Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware (ebiz.exe), getting pop-ups and redirected links


  • This topic is locked This topic is locked
40 replies to this topic

#1 omega333

omega333

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 16 November 2015 - 04:02 PM

My computer got infected with a bunch of malware and is running much slower on every operation. The links in all browsers get re-directed, homepages of all browsers are taken up by Ebiz.exe starting page... I'm not sure what else might be going on.

I downloaded and ran a Kaspersky full scan, which didn't solve this problem.

 

Thank you very much for your time and help! :)

 

My FRST Report is copy-pasted below and the Addition.txt file is attached to this message.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-11-2015
Ran by Lenovo (administrator) on LENOVO-THINK (16-11-2015 15:33:08)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo & Guest)
Platform: Microsoft Windows 7 Professional  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Windows\System32\idle-Threads.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
() C:\Windows\System32\semaphore-Threads.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [337256 2009-10-26] (Lenovo.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [487992 2010-10-27] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-10-27] ()
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-10-28] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-10-28] (Lenovo Group Limited)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [431464 2010-09-17] (Lenovo)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [855768 2015-02-12] (BlueStack Systems, Inc.)
HKLM\...\Run: [dply_en_015020146] => [X]
HKU\S-1-5-21-658646252-927701383-1851598397-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-658646252-927701383-1851598397-1000\...\MountPoints2: {5a50a84f-d990-11e3-a026-806e6f6e6963} - E:\HWPcAssistant.exe
HKU\S-1-5-21-658646252-927701383-1851598397-1000\...\MountPoints2: {b3034c3e-ce96-11e3-8723-60eb6915e75f} - E:\HWPcAssistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-05] (Microsoft Corporation)
Lsa: [Notification Packages] scecli ACGina
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{21937206-D68B-44D1-88A4-90FB0E3126C1}: [DhcpNameServer] 192.168.67.2
Tcpip\..\Interfaces\{83403E47-0C36-473E-9454-250C0E69BA9D}: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
Internet Explorer:
==================
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = 
SearchScopes: HKU\.DEFAULT -> {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = 
SearchScopes: HKU\S-1-5-21-658646252-927701383-1851598397-1000 -> DefaultScope {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = 
SearchScopes: HKU\S-1-5-21-658646252-927701383-1851598397-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-658646252-927701383-1851598397-1000 -> {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-26] (Lenovo Group Limited)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-15] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-25] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-15] (AO Kaspersky Lab)
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-658646252-927701383-1851598397-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default
FF DefaultSearchEngine.US: Google
FF Homepage: google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default\user.js [2015-11-15]
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-11-15] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16]
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
CHR Extension: (Google Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-16]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [12189808 2015-07-12] () [File not signed]
U2 .Net Main; C:\Windows\System32\idle-Threads.exe [12003952 2015-07-12] () [File not signed]
U2 .Net Security; C:\Windows\System32\latch-Threads.exe [13230192 2015-07-12] () [File not signed]
U2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [1027696 2015-07-12] () [File not signed]
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2010-09-17] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [259432 2010-09-17] (Lenovo)
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-11-15] (Kaspersky Lab ZAO)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2015-02-12] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-12] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-02-12] (BlueStack Systems, Inc.)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-10-28] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-06-24] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-10-28] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-10-28] (Lenovo Group Limited)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-04-18] (Lenovo Group Limited) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [99328 2011-06-24] (Lenovo Group Limited) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Update Oasis Space; "C:\Program Files\Oasis Space\updateOasisSpace.exe" [X]
