Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads in Steam?


  • Please log in to reply
31 replies to this topic

#1 goofyrp

goofyrp

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 12 October 2015 - 08:11 PM

My son's computer is now getting unwanted ads in Steam.  I did a scan with Malwarebytes and found the following.  Any ideas what we dhould do to resolve this:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2015
Scan Time: 4:33 PM
Logfile: MalwareBytes scan 10-12-15.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.12.03
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jacob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389157
Time Elapsed: 22 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Optimizer Pro Schedule, , [bf54bf97a0eb270f31017c4beb196d93], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall FM, , [be55bf974b4024125ba6dc6eb0535fa1], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall TM, , [36dd8accb2d9122428d9e7630bf857a9], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall TW1, , [b36051056526d3632fd2103a3ec508f8], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall TW2, , [759ebc9aafdc4aec3ec373d7897a8080], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall W1, , [e52e352196f556e0f60b480229da5aa6], 
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall W2, , [e03343134f3c0d295aa788c202019d63], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FA6289D6-676C-4497-88CC-9E2E15488944}, , [fd16f75fe7a4bf7721f8338a14f0847c], 
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, , [7e9578de1c6ff5416f26c882c83b738d], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [dd363d19f695a591ffd1b3236a9ac53b], 

Registry Values: 1
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FA6289D6-676C-4497-88CC-9E2E15488944}|Publisher, Linkury Ltd., , [fd16f75fe7a4bf7721f8338a14f0847c]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.AppBud, C:\Users\Jacob\AppData\Local\Temp\App Bud, , [ae65e076474459dd0083f62608fb36ca], 

Files: 4
PUP.Optional.OptimizerPro, C:\Windows\System32\Tasks\Optimizer Pro Schedule, , [6aa9e571b7d4c07648e4b80f0ff5ec14], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, , [40d3afa788038bab86637f6e699b36ca], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, , [55befa5c1279a78f59908568bb496799], 
PUP.Optional.AppBud, C:\Users\Jacob\AppData\Local\Temp\App Bud\7za.exe, , [ae65e076474459dd0083f62608fb36ca], 

Physical Sectors: 0
(No malicious items detected)


(end)


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 October 2015 - 08:21 PM

Hi goofyrp :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Scan Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, click on the Logfile button to open the scan log;
  • Please copy/paste the content of the log that will open in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 12 October 2015 - 09:24 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Jacob (administrator) on 12-10-2015 at 19:05:33
Running from "C:\Users\Jacob\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: MS-7759 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


0.0.0.1	mssplus.mcafee.com


========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
TP-LINK 300Mbps Wireless N Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Frozenmoon-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 62-66-B3-8A-A3-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TP-LINK 300Mbps Wireless N Adapter
   Physical Address. . . . . . . . . : 64-66-B3-8A-A3-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-48-95-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.16.201.121(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 12, 2015 5:24:32 PM
   Lease Expires . . . . . . . . . . : Tuesday, October 13, 2015 5:24:33 PM
   Default Gateway . . . . . . . . . : 172.16.201.1
   DHCP Server . . . . . . . . . . . : 172.16.201.1
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com
Addresses:  2607:f8b0:4005:803::200e
	  216.58.192.14


Pinging google.com [216.58.192.46] with 32 bytes of data:
Reply from 216.58.192.46: bytes=32 time=14ms TTL=56
Reply from 216.58.192.46: bytes=32 time=14ms TTL=56

Ping statistics for 216.58.192.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 14ms, Average = 14ms
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
	  2001:4998:44:204::a7
	  2001:4998:c:a06::2:4008
	  98.138.253.109
	  206.190.36.45
	  98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=94ms TTL=50
Reply from 98.139.183.24: bytes=32 time=93ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 94ms, Average = 93ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...62 66 b3 8a a3 b0 ......Microsoft Virtual WiFi Miniport Adapter
 12...64 66 b3 8a a3 b0 ......TP-LINK 300Mbps Wireless N Adapter
 11...d4 3d 7e 48 95 b0 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     172.16.201.1   172.16.201.121     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     172.16.201.0    255.255.255.0         On-link    172.16.201.121    276
   172.16.201.121  255.255.255.255         On-link    172.16.201.121    276
   172.16.201.255  255.255.255.255         On-link    172.16.201.121    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    172.16.201.121    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    172.16.201.121    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2015 05:26:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2015 04:31:49 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:48 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:37 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:35 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome

Error: (10/12/2015 04:31:35 PM) (Source: MsiInstaller) (User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome


System errors:
=============
Error: (10/12/2015 05:24:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (10/12/2015 05:23:16 PM) (Source: Service Control Manager) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (10/12/2015 06:26:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (10/12/2015 12:19:45 AM) (Source: Service Control Manager) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (10/11/2015 09:16:09 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/11/2015 10:36:56 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (10/11/2015 01:50:56 AM) (Source: Service Control Manager) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (10/10/2015 09:51:50 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5

Error: (10/10/2015 09:51:47 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (10/10/2015 09:42:15 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5


Microsoft Office Sessions:
=========================
Error: (10/12/2015 05:26:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2015 04:31:49 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:48 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:37 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:36 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:35 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2015 04:31:35 PM) (Source: MsiInstaller)(User: Frozenmoon-PC)
Description: Product: Ask Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 

Google Chrome	(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-07-26 11:50:44.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 11:50:44.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 01:06:06.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 01:06:06.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 00:06:05.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-26 00:06:05.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-25 23:06:04.073
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-25 23:06:04.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-25 22:33:29.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-25 22:33:29.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ASUS USB-AC56 WLAN Card Utilities/Driver (HKLM-x32\...\{68909632-6D1F-4B45-98C2-2D8E55018A81}) (Version: 2.0.8.1 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVerMedia C875 Live Gamer Portable 3.7.64.37 (HKLM-x32\...\AVerMedia C875 Live Gamer Portable) (Version: 3.7.64.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.) Hidden
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Bleed (HKLM-x32\...\Steam App 239800) (Version:  - Ian Campbell)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
Bunny Must Die! Chelsea and the 7 Devils (HKLM-x32\...\Steam App 250660) (Version:  - Platine Dispositif)
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Dungeon Fighter Online (HKLM-x32\...\DFO) (Version:  - )
Dungeons & Dragons: Chronicles of Mystara (HKLM-x32\...\Steam App 229480) (Version:  - Iron Galaxy Studios)
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EasyViewer (HKLM-x32\...\{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI) Hidden
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version:  - Matt Roszak)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ether One (HKLM-x32\...\Steam App 265950) (Version:  - White Paper Games)
Eversion  (HKLM-x32\...\Steam App 33680) (Version:  - Zaratustra Productions)
Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.9 - MSI)
Flyff (HKLM-x32\...\{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1) (Version: Flyff - Gala-Net)
Freedom Planet (HKLM-x32\...\Steam App 248310) (Version:  - GalaxyTrail)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\Steam App 275390) (Version:  - DrinkBox Studios)
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version:  - Dennaton Games)
Hover : Revolt Of Gamers (HKLM-x32\...\Steam App 280180) (Version:  - Fusty Game)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Keep Talking and Nobody Explodes (HKLM-x32\...\{5F313C69-E37D-4A3B-8A48-3D36C768517B}_is1) (Version: 1.0 - Steel Crate Games)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.0 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version:  - Almost Human Games)
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI)
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (PartnerNet) (HKLM-x32\...\{004B8175-BD94-4548-879A-F6AA628696D2}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Partnernet) (HKLM-x32\...\{57672BEC-E777-4D4B-944A-719414E84D3F}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{06669347-C150-48B8-AE9A-64F85A6384C1}) (Version: 4.0.6.305 - Intel Corporation) Hidden
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-0298c4a9-7d9c-4f4f-92f7-88b276622dfd) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-abd9092f-b1a3-4c26-a942-01ba53905446) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-fde490c1-61de-4601-a8e9-c09a57e39c43) (Version:  - Epic Games, Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
NETGEAR Powerline Utility (HKLM-x32\...\{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.4 - NETGEAR Powerline) Hidden
NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.4 - NETGEAR Powerline)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.2 - Black Tree Gaming)
Noitu Love 2 Devolution (HKLM-x32\...\Steam App 207530) (Version:  - Joakim Sandberg)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oddworld: New 'n' Tasty (HKLM-x32\...\Steam App 314660) (Version:  - Just Add Water (Developments), Ltd.)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Phantom Breaker: Battle Grounds (HKLM-x32\...\Steam App 329490) (Version:  - MAGES.)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerpuffZ3 (HKCU\...\PowerpuffZ3) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
Q.U.B.E: Director's Cut (HKLM-x32\...\Steam App 239430) (Version:  - Toxic Games)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.60.26 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.29 - Razer Inc)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Resident Evil 5 / Biohazard 5 (HKLM-x32\...\Steam App 21690) (Version:  - Capcom)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Secrets of Grindea (HKLM-x32\...\Steam App 269770) (Version:  - Pixel Ferrets)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)
Shantae and the Pirate's Curse (HKLM-x32\...\Steam App 345820) (Version:  - WayForward)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stick It To The Man! (HKLM-x32\...\Steam App 251830) (Version:  - Zoink!)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.022 - MSI)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.03 - Creative Technology Limited)
TL-WN881ND Driver (HKLM-x32\...\{B512F025-E992-44D0-B1F4-D6E1D3339C80}) (Version: 1.0.0 - TP-LINK)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Victor Vran (HKLM-x32\...\Steam App 345180) (Version:  - Haemimont Games)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.125 - MSI)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 8137.93 MB
Available physical RAM: 3895.14 MB
Total Virtual: 16274.07 MB
Available Virtual: 11147.13 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:35.67 GB) NTFS
2 Drive d: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:524.6 GB) NTFS

