Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rdsrv.com/newbidder malware


  • Please log in to reply
23 replies to this topic

#1 skippy55

skippy55

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 04:58 AM

Hi all

 

I'm new to the site and hope to post in the right spot.  I've noticed various rdsrv topics already but don't want to jump into a running thread, hence this attempt. 

 

My machine is infected by the rdsrv.com/newbidder malware and I have so far be unable to remove it.  Panda cleaner and browser resetting have irritated it temporarily, but it's still there. 

 

I'm running Windows 8.1 (64) and need help to get rid of this pest.  Any assistance is very much appreciated. 

 

Cheers

 

Skip



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 30 April 2015 - 05:02 AM

Hello, and welcome :)

Please follow the instructions. If you do not understand anything, feel free to stop and ask.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

===

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, ensure that all items are checked and click on the Cleaning button.
  • AdwCleaner will asks to reboot to finish cleaning.
  • A log will open when the system finishes rebooting. Please copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
===

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Please report the status of your computer after you have completed the steps.

Regards,
Alex

#3 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 05:49 AM

MiniToolBox by Farbar Version: 14-04-2015 Ran by Klaus (administrator) on 30-04-2015 at
20:18:06 Running from "C:\Users\Klaus\Downloads" Microsoft Windows 8.1 (X64) Model: OptiPlex 745 Manufacturer: Dell Inc. Boot Mode: Normal ***************************************************************************

========================= Flush DNS:
===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings:
==============================


Proxy is not enabled. ProxyServer: #

"Reset IE Proxy Settings": IE Proxy
Settings were reset.

========================= FF Proxy Settings:
==============================




"Reset FF Proxy Settings": Firefox
Proxy settings were reset.

========================= Hosts content:
=================================





========================= IP Configuration:
================================

Broadcom NetXtreme 57xx Gigabit Controller =
Ethernet (Connected)



# ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4

reset set global icmpredirects=enabled set interface interface="Local Area
Connection* 1" forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled set interface interface="Ethernet"
forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled



popd # End of IPv4 configuration





Windows IP Configuration

Host Name . . . . . . . . . . . . :
rockbottom Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom
NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . :
00-18-8B-69-9D-78 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . :
fe80::e0d8:73ae:826a:29ab%3(Preferred)
IPv4 Address. . . . . . . . . . . :
192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . :
255.255.255.0 Lease Obtained. . . . . . . . . . :
Wednesday, 29 April 2015 10:41:24 Lease Expires . . . . . . . . . . : Sunday, 3
May 2015 19:25:39 Default Gateway . . . . . . . . . :
192.168.1.1 DHCP Server . . . . . . . . . . . :
192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 50337931 DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-1A-B9-8A-86-00-18-8B-69-9D-78 DNS Servers . . . . . . . . . . . :
5.104.175.150 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter
isatap.{A8CB9080-4F6A-42D2-A1D5-F56AB23076FB}:

Media State . . . . . . . . . . . : Media
disconnected Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft
ISATAP Adapter Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling
Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo
Tunneling Pseudo-Interface Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . :
2001:0:9d38:6ab8:3454:3843:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3454:3843:3f57:fe9b%5(Preferred)
Default Gateway . . . . . . . . . : :: DHCPv6 IAID . . . . . . . . . . . : 134217728 DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-1A-B9-8A-86-00-18-8B-69-9D-78 NetBIOS over Tcpip. . . . . . . . : Disabled Server: UnKnown Address: 5.104.175.150

Name: google.com Addresses: 2404:6800:4001:801::100e      173.194.126.37      173.194.126.32      173.194.126.34      173.194.126.33      173.194.126.40      173.194.126.38      173.194.126.36      173.194.126.41      173.194.126.35      173.194.126.39      173.194.126.46



Pinging google.com [173.194.126.37] with 32
bytes of data: Reply from 173.194.126.37: bytes=32 time=198ms
TTL=55 Reply from 173.194.126.37: bytes=32 time=198ms
TTL=55

Ping statistics for 173.194.126.37: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 198ms, Maximum = 198ms, Average =
198ms Server: UnKnown Address: 5.104.175.150

Name: yahoo.com Addresses: 98.139.183.24      206.190.36.45      98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes
of data: Reply from 98.139.183.24: bytes=32 time=240ms
TTL=47 Reply from 98.139.183.24: bytes=32 time=243ms
TTL=47

Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 240ms, Maximum = 243ms, Average =
241ms

Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms
TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms
TTL=128

Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 3...00 18 8b 69 9d 78 ......Broadcom NetXtreme
57xx Gigabit Controller 1...........................Software Loopback
Interface 1 4...00 00 00 00 00 00 00 e0 Microsoft ISATAP
Adapter 5...00 00 00 00 00 00 00 e0 Teredo Tunneling
Pseudo-Interface ===========================================================================

IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask
Gateway Interface Metric 0.0.0.0 0.0.0.0
192.168.1.1 192.168.1.100 20 127.0.0.0 255.0.0.0
On-link 127.0.0.1 306 127.0.0.1 255.255.255.255
On-link 127.0.0.1 306 127.255.255.255 255.255.255.255
On-link 127.0.0.1 306 192.168.1.0 255.255.255.0
On-link 192.168.1.100 276 192.168.1.100 255.255.255.255
On-link 192.168.1.100 276 192.168.1.255 255.255.255.255
On-link 192.168.1.100 276 224.0.0.0 240.0.0.0
On-link 127.0.0.1 306 224.0.0.0 240.0.0.0
On-link 192.168.1.100 276 255.255.255.255 255.255.255.255
On-link 127.0.0.1 306 255.255.255.255 255.255.255.255
On-link 192.168.1.100 276 =========================================================================== Persistent Routes: None

IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 5 306 ::/0 On-link 1 306 ::1/128 On-link 5 306 2001::/32 On-link 5 306
2001:0:9d38:6ab8:3454:3843:3f57:fe9b/128 On-link 3 276 fe80::/64 On-link 5 306 fe80::/64 On-link 5 306 fe80::3454:3843:3f57:fe9b/128 On-link 3 276 fe80::e0d8:73ae:826a:29ab/128 On-link 1 306 ff00::/8 On-link 3 276 ff00::/8 On-link 5 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries
=====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll
[55296] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll
[70144] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll
[70144] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll
[65536] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll
[23040] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll
[286208] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\napinsp.dll
[69120] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll
[88576] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll
[88576] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\NLAapi.dll
[86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll
[30720] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll
[339456] (Microsoft Corporation)

========================= Event log errors:
===============================

Application errors: ================== Error: (04/30/2015 02:55:06 PM) (Source:
Application Error) (User: ) Description: Faulting application name:
plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c Faulting module name: NPSWF32_17_0_0_169.dll,
version: 17.0.0.169, time stamp: 0x5529db53 Exception code: 0x40000015 Fault offset: 0x00366adb Faulting process ID: 0x3f0 Faulting application start time:
0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report ID: plugin-container.exe3 Faulting package full name:
plugin-container.exe4 Faulting package-relative application ID:
plugin-container.exe5

Error: (04/29/2015 09:31:01 AM) (Source:
Perflib) (User: ) Description:
BITSC:\Windows\System32\bitsperf.dll8

Error: (04/29/2015 09:24:39 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2015 09:22:13 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/26/2015 07:23:27 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/26/2015 06:35:33 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/25/2015 00:21:09 PM) (Source: Adobe
Reader) (User: ) Description:


Error: (04/24/2015 08:22:33 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/24/2015 08:20:33 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error: (04/24/2015 07:38:16 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.



System errors: ============= Error: (04/29/2015 10:41:33 AM) (Source: Service
Control Manager) (User: ) Description: The ScRegSetValueExW call failed
for FailureActions with the following error:
%%5

Error: (04/29/2015 08:43:36 AM) (Source: Service
Control Manager) (User: ) Description: The ScRegSetValueExW call failed
for FailureActions with the following error:
%%5

Error: (04/29/2015 06:55:34 AM) (Source: Service
Control Manager) (User: ) Description: The ScRegSetValueExW call failed
for FailureActions with the following error:
%%5

Error: (04/27/2015 09:06:40 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 09:06:40 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 09:06:40 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 06:27:06 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 06:27:05 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 06:27:05 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable

Error: (04/27/2015 06:27:05 PM) (Source: DCOM)
(User: rockbottom) Description:
application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}rockbottomGuestS-1-5-21-3906910006-698148392-2669285546-501LocalHost
(Using LRPC)UnavailableUnavailable



Microsoft Office Sessions: ========================= Error: (04/30/2015 02:55:06 PM) (Source:
Application Error)(User: ) Description:
plugin-container.exe37.0.2.5583552ef76cNPSWF32_17_0_0_169.dll17.0.0.1695529db534000001500366adb3f001d08301998292aaC:\Program
Files (x86)\Mozilla
Firefox\plugin-container.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_17_0_0_169.dll115ce1d7-eef5-11e4-8293-00188b699d78

Error: (04/29/2015 09:31:01 AM) (Source:
Perflib)(User: ) Description:
BITSC:\Windows\System32\bitsperf.dll8