S2 Util Oasis Space; "C:\Program Files\Oasis Space\bin\utilOasisSpace.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-02-12] (BlueStack Systems)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [58040 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2015-11-15] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-15] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [783232 2015-11-15] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [33976 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-11-15] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R0 scssifilter; C:\Windows\System32\Drivers\scssifilter32.sys [24984 2015-07-12] (Microsoft Corporation)
R0 usbmp3; C:\Windows\System32\Drivers\usbmp332.sys [18840 2015-07-12] () [File not signed]
R0 usbvox; C:\Windows\System32\Drivers\usbvox32.sys [43272 2015-07-12] () [File not signed]
R0 usbwav; C:\Windows\System32\Drivers\usbwav32.sys [26520 2015-07-12] () [File not signed]
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-01-13] (ZTE Incorporated)
R1 {85fcb4bb-8bcd-4db9-a32c-6fbd622858e1}Gw; C:\Windows\System32\drivers\{85fcb4bb-8bcd-4db9-a32c-6fbd622858e1}Gw.sys [43112 2015-11-15] (StdLib)
U3 aelytxun; C:\Windows\system32\Drivers\aelytxun.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 1394ohci; \SystemRoot\system32\DRIVERS\1394ohci.sys [X]
S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
R1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]
S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [X]
S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [X]
S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [X]
S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BthEnum; \SystemRoot\system32\drivers\BthEnum.sys [X]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [X]
S3 BTHPORT; \SystemRoot\System32\Drivers\BTHport.sys [X]
S3 BTHUSB; \SystemRoot\System32\Drivers\BTHUSB.sys [X]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]
S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [X]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]
R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [X]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]
S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [X]
S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [X]
S3 kbdhid; \SystemRoot\system32\DRIVERS\kbdhid.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]
R2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [X]
S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [X]
S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [X]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{6342F303-A1C253C3-06020101}_0; \??\c:\users\lenovo\appdata\local\temp\pcdr\bin\pcdsrvc.pkms [X]
S3 pciide; \SystemRoot\system32\DRIVERS\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S3 s3cap; \SystemRoot\system32\DRIVERS\vms3cap.sys [X]
S3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [X]
S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [X]
S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [X]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
R0 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]
S3 storvsc; \SystemRoot\system32\DRIVERS\storvsc.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [X]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X]
S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [X]
R3 usbehci; \SystemRoot\system32\drivers\usbehci.sys [X]
S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
R3 usbvideo; \SystemRoot\System32\Drivers\usbvideo.sys [X]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]
S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [X]
S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [X]
S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [X]
S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [X]
S3 vmbus; \SystemRoot\system32\DRIVERS\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\system32\DRIVERS\VMBusHID.sys [X]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 15:33 - 2015-11-16 15:35 - 00026195 _____ C:\Users\Lenovo\Downloads\FRST.txt
2015-11-16 15:31 - 2015-11-16 15:33 - 00000000 ____D C:\FRST
2015-11-16 15:30 - 2015-11-16 15:30 - 01378304 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST.exe
2015-11-16 14:34 - 2015-11-16 14:34 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-16 14:34 - 2015-11-16 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-16 14:32 - 2015-11-16 15:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 14:32 - 2015-11-16 14:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 14:31 - 2015-11-16 14:31 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Deployment
2015-11-16 14:31 - 2015-11-16 14:31 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Apps\2.0
2015-11-15 21:21 - 2015-11-15 22:36 - 00002324 _____ C:\Users\Lenovo\Desktop\Safe Money.lnk
