Caught the webhp

chronos872 · March 1, 2013

Hello i stumbled across the google redirecter webhp. Here are my dds reports

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by Willard at 0:04:52 on 2013-03-01
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8173.6261 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: KeyDownload Class: {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1 207.157.37.23
TCP: Interfaces\{0251A0B5-7054-469E-AE74-16F386E0FF46} : DHCPNameServer = 192.168.0.1 207.157.37.23
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-27 20:23; addon@keydownload.com; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\addon@keydownload.com
FF - ExtSQL: 2013-02-27 20:23; addon@defaulttab.com; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-02-27 20:53; nwz9bpad@som-.net; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\nwz9bpad@som-.net
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-16 21616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-2-27 107520]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-12-16 68136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-16 27760]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-16 46136]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-16 30528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-28 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-16 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-16 2196592]
RUnknown szkg5;szkg5; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-19 25640]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-12-16 160256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2013-03-01 03:50:00 -------- d-----w- C:\Windows\pss
2013-03-01 02:04:53 -------- d-----w- C:\Users\Willard\AppData\Roaming\Malwarebytes
2013-03-01 02:04:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-01 02:04:46 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-01 02:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-01 02:04:37 -------- d-----w- C:\Users\Willard\AppData\Local\Programs
2013-02-28 02:23:56 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-02-28 02:23:47 -------- d-----w- C:\Adobe Photoshop CS6
2013-02-28 02:23:46 -------- d-----w- C:\Program Files (x86)\MagniPic
2013-02-28 02:23:33 -------- d-----w- C:\ProgramData\MaygnniiPic
2013-02-28 02:23:30 -------- d-----w- C:\ProgramData\InstallMate
2013-02-28 02:23:18 -------- d-----w- C:\Users\Willard\AppData\Local\Google
2013-02-28 02:23:18 -------- d-----w- C:\Program Files (x86)\KeyDownload-Addon
2013-02-28 02:23:05 -------- d-----w- C:\Users\Willard\AppData\Local\SwvUpdater
2013-02-28 02:22:41 -------- d-----w- C:\Users\Willard\AppData\Roaming\DefaultTab
2013-02-28 02:22:12 -------- d-----w- C:\Users\Willard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-02-28 02:22:10 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2013-02-27 17:38:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-03-01 05:49:50 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-03-01 05:49:35 25640 ----a-w- C:\Windows\gdrv.sys
2013-02-27 17:38:34 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-27 17:38:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-20 02:56:32 25640 ----a-w- C:\Windows\etdrv.sys
2012-12-17 08:21:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-17 08:21:29 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-17 08:21:28 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-16 17:06:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:06:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:07:59 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-16 04:54:50 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-16 04:54:49 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-16 04:54:49 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
.
============= FINISH: 0:05:14.36 ===============

Attach

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by Willard at 0:04:52 on 2013-03-01
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8173.6261 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: KeyDownload Class: {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1 207.157.37.23
TCP: Interfaces\{0251A0B5-7054-469E-AE74-16F386E0FF46} : DHCPNameServer = 192.168.0.1 207.157.37.23
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-27 20:23; addon@keydownload.com; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\addon@keydownload.com
FF - ExtSQL: 2013-02-27 20:23; addon@defaulttab.com; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-02-27 20:53; nwz9bpad@som-.net; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\nwz9bpad@som-.net
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-16 21616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Willard\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-2-27 107520]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-12-16 68136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-16 27760]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-16 46136]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-16 30528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-28 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-16 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-16 2196592]
RUnknown szkg5;szkg5; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-19 25640]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-12-16 160256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2013-03-01 03:50:00 -------- d-----w- C:\Windows\pss
2013-03-01 02:04:53 -------- d-----w- C:\Users\Willard\AppData\Roaming\Malwarebytes
2013-03-01 02:04:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-01 02:04:46 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-01 02:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-01 02:04:37 -------- d-----w- C:\Users\Willard\AppData\Local\Programs
2013-02-28 02:23:56 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-02-28 02:23:47 -------- d-----w- C:\Adobe Photoshop CS6
2013-02-28 02:23:46 -------- d-----w- C:\Program Files (x86)\MagniPic
2013-02-28 02:23:33 -------- d-----w- C:\ProgramData\MaygnniiPic
2013-02-28 02:23:30 -------- d-----w- C:\ProgramData\InstallMate
2013-02-28 02:23:18 -------- d-----w- C:\Users\Willard\AppData\Local\Google
2013-02-28 02:23:18 -------- d-----w- C:\Program Files (x86)\KeyDownload-Addon
2013-02-28 02:23:05 -------- d-----w- C:\Users\Willard\AppData\Local\SwvUpdater
2013-02-28 02:22:41 -------- d-----w- C:\Users\Willard\AppData\Roaming\DefaultTab
2013-02-28 02:22:12 -------- d-----w- C:\Users\Willard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-02-28 02:22:10 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2013-02-27 17:38:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-03-01 05:49:50 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-03-01 05:49:35 25640 ----a-w- C:\Windows\gdrv.sys
2013-02-27 17:38:34 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-27 17:38:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-20 02:56:32 25640 ----a-w- C:\Windows\etdrv.sys
2012-12-17 08:21:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-17 08:21:29 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-17 08:21:28 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-16 17:06:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:06:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:07:59 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-16 04:54:50 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-16 04:54:49 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-16 04:54:49 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
.
============= FINISH: 0:05:14.36 ===============

