12:20:52]
AdwCleaner[S25].txt - [10027 bytes] - [21/03/2015 00:42:08]
AdwCleaner[S26].txt - [10429 bytes] - [12/04/2015 07:41:54]
AdwCleaner[S27].txt - [10613 bytes] - [19/04/2015 08:14:38]
AdwCleaner[S28].txt - [27717 bytes] - [21/04/2015 08:40:08]
AdwCleaner[S29].txt - [11232 bytes] - [21/04/2015 08:56:56]
AdwCleaner[S2].txt - [2153 bytes] - [21/12/2014 09:32:54]
AdwCleaner[S30].txt - [10974 bytes] - [21/04/2015 13:08:23]
AdwCleaner[S31].txt - [11171 bytes] - [22/04/2015 07:28:38]
AdwCleaner[S32].txt - [12474 bytes] - [22/04/2015 09:43:34]
AdwCleaner[S33].txt - [13301 bytes] - [22/04/2015 11:54:19]
AdwCleaner[S34].txt - [11602 bytes] - [22/04/2015 14:32:22]
AdwCleaner[S35].txt - [20289 bytes] - [22/04/2015 14:52:39]
AdwCleaner[S36].txt - [11887 bytes] - [22/04/2015 16:10:13]
AdwCleaner[S37].txt - [12536 bytes] - [22/04/2015 18:12:12]
AdwCleaner[S38].txt - [12560 bytes] - [22/04/2015 21:58:35]
AdwCleaner[S39].txt - [12460 bytes] - [22/04/2015 22:15:07]
AdwCleaner[S3].txt - [2274 bytes] - [21/12/2014 09:53:06]
AdwCleaner[S40].txt - [12797 bytes] - [22/04/2015 23:36:57]
AdwCleaner[S41].txt - [12900 bytes] - [23/04/2015 08:44:16]
AdwCleaner[S42].txt - [21403 bytes] - [23/04/2015 23:47:50]
AdwCleaner[S4].txt - [3184 bytes] - [21/12/2014 10:17:40]
AdwCleaner[S5].txt - [2516 bytes] - [21/12/2014 10:59:26]
AdwCleaner[S6].txt - [2778 bytes] - [21/12/2014 11:04:58]
AdwCleaner[S7].txt - [3713 bytes] - [18/01/2015 11:17:34]
AdwCleaner[S8].txt - [4017 bytes] - [19/01/2015 09:23:36]
AdwCleaner[S9].txt - [4199 bytes] - [19/01/2015 12:01:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S42].txt - [21818  bytes] ##########
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23/04/2015
Scan Time: 23:50:21
Logfile: Malwarebytes 24-4-15.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.04.23.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378368
Time Elapsed: 11 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp, 1620, , [6f936c049cee2b0b8feda2b47b8ab34d]
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp, 1984, , [669c8de39eecc076c7b5391d17ee857b]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SupTab.A, HKU\S-1-5-21-1697393911-1726832963-182751780-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [18eac1af55358fa76473291eef14ca36], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-1697393911-1726832963-182751780-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [18eac1af55358fa76473291eef14ca36], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cuzipyqi, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tovoveco, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.WebProtector.A, HKLM\SOFTWARE\WOW6432NODE\WEBPROTECTOR, , [52b04e22d8b296a0448ac2936f964eb2], 
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSVC_1.10.0.14, , [46bcf47c0a80b383ecd9c9faf80b60a0], 
 
Registry Values: 7
PUP.Optional.WebProtector.A, HKLM\SOFTWARE\WOW6432NODE\WEBPROTECTOR|Path, C:\Program Files (x86)\WebProtector, , [52b04e22d8b296a0448ac2936f964eb2]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cosewidu|ImagePath, C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\nso46CF.tmp, , [40c25818b6d45fd7ec16460ff11438c8]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cuzipyqi|ImagePath, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp, , [08fa521ebccefb3be51ea6af35d0fa06]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ludezobi|ImagePath, C:\Users\David\AppData\Roaming\4C4C4544-1429709915-3010-804C-B5C04F505A31\jnsrA02E.tmp, , [2fd3e48c2862c274ef144c097e8703fd]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nijyxibi|ImagePath, C:\Users\David\AppData\Roaming\4C4C4544-1429601847-3010-804C-B5C04F505A31\jnsd859E.tmp, , [857d610f53371a1cea19cc8911f49b65]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tovoveco|ImagePath, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp, , [1de54f21b4d6cc6ab54e3b1a887d718f]
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.14|ImagePath, "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe", , [46bcf47c0a80b383ecd9c9faf80b60a0]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, , [8e7429470a805adced05cdf6fc072ed2], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31, , [669c8de39eecc076c7b5391d17ee857b], 
 
Files: 16
PUP.Optional.JellySplit.Gen, C:\ProgramData\3a206372318d4ae1afa340a3325b60c0\3a206372318d4ae1afa340a3325b60c0.exe, , [61a190e0b4d684b28f23a893a062ed13], 
PUP.Optional.JellySplit.Gen, C:\ProgramData\668eeb42f168435c8a12d2a94281c70f\668eeb42f168435c8a12d2a94281c70f.exe, , [9072036d2c5eeb4be4ce51ea43bfcf31], 
PUP.Optional.Crossrider, C:\Users\David\AppData\Local\Temp\5433.exe, , [59a91e523d4d2c0a4bff2d196d959967], 
PUP.Optional.Tuto4PC.A, C:\Users\David\AppData\Local\Temp\is-M1CM9.tmp\gentlemjmp_ieu.exe, , [3ec4fd73f09ad95d6ac71130a363a45c], 
PUP.Optional.Tuto4PC.A, C:\Users\David\AppData\Local\Temp\is-Q9E7L.tmp\gentlemjmp_ieu.exe, , [0bf7452bc1c971c56ac7f849a06659a7], 
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, , [8e7429470a805adced05cdf6fc072ed2], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\cnsu2E9E.tmp, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\ansz2C4C.exe, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\rnsu2E9F.exe, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713701-3010-804C-B5C04F505A31\Uninstall.exe, , [6f936c049cee2b0b8feda2b47b8ab34d], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\onsw7174.tmp, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\pnsl7184.exe, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\rnsw7173.exe, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\snsw7172.tmp, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.MultiPlug.A, C:\Users\David\AppData\Local\4C4C4544-1429713720-3010-804C-B5C04F505A31\Uninstall.exe, , [669c8de39eecc076c7b5391d17ee857b], 
PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task.job, , [7092c6aa256595a1157f5afefd0857a9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 23 April 2015 - 06:12 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 24 April 2015 - 01:37 AM

Hi Jurgen

 

I can't copy and paste the FRST file and tried attaching the file and error saying the file was too big.

 

I'll try again later.

 

 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:31 PM

Posted 24 April 2015 - 02:17 AM

Hi there,

please paste the content here and post the link.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Haggisbasher

Haggisbasher
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 24 April 2015 - 02:26 AM

Hi Jurgen

I pasted into the link but it does not appear in the Forum reply.

 

Did you receive it?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users