2015-11-15 21:20 - 2015-11-15 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-11-15 21:20 - 2015-11-15 21:19 - 00002092 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-11-15 21:17 - 2015-11-16 15:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-15 21:17 - 2015-11-15 21:17 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-15 21:17 - 2015-11-15 21:17 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-11-15 21:16 - 2015-11-15 23:04 - 00783232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-11-15 21:16 - 2015-11-15 23:04 - 00147328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-11-15 21:01 - 2015-11-15 21:04 - 180334976 _____ (Kaspersky Lab) C:\Users\Lenovo\Downloads\kts16.0.0.614en_fr_8978.exe
2015-11-15 20:00 - 2015-11-15 20:00 - 00001424 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-15 19:54 - 2015-11-15 16:23 - 00043112 _____ (StdLib) C:\Windows\system32\Drivers\{85fcb4bb-8bcd-4db9-a32c-6fbd622858e1}Gw.sys
2015-11-15 19:53 - 2015-11-15 19:53 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\SpringFiles
2015-11-15 19:50 - 2015-11-15 20:12 - 00000000 ____D C:\Program Files\Oasis Space
2015-11-14 20:16 - 2015-11-14 21:02 - 00000000 ____D C:\Users\Lenovo\Downloads\Birdman (2014)
2015-11-11 17:38 - 2015-11-14 16:57 - 00000000 ____D C:\Users\Lenovo\Downloads\A Little Chaos (2014)
2015-11-08 19:57 - 2015-11-11 17:11 - 00000000 ____D C:\Users\Lenovo\Downloads\Clouds of Sils Maria (2014)
2015-11-08 18:00 - 2015-11-08 18:01 - 00000000 ____D C:\Users\Lenovo\Downloads\Whiplash (2014)
2015-11-05 21:16 - 2015-11-05 21:16 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Conexant
2015-11-04 21:09 - 2015-11-04 21:09 - 00000000 ____D C:\Users\Lenovo\AppData\Local\CEF
2015-10-31 12:23 - 2015-11-06 15:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 12:23 - 2015-10-31 12:23 - 00002028 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-31 12:22 - 2015-10-31 12:22 - 00000000 ____D C:\Program Files\Adobe
2015-10-28 12:44 - 2015-10-28 14:54 - 734410752 ____R C:\Users\Lenovo\Downloads\Oscar_and_Lucinda.avi
2015-10-23 12:55 - 2015-10-23 12:58 - 00000000 ____D C:\Users\Lenovo\Downloads\Lincoln [2012] BRRip XviD AC3-RARBG
2015-10-23 12:20 - 2015-10-23 12:22 - 00000000 ____D C:\Users\Lenovo\Downloads\Foxcatcher.2014.BRRip.480p.x264.AAC-VYTO [P2PDL]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 15:35 - 2009-07-14 03:34 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 15:35 - 2009-07-14 03:34 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 15:15 - 2014-06-10 09:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-16 14:35 - 2014-06-25 11:22 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Google
2015-11-16 14:32 - 2014-07-24 16:31 - 00000000 ____D C:\Program Files\Google
2015-11-16 14:22 - 2014-02-07 18:08 - 02049122 _____ C:\Windows\WindowsUpdate.log
2015-11-16 14:19 - 2013-01-30 17:21 - 00000116 ___RH C:\Windows\system32\masteraclbini.enu
2015-11-16 14:19 - 2013-01-30 14:21 - 02030739 __RSH C:\Windows\system32\masteraclini.enu
2015-11-16 14:17 - 2009-07-14 03:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 14:16 - 2014-02-25 18:39 - 00020396 _____ C:\Windows\PFRO.log
2015-11-16 14:16 - 2014-02-07 18:07 - 00146573 _____ C:\Windows\setupact.log
2015-11-16 14:12 - 2014-02-25 15:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-16 14:10 - 2014-02-25 15:14 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Mozilla
2015-11-16 13:21 - 2014-09-12 19:08 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Ehoqgeor
2015-11-15 23:04 - 2015-06-08 19:43 - 00039304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-11-15 22:49 - 2015-07-04 02:18 - 00044728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-11-15 21:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Public
2015-11-15 21:12 - 2013-01-30 17:23 - 00001945 _____ C:\Windows\epplauncher.mif
2015-11-15 21:00 - 2014-03-10 02:08 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2015-11-15 19:54 - 2009-07-14 01:04 - 00000608 _____ C:\Windows\win.ini
2015-11-15 16:05 - 2010-10-28 13:44 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-11-14 23:27 - 2014-03-26 17:57 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2015-11-12 11:51 - 2014-02-26 13:03 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 11:51 - 2014-02-26 13:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-09 20:43 - 2009-07-21 04:30 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 13:00 - 2010-10-28 13:44 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-11-08 09:42 - 2014-02-27 13:46 - 00000000 ____D C:\Users\Lenovo\Documents\Random
2015-11-07 11:33 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 21:09 - 2014-09-18 12:01 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2015-10-31 12:23 - 2014-03-29 12:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-31 12:22 - 2010-10-27 23:27 - 00000000 ____D C:\ProgramData\Adobe
 