Maniac · March 1, 2013

Hello chronos872 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

These two log files are the same, both of them are DDS.txt , please post the content of Attach.txt .

chronos872 · March 1, 2013

Hello Maniac it was late last night and i did not notice i did that here is the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2012 9:43:58 AM
System Uptime: 2/28/2013 11:48:17 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3
Processor: AMD FX-6100 Six-Core Processor | Socket M2 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 306.607 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP22: 1/25/2013 12:00:02 AM - Scheduled Checkpoint
RP23: 2/8/2013 10:21:07 PM - Installed Java 7 Update 13
RP24: 2/27/2013 11:38:07 AM - Installed Java 7 Update 15
RP25: 2/28/2013 9:30:00 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP26: 2/28/2013 11:50:41 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
@BIOS
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
AutoGreen B12.0206.1
Battlefield 3™
Battlelog Web Plugins
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DefaultTab
Easy Tune 6 B12.0509.1
EasySaver B9.1214.1
ESN Sonar
Etron USB3.0 Host Controller
Java 7 Update 15
Java 7 Update 9 (64-bit)
Java Auto Updater
KeyDownload
League of Legends
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Minecraft Launcher
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
Need For Speed™ World
ON_OFF Charge B11.1102.1
Origin
Path of Exile
Platform
PunkBuster Services
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 6.1
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Platform Device Manager
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
2/28/2013 9:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/28/2013 9:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/28/2013 9:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/28/2013 9:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/28/2013 9:51:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/28/2013 9:51:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/28/2013 9:51:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2013 9:51:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2013 9:50:13 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
2/28/2013 9:24:01 PM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
2/28/2013 9:24:01 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/28/2013 9:24:01 PM, Error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
2/28/2013 11:49:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
2/28/2013 11:04:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/28/2013 11:04:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/28/2013 11:04:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/27/2013 8:25:28 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CD6E6898-4327-4F16-872C-7388900E0007} because another computer on the network has the same name. The server could not start.
2/27/2013 12:42:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================

Maniac · March 1, 2013

Step 1

Please uninstall both applications:

DefaultTab

KeyDownload

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

Junkware Removal Tool log
Malwarebytes' Anti-Malware log
a new fresh DDS log

chronos872 · March 1, 2013

Hello again Maniac here are the logs as requested

Also i have a mbam log file that did find some stuff if you want it tell me and i will post it for you