========================= Users: ========================================

User accounts for \\FROZENMOON-PC

Administrator            Guest                    Jacob                    


**** End of log ****

# AdwCleaner v5.013 - Logfile created 12/10/2015 at 19:11:37
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jacob - FROZENMOON-PC
# Running from : C:\Users\Jacob\Downloads\AdwCleaner (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Jacob\AppData\Local\StormFall
Folder Found : C:\Users\Jacob\AppData\Roaming\StormFall
Folder Found : C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall

***** [ Files ] *****

File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
File Found : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
File Found : C:\Users\Jacob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\StormFall.lnk ( --app=hxxp://plarium.com/play/en/stormfall/dragon04?adCampaign=23634&clickID=0DzzyDtD0EyC0FtAyByDzy0E0FtB0E0D&publisherID=2_1_2_16_47 --app-window-size=1920,1200 )
Shortcut Infected : C:\Users\Jacob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk ( --app=hxxp://plarium.com/play/en/stormfall/dragon04?adCampaign=23634&clickID=0DzzyDtD0EyC0FtAyByDzy0E0FtB0E0D&publisherID=2_1_2_16_47 --app-window-size=1920,1200 )

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3388 bytes] ##########


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 13 October 2015 - 05:19 AM

Alright, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore include:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 13 October 2015 - 11:44 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jacob on Tue 10/13/2015 at  7:18:47.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BE49B27017FD712DF1E70FE7861589BC
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update App Bud
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util App Bud



~~~ Files

Successfully deleted: [File] C:\Users\Jacob\AppData\Roaming\speedrunnerslog.txt
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxp_adultcatfinder.com_0.localstorage
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxp_adultcatfinder.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Jacob\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Jacob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\stormfall.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Users\Jacob\Appdata\Local\stormfall
Successfully deleted: [Folder] C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\stormfall
Successfully deleted: [Folder] C:\Users\Jacob\AppData\Roaming\stormfall
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\Jacob\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Jacob\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Jacob\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Jacob\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/13/2015 at  7:21:24.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.300 - Report created 13/10/2015 at 07:24:41
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jacob - FROZENMOON-PC
# Running from : C:\Users\Jacob\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Tāches planifiées ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.18015


-\\ Google Chrome v45.0.2454.101

[ File : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11411&pf=V7&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&doi=2014-02-02&apn_uid=90F6C456-B64D-4906-9FCF-4FD34208B75C&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_32.0.1700.102&psv=&trgb=CR&tbv=&crxv=&q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=A7AE7118-2FF0-483A-AD32-46EB56B79454&apn_ptnrs=TV&apn_sauid=89CFACDD-FD33-42DA-ADC8-DE71D8A3F84A&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4705 octets] - [27/07/2014 14:34:21]
AdwCleaner[R1].txt - [4735 octets] - [27/07/2014 14:43:20]
AdwCleaner[R2].txt - [1701 octets] - [12/10/2015 19:08:51]
AdwCleaner[R4].txt - [1821 octets] - [13/10/2015 07:23:27]
AdwCleaner[S0].txt - [925 octets] - [27/07/2014 14:42:46]
AdwCleaner[S1].txt - [4742 octets] - [27/07/2014 14:43:42]
AdwCleaner[S2].txt - [2379 octets] - [13/10/2015 07:24:41]
AdwCleaner[S4].txt - [3483 octets] - [12/10/2015 19:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2499 octets] ##########
Malwarebytes Anti-Malware
 
Scan Date: 10/13/2015
Scan Time: 7:31 AM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.13.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jacob
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357232
Time Elapsed: 26 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [c1b83b1ba5e623135adaeed5d72cf808], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSGERMANIA, Delete-on-Reboot, [da9fb99d395263d3a3f291e4bf4343bd], 
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [3247b0a6bbd01f1749eb6a5930d332ce], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2A3AC103-2728-4C3D-AEFC-EDF07556BE70}|NameServer, 82.163.143.143,82.163.142.145, Good: (), Bad: (82.163.143.143,82.163.142.145),Replaced,[b1c863f37318fe38a27bd26fe2221ee2]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9329EF20-B758-4519-890D-6B3BF3FBC028}|NameServer, 82.163.143.143,82.163.142.145, Good: (), Bad: (82.163.143.143,82.163.142.145),Replaced,[ee8b5501dcaf7db929f461e008fc2fd1]
 