Error: (04/29/2015 09:24:39 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/29/2015 09:22:13 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/26/2015 07:23:27 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/26/2015 06:35:33 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/25/2015 00:21:09 PM) (Source: Adobe
Reader)(User: ) Description:


Error: (04/24/2015 08:22:33 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/24/2015 08:20:33 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (04/24/2015 07:38:16 AM) (Source:
SideBySide)(User: ) Description:
Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program
files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll





=========================== Installed Programs
============================ Adobe Acrobat Reader DC
(HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version:
15.007.20033 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version:
14.0.0.178 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.178 - Adobe
Systems Incorporated) Hidden Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe
Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems
Incorporated) Adobe Refresh Manager (x32 Version: 1.8.0 -
Adobe Systems Incorporated) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 -
Logitech) Hidden DVDFab 8.0.0.5 (25/08/2010) (HKLM-x32\...\DVDFab
8_is1) (Version: - Fengtao Software Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.)
Hidden e-tax 2014
(HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version:
2.10.788 - Australian Taxation Office) Free RAR Extract Frog (HKLM-x32\...\Free RAR
Extract Frog) (Version: 5.20 - Philipp Winterberg) Google Chrome (HKLM-x32\...\Google Chrome)
(Version: 42.0.2311.135 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 -
Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 -
Google Inc.) Hidden HELI-X 4.2 Demo
(HKLM-x32\...\{3B629B96-65E3-4B4D-8E20-9B4879C5505B}_is1) (Version:
- Michael Schreiner) Java 8 Update 45
(HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version:
8.0.450 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.45.14 -
Oracle Corporation) Hidden LibreOffice 4.2.8.2
(HKLM-x32\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version:
4.2.8.2 - The Document Foundation) Logitech Updater
(HKLM-x32\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70
- Logitech, Inc.) Logitech Webcam Software
(HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80
- Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 -
Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 -
Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 -
Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 -
Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 -
Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0
- Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 -
Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 -
Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 -
Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 -
Logitech) Hidden McAfee Security Scan Plus (HKLM\...\McAfee
Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475})
(Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable -
10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7})
(Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable -
10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US)
(HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 -
Mozilla) Mozilla Maintenance Service
(HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden NIKON IMAGE SPACE UPLOADER
(HKLM-x32\...\com.nikonimagespace.uploader) (Version: 1.1 - NIKON
CORPORATION) NIKON IMAGE SPACE UPLOADER (x32 Version: 1.1 -
NIKON CORPORATION) Hidden Nikon Message Center 2
(HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0
- Nikon) Nikon Movie Editor
(HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0
- Nikon) Nokia Connectivity Cable Driver
(HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version:
7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite)
(Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia)
Hidden Panda Cloud Cleaner
(HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version:
1.0.107 - Panda Security) Panda Devices Agent (HKLM-x32\...\Panda Devices
Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (x32 Version: 1.05.00 -
Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda
Universal Agent Endpoint) (Version: 15.0.4 - Panda Security) Panda Free Antivirus (Version: 7.23.00.0000 -
Panda Security) Hidden PC Connectivity Solution
(HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version:
12.0.27.0 - Nokia) PhoenixRC
(HKLM-x32\...\{B569C50C-32D5-4C1C-9313-A154BD2EA14E}) (Version:
2.50.22 - PhoenixRC) Picture Control Utility x64
(HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 -
Nikon) Skype Click to Call
(HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version:
7.3.16540.9015 - Microsoft Corporation) Skype™ 7.3
(HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:
7.3.101 - Skype Technologies S.A.) SoundMAX
(HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version:
6.10.2.7265 - Analog Devices) Steam
(HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version:
1.0.0.0 - Valve Corporation) TomTom HOME
(HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8
- TomTom) TomTom HOME Visual Studio Merge Modules
(HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2
- TomTom International B.V.) ViewNX 2
(HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 -
Nikon) VLC media player (HKLM-x32\...\VLC media player)
(Version: 2.2.0 - VideoLAN) VSO ConvertXToDVD
(HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version:
5.2.0.16 - VSO Software) Windows Driver Package - Nokia Modem
(02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454)
(Version: 02/25/2011 4.7 - Nokia) Windows Driver Package - Nokia Modem
(02/25/2011 7.01.0.9)
(HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version:
02/25/2011 7.01.0.9 - Nokia) Windows Driver Package - Nokia pccsmcfd
LegacyDriver (05/31/2012 7.1.2.0)
(HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version:
05/31/2012 7.1.2.0 - Nokia)

========================= Devices:
================================

Name: pcouffin device ... Description: pcouffin device ... Class Guid:
Manufacturer:
Service:
Device ID: ROOT\PCOUFFIN\0000 Problem: : The drivers for this device are not
installed. (Code 28) Resolution: To install the drivers for this
device, click "Update Driver", which starts the Hardware
Update wizard.