==================== Files in the root of some directories =======
 
2015-02-24 19:33 - 2015-02-24 19:33 - 0000017 _____ () C:\Users\Lenovo\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\ioYFDOKzIk.exe
C:\Users\Lenovo\AppData\Local\Temp\WHvYARoIkS.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 16 November 2015 - 07:03 PM

Hello omega333 and Welcome to the BleepingComputer. :welcome:  
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

===========================================================================================

Using the Add/Remove Programs and Features remove these programs in bold

Yontoo
µTorrent
Setup

 

PC restart now

============================================================================================
 Please do the following.

 Ensure your external and/or USB drives are inserted during the scan

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   3.95KB   3 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Edited by olgun52, 16 November 2015 - 07:08 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 17 November 2015 - 09:09 PM

Thank your so much for your excellent instructions and for such quick reply, olgun52! :)

 

Below are the results of Step 1 (Farbar Fixlog). Can I do Steps 2 and 3 now? :)

 

I should mention that, although I removed µTorrent, I didn't find "Yontoo" or "Setup" in the Add/Remove Programs section. I don't know if I have them on the computer.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-11-2015
Ran by Lenovo (2015-11-17 20:44:33) Run:1
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
HKLM\...\Run: [dply_en_015020146] => [X]
HKU\S-1-5-21-658646252-927701383-1851598397-1000\...\MountPoints2: {5a50a84f-d990-11e3-a026-806e6f6e6963} - E:\HWPcAssistant.exe
HKU\S-1-5-21-658646252-927701383-1851598397-1000\...\MountPoints2: {b3034c3e-ce96-11e3-8723-60eb6915e75f} - E:\HWPcAssistant.exe
SearchScopes: HKLM -> DefaultScope {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-658646252-927701383-1851598397-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default\user.js
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
S2 Update Oasis Space; "C:\Program Files\Oasis Space\updateOasisSpace.exe" [X]
S2 Util Oasis Space; "C:\Program Files\Oasis Space\bin\utilOasisSpace.exe" [X]
U3 aelytxun; C:\Windows\system32\Drivers\aelytxun.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
C:\Windows\PFRO.log
C:\Users\Lenovo\AppData\Roaming\Ehoqgeor
C:\Users\Lenovo\AppData\Roaming\uTorrent
2015-11-15 16:05 - 2010-10-28 13:44 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-11-14 23:27 - 2014-03-26 17:57 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
C:\Users\Lenovo\AppData\Local\Temp\ioYFDOKzIk.exe
C:\Users\Lenovo\AppData\Local\Temp\WHvYARoIkS.exe
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
cmd: netsh winsock reset
EmptyTemp:
Reboot:
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\dply_en_015020146 => value removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a50a84f-d990-11e3-a026-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{5a50a84f-d990-11e3-a026-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-658646252-927701383-1851598397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3034c3e-ce96-11e3-8723-60eb6915e75f}" => key removed successfully.
HKCR\CLSID\{b3034c3e-ce96-11e3-8723-60eb6915e75f} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1}" => key removed successfully.
HKCR\CLSID\{BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
HKU\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default => FRST is scripted not to move this directory.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
FF user.js: detected! => C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default\user.js => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eahebamiopdhefndnmappcihfajigkka" => key removed successfully.
Update Oasis Space => service removed successfully.
Util Oasis Space => service removed successfully.
aelytxun => service not found.
C:\Windows\PFRO.log => moved successfully
C:\Users\Lenovo\AppData\Roaming\Ehoqgeor => moved successfully
C:\Users\Lenovo\AppData\Roaming\uTorrent => moved successfully
C:\Windows\Tasks\SystemToolsDailyTest.job => moved successfully
C:\Users\Lenovo\AppData\Roaming\vlc => moved successfully
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => moved successfully
C:\Users\Lenovo\AppData\Local\Temp\ioYFDOKzIk.exe => moved successfully
C:\Users\Lenovo\AppData\Local\Temp\WHvYARoIkS.exe => moved successfully
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-658646252-927701383-1851598397-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => moved successfully
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => not found.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 478.5 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:49:34 ====


#4 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 17 November 2015 - 10:49 PM

Hi again, olgun52! :)

 

I ran into a problem on Step 2:

 

As per instructions, I downloaded the Malwarebytes Anti-Malware on my desktop, but when I double-clicked on it and clicked on "Run", it said:

"The setup files are corrupted. Please obtain a new copy of the program."

 

 

What should I do now? :)



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 18 November 2015 - 11:13 AM

Please make 2. and 3. steps.

 

Try again download MalwareBytes.Be sure to right click the file, select "Run as administrator" to start the scan/tool.
 

If this also fails, run ComboFix.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 18 November 2015 - 02:07 PM

Thank you so much! :) It worked when I re-downloaded the Malwarebytes Anti-Malware. The program said that I have 25 items quarantined. Should I delete them?

 

Please find below the Scan Log for Step 2. And I'll be doing Step 3 now.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/18/2015
Scan Time: 12:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.18.06
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Lenovo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365137
Time Elapsed: 41 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 18 November 2015 - 03:11 PM

Results of Step 2 (MalwareBytes Scan Log) are above.