Folders: 1
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker, Delete-on-Reboot, [c0b944127f0cd1659287182f4cb6de22], 
 
Files: 15
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Windows\System32\Tasks\DNSGERMANIA, Quarantined, [c4b541158a01a78f4350f77e56ac5aa6], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\config.ini, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\DNSGERMANIA.cer, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnsgermania.exe, Delete-on-Reboot, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Info.rtf, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\License.rtf, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\settings.ini, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.dat, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.exe, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, Quarantined, [c0b944127f0cd1659287182f4cb6de22], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 13 October 2015 - 01:27 PM

Let's do a final sweep using ESET Online Scanner. This scan can be lenghty, so you can leave it running overnight or during the day.

cvMlKv6.pngESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  • Once you're done, click on the Back button;
  • Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 14 October 2015 - 01:50 PM

Here's the logs from the eSet scan:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jacob\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jacob\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jacob\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\Users\Jacob\AppData\Local\Temp\is351588084\7E2E8A5B_stp\TaskScheduler.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[4].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[5].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 14 October 2015 - 01:56 PM

Alright :) Now, can you simply uninstall Steam (without installing your games), and reinstall it? The ads should be gone after that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 16 October 2015 - 12:00 AM

Still getting ads in Steam. Did we miss a step here? In uninstalling Steam, there was a tech note we followed that said to copy one of the app data folders. Is that where the adware is still loaded? Malwarebytes last scan found nothing. Ideas? -Rick

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 16 October 2015 - 05:18 AM

The malware is most likely located in that AppData folder, yes. I don't use Steam so I cannot tell you exactly what's in that folder, so if you delete it, I cannot tell what you'll lose. What you can do however, is exit Steam, rename that Steam folder in AppData, then launch it again and see if it gets created again, and if the ads are still present.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 October 2015 - 11:19 AM

Our debacle continues.  We have uninstalled and reinstalled Steam a few times and yet we are still getting the Ads.  Do you know where in Steam this is coming from or is it an application outside of Steam that generates it?

 

It seems like the in game browser has the corruption as we only get the ads when the Steam Store window is open.

 

How should we proceed?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 19 October 2015 - 11:21 AM

Did you delete your Steam personal folder in AppData as well? I can install Steam tonight in a VM, look for these folders and tell you which ones to delete.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 20 October 2015 - 01:29 PM

He has Steam apps installed across 2 hard drives (out of disk space). I am betting this is why we are having so much trouble. If you can help us figure out the specific paths, that would be very helpful. Is it possible that the hacked the Steam files themselves to trigger redirects (proxy, etc...)? I don't see any DNS changes to his specific system that would account for it.

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 20 October 2015 - 04:36 PM

I doubt, and if there was any DNS hijack, I would have seen it with MiniToolBox. I see that there's a Steam folder in Program Files (x86) that needs to be deleted. There's also a Steam folder in C:\Users\$USERNAME\AppData\Local that needs to be deleted as well (the web cache is there).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 21 October 2015 - 09:48 AM

That was the magic sauce!  After we cleared out that cache folder, the adds finally stopped and Steam has returned to normal.  In the future, you may want to have people do that step first before uninstalling and reinstalling Steam.  I suspect the reinstall is not required.  We are still trying to stitch back his Steam library after all that.

 

It's too bad apps like ccleaner and the like don't clear out that web cache too.

 

Thanks again for all your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users