========================= Memory info:
===================================

Percentage of memory in use: 34% Total physical RAM: 4021.61 MB Available physical RAM: 2621.02 MB Total Pagefile: 4725.61 MB Available Pagefile: 3150.45 MB Total Virtual: 4095.88 MB Available Virtual: 3972.23 MB

========================= Partitions:
=====================================

1 Drive c: () (Fixed) (Total:149.05 GB)
(Free:79.4 GB) NTFS

========================= Users:
========================================

User accounts for \\ROCKBOTTOM

Administrator Birgit
Guest
Klaus


========================= Minidump Files
==================================

No minidump file found

========================= Restore Points
==================================

14-04-2015 21:14:53 Windows Update 21-04-2015 21:56:33 Scheduled Checkpoint 28-04-2015 23:15:47 Scheduled Checkpoint

**** End of log ****


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 30 April 2015 - 06:09 AM

Please complete the other steps and post the logs for me.

Thank you.

Regards,
Alex

#5 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 05:06 PM

 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Panda Cloud Cleaner   
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player     17.0.0.169  
 Mozilla Firefox (37.0.2)
 Google Chrome (42.0.2311.135)
 Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#6 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 05:44 PM

AdwCleaner opens with version 4.2.0.2, says it's outdated and then prompts to download version 4.203. 

 

Version 4.203 opens but says it's outdated and redirects to the download page with another 4.203.  No luck!



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 30 April 2015 - 05:46 PM

Please delete all existing copies of AdwCleaner, then go here to download AdwCleaner.

When you have downloaded it, open the application, do a scan and then post the report for me (do not clean anything!).

Thank you.

#8 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 06:05 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 8.1 x64
Ran by Klaus on Fri 01/05/2015 at  8:54:07.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3906910006-698148392-2669285546-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3906910006-698148392-2669285546-1004



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Klaus\AppData\Roaming\mozilla\firefox\profiles\9i2llw0z.default\prefs.js

user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.helperbar.SmartbarDisabled, true);
user_pref(extensions.helperbar.SmartbarStateMinimaized, false);
user_pref(extensions.helperbar.downloadprovider, snapdoocybch);
user_pref(extensions.helperbar.externalJsFiles, {\d\:\[{\\\ExcludeDomains\\\:[\\\snap.do\\\,\\\snapdo.com\\\],\\\HttpInjection\\\:\\\hxxp:\\\\\\/\\\\\\/www.supe
user_pref(extensions.helperbar.publisher, snapdoocyb);
Emptied folder: C:\Users\Klaus\AppData\Roaming\mozilla\firefox\profiles\9i2llw0z.default\minidumps [161 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Klaus\appdata\local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/05/2015 at  8:57:44.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 April 2015 - 06:13 PM

I've tried the link, AdwCleaner 4.203 loads down and says it's outdated.  Then the previous redirect to the download site for another 4.203. 

 

Strange?



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 30 April 2015 - 11:41 PM

Let's skip the AdwCleaner step for now - please continue with the MBAM scan.

#11 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 01 May 2015 - 03:13 AM

Malwarebytes Anti-Malware www.malwarebytes.org

Scan Date: 1/05/2015 Scan Time: 17:41:44 Logfile: malwarebytes.txt Administrator: Yes

Version: 2.01.6.1022 Malware Database: v2015.05.01.01 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled

OS: Windows 8.1 CPU: x64 File System: NTFS User: Klaus

Scan Type: Threat Scan Result: Completed Objects Scanned: 432102 Time Elapsed: 27 min, 9 sec

Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled

Processes: 0 (No malicious items detected)

Modules: 0 (No malicious items detected)

Registry Keys: 0 (No malicious items detected)

Registry Values: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Folders: 0 (No malicious items detected)

Files: 0 (No malicious items detected)

Physical Sectors: 0 (No malicious items detected)



(end)



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 01 May 2015 - 03:20 AM

Try resetting your browsers again, then check how they are doing.

Thank you.

#13 skippy55

skippy55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 01 May 2015 - 04:41 AM

Done!

 

So far, so good. 

 

Cheers



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 01 May 2015 - 04:44 AM

Good to hear. If anything happens again, don't hesitate to ask for help.

Please read this: Simple and easy ways to keep your computer safe and secure online

Best regards,
Alex

#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:08 AM

Posted 01 May 2015 - 05:28 AM

Please run this to clear all tools and logs. No need to give me the log... just delete it after you have finished cleaning.

Download DelFix from here and save it to your Desktop.
  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process.
Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users