 

And here are results of Step 3 (ComboFix Log):

 

ComboFix 15-11-17.01 - Lenovo 11/18/2015  14:21:18.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.1790.849 [GMT -5:00]
Running from: c:\users\Lenovo\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Total Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Total Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.Net Semaphore
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-18 to 2015-11-18  )))))))))))))))))))))))))))))))
.
.
2015-11-18 17:52 . 2015-11-18 19:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-18 17:51 . 2015-11-18 17:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-11-18 17:51 . 2015-11-18 17:51 -------- d-----w- c:\programdata\Malwarebytes
2015-11-18 17:51 . 2015-10-05 14:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-18 17:51 . 2015-10-05 14:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-18 17:51 . 2015-10-05 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-18 01:15 . 2015-11-18 19:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A124A81-8708-41B9-A142-E918DF6103BB}\offreg.dll
2015-11-16 20:31 . 2015-11-18 01:51 -------- d-----w- C:\FRST
2015-11-16 19:31 . 2015-11-16 19:31 -------- d-----w- c:\users\Lenovo\AppData\Local\Apps
2015-11-16 19:31 . 2015-11-16 19:31 -------- d-----w- c:\users\Lenovo\AppData\Local\Deployment
2015-11-16 02:17 . 2015-11-16 02:17 -------- d-----w- c:\windows\ELAMBKUP
2015-11-16 02:17 . 2015-11-16 02:17 -------- d-----w- c:\program files\Kaspersky Lab
2015-11-16 02:17 . 2015-11-18 19:54 -------- d-----w- c:\programdata\Kaspersky Lab
2015-11-16 02:16 . 2015-11-16 04:04 147328 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-11-16 00:47 . 2015-11-16 00:47 -------- d-----w- c:\users\Lenovo\AppData\Local\Programs
2015-11-06 02:16 . 2015-11-06 02:16 -------- d-----w- c:\users\Lenovo\AppData\Local\Conexant
2015-11-05 02:09 . 2015-11-05 02:09 -------- d-----w- c:\users\Lenovo\AppData\Local\CEF
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-16 04:04 . 2015-06-09 00:43 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2015-11-16 03:49 . 2015-07-04 07:18 44728 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-11-12 16:51 . 2014-02-26 18:03 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-12 16:51 . 2014-02-26 18:03 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 22:29 405504 --sha-r- c:\windows\System32\vshadow.exe
2013-01-30 22:29 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2013-01-30 22:29 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-10-27 337256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-10-28 487992]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-10-28 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-10-28 894312]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-27 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-28 1725736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-10-28 62312]
"ACTray"="c:\program files\Lenovo\Access Connections\ACTray.exe" [2010-09-18 431464]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2015-02-13 855768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-05 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-11 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 PCDSRVC{6342F303-A1C253C3-06020101}_0;PCDSRVC{6342F303-A1C253C3-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\lenovo\appdata\local\temp\pcdr\bin\pcdsrvc.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-10-28 75112]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-10-28 1015912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-27 1343400]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 106752]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\DRIVERS\cm_km.sys [2015-07-06 201912]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 46776]
S0 scssifilter;scssifilter;c:\windows\system32\Drivers\scssifilter32.sys [2015-07-12 24984]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S0 usbmp3;usbmp3;c:\windows\system32\Drivers\usbmp332.sys [1601-01-01 0]
S0 usbvox;usbvox;c:\windows\system32\Drivers\usbvox32.sys [1601-01-01 0]
S0 usbwav;usbwav;c:\windows\system32\Drivers\usbwav32.sys [1601-01-01 0]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 58224]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2015-11-16 44728]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2015-06-12 33976]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2015-11-16 39304]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-06-11 54328]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-06-17 87736]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-06-23 156856]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2011-06-24 13680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 172032]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [2015-11-16 194000]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2015-02-13 112856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2015-02-13 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2015-02-13 794328]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2015-06-06 58040]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-10-28 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-06-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-10-28 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-10-28 93032]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-06-24 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-06-24 64440]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-11-16 147328]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-06-07 38072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-11-18 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-28 189784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-28 204288]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-28 27320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-16 19:33 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-26 16:51]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-11-16 19:32]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-11-16 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 64.71.255.204 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{6342F303-A1C253C3-06020101}_0]
"ImagePath"="\??\c:\users\lenovo\appdata\local\temp\pcdr\bin\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
   bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,69,2c,9b,2c,34,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,67,94,31,77,42,66,42,aa,f9,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,67,94,31,77,42,66,42,aa,f9,ea,\
.
[HKEY_USERS\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-658646252-927701383-1851598397-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6744)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2015-11-18  15:06:08 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-18 20:06
.
Pre-Run: 19,221,639,168 bytes free
Post-Run: 18,993,537,024 bytes free
.
- - End Of File - - F934F2555EDFD31FE32FD2198AD97FFC
4EF4363C75B06112C429585C5BA53ADC


#8 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 18 November 2015 - 04:58 PM

I should add that after completing the 3 steps above, I still keep getting re-directed links (for example, newpoptab.com).

What should I do next? :)

Thank you! :)



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 18 November 2015 - 06:40 PM

I should add that after completing the 3 steps above, I still keep getting re-directed links (for example, newpoptab.com).

Ok. You must be patient.

---------------------------------

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

Attached File  zoekscript.txt   188bytes   210 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 19 November 2015 - 11:10 AM

Thanks a lot, olgun52! :D

 

Here are the results of Step 1 - AdwCleaner Log:

 

# AdwCleaner v5.021 - Logfile created 19/11/2015 at 10:51:51
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 7 Professional  (x86)
# Username : Lenovo - LENOVO-THINK
# Running from : C:\Users\Lenovo\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Lenovo\AppData\Local\Temp\Appupdater
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wzfc2466.default\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Oasis Space
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Oasis Space
[!] Key Not Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Oasis Space
[!] Key Not Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Oasis Space
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1610 bytes] ##########


#11 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 19 November 2015 - 11:31 AM

Step 1 results are posted above.

 

Here are results of Step 2 - Junkware Removal Tool Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 7 Professional x86 
Ran by Lenovo (Administrator) on Thu 11/19/2015 at 11:14:38.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay (Task)
Successfully deleted: C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BE25DF48-68C6-4DB6-AA72-6E8E4299CBD1} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/19/2015 at 11:23:54.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 19 November 2015 - 12:01 PM

Results of Step 2 are posted above.

 

Here are results of Step 3 - ZHPCleaner Log:

 

~ ZHPCleaner v2015.11.18.381 by Nicolas Coolman (2015/11/18)
~ Run by Lenovo (Administrator)  (19/11/2015 11:54:06)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Lenovo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Lenovo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit  (Build 7600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (45)
MOVED file: C:\Windows\Prefetch\DPLY_EN_015020146.EXE-C1D3A168.pf    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\Prefetch\OASISDPLY_EN_015020146.EXE-96ACC6D2.pf    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\Prefetch\UPDPLY_EN_015020146.EXE-27656965.pf    =>PUP.Optional.CrossRider
MOVED folder: C:\ProgramData\avg security toolbar  =>Toolbar.AVGSearch
MOVED folder: C:\Windows\Installer\MSI146A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1D23.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2091.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI22C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2AC8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI36A5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI40AF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4396.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI47C7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4B76.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI50C9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5671.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5A04.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5E3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI65A2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6BE6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7246.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI768C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7BF0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7F9A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI813F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9306.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9BD7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA0C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA36.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA70B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAB9A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB1D8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB7F0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIBA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC3E6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICE0F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID0D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDA35.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDF8D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE27F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEA85.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEACF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEDA6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF039.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF613.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Summary of the elements found (3)
http://www.nicolascoolman.fr/blog  =>Toolbar.AVGSearch
 
 
 
---\\  Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 1177
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 45
 
 
~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-19112015-11_55_22.txt
ZHPCleaner-[S]-19112015-11_53_40.txt


#13 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 19 November 2015 - 02:48 PM

Attached File  zoek-results.log   12.39KB   1 downloadsResults of Step 3 are posted above.

 

Here are results of Step 4 - zoek-results.txt file attached.

 

I should add that when I restarted computer right after completing this step (Zoek), a window popped up saying "unexpected hard error..." and something else, and the computer immediately shut down. It seems fine now. Is that normal or should I do something else to fix it? 

Thank you! :)



#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 19 November 2015 - 06:37 PM

I should add that when I restarted computer right after completing this step (Zoek), a window popped up saying "unexpected hard error..." and something else, and the computer immediately shut down

How is the PC now ? is there a problem ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 omega333

omega333
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:37 PM

Posted 19 November 2015 - 09:58 PM

It seems to work fine now, I'm getting no new pop-ups/redirected links :) , though still loading a bit slowly on Chrome, but maybe it's normal. :)

Currently, Malware Bytes Anti-Malware Trial is active at the moment, and maybe it's protecting me from new pop-ups and redirected links? Will it still work when the trial is done, or will I need to run some new malware removal program?

 

Also, should I activate Firewall and Kaspersky now? Or do I still need to wait? :)

 

Thank you so very much for your wonderful help, olgun52! :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users