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Enterprise x64
Ran by Willard on Fri 03/01/2013 at 10:00:05.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\sprotector
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sprotector
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\Willard\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Program Files (x86)\magnipic"
~~~ FireFox
Successfully deleted the following from C:\Users\Willard\AppData\Roaming\mozilla\firefox\profiles\ksh2civ8.default\prefs.js
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("browser.search.defaultenginename", "Privitize VPN");
user_pref("browser.search.order.1", "Privitize VPN");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Willard\AppData\Roaming\mozilla\firefox\profiles\ksh2civ8.default\minidumps [71 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/01/2013 at 10:08:52.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAM log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Willard :: WILLARD-PC [administrator]
Protection: Disabled
3/1/2013 10:11:25 AM
mbam-log-2013-03-01 (10-11-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205205
Time elapsed: 1 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by Willard at 10:13:54 on 2013-03-01
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8173.6606 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: KeyDownload Class: {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1 207.157.37.23
TCP: Interfaces\{0251A0B5-7054-469E-AE74-16F386E0FF46} : DHCPNameServer = 192.168.0.1 207.157.37.23
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13
FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=a58f3881-814d-11e2-8e45-902b349d7d13&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-27 20:53; nwz9bpad@som-.net; C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\nwz9bpad@som-.net
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-16 21616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-12-16 68136]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-16 27760]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-16 46136]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-16 30528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-16 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-16 2196592]
RUnknown szkg5;szkg5; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-19 25640]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-12-16 160256]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-28 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2013-03-01 16:00:03 -------- d-----w- C:\Windows\ERUNT
2013-03-01 15:59:49 -------- d-----w- C:\JRT
2013-03-01 03:50:00 -------- d-----w- C:\Windows\pss
2013-03-01 02:04:53 -------- d-----w- C:\Users\Willard\AppData\Roaming\Malwarebytes
2013-03-01 02:04:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-01 02:04:46 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-01 02:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-01 02:04:37 -------- d-----w- C:\Users\Willard\AppData\Local\Programs
2013-02-28 02:23:47 -------- d-----w- C:\Adobe Photoshop CS6
2013-02-28 02:23:33 -------- d-----w- C:\ProgramData\MaygnniiPic
2013-02-28 02:23:18 -------- d-----w- C:\Users\Willard\AppData\Local\Google
2013-02-28 02:23:18 -------- d-----w- C:\Program Files (x86)\KeyDownload-Addon
2013-02-28 02:22:12 -------- d-----w- C:\Users\Willard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-02-28 02:22:10 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2013-02-27 17:38:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-03-01 05:49:50 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-03-01 05:49:35 25640 ----a-w- C:\Windows\gdrv.sys
2013-02-27 17:38:34 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-27 17:38:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-20 02:56:32 25640 ----a-w- C:\Windows\etdrv.sys
2012-12-17 08:21:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-17 08:21:29 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-17 08:21:28 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-16 17:06:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:06:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:07:59 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-16 04:54:50 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-16 04:54:49 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-16 04:54:49 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
.
============= FINISH: 10:14:03.94 ===============

chronos872 · March 1, 2013

It looks as if there is no sign of the webhp left i changed my homepage back to google and when i open a new tab there is no sign of the infection eather but i will await further instructions.

Maniac · March 2, 2013

Glad is fixed!

Please do the following:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

chronos872 · March 2, 2013

Hello again Maniac here is the ESET log.txt you requsted

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=
# engine=13283
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-02 01:41:27
# local_time=2013-03-02 07:41:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 113775137 0 0
# scanned=282142
# found=21
# cleaned=7
# scan_time=2761
sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\Users\All Users\MaygnniiPic\512ec69ba1190.dll"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Temp\AskSLib.dll"
sh=45D9902691FBCC295739764B96081B2A508311B7 ft=1 fh=5ca9af64539f2372 vn="a variant of Win32/HackKMS.A application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Temp\RarSFX0\bie_kms.exe"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\Local Settings\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\Local Settings\Temp\AskSLib.dll"
sh=45D9902691FBCC295739764B96081B2A508311B7 ft=1 fh=5ca9af64539f2372 vn="a variant of Win32/HackKMS.A application" ac=I fn="C:\Windows.old\Documents and Settings\Willard\Local Settings\Temp\RarSFX0\bie_kms.exe"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Users\Willard\AppData\Local\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Users\Willard\AppData\Local\Temp\AskSLib.dll"
sh=45D9902691FBCC295739764B96081B2A508311B7 ft=1 fh=5ca9af64539f2372 vn="a variant of Win32/HackKMS.A application" ac=I fn="C:\Windows.old\Users\Willard\AppData\Local\Temp\RarSFX0\bie_kms.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Users\Willard\Downloads\cpu-z_1.62-setup-en.exe"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Users\Willard\Local Settings\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows.old\Users\Willard\Local Settings\Temp\AskSLib.dll"
sh=45D9902691FBCC295739764B96081B2A508311B7 ft=1 fh=5ca9af64539f2372 vn="a variant of Win32/HackKMS.A application" ac=I fn="C:\Windows.old\Users\Willard\Local Settings\Temp\RarSFX0\bie_kms.exe"
sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="a variant of Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\MaygnniiPic\512ec69ba1190.dll"
sh=B8B2DE9C0406343934246E7F3E66AFFC0C2BF677 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Willard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofldgjbfamhgoccchhaofpflbomeglmp\1\512ec69ba0f901.13402066.js"
sh=419F6B9F369527EE55C95BEEE608FEA5FB16DB81 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Willard\AppData\Roaming\Mozilla\Firefox\Profiles\ksh2civ8.default\extensions\nwz9bpad@som-.net\content\bg.js"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Application Data\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Application Data\Temp\AskSLib.dll"
sh=45D9902691FBCC295739764B96081B2A508311B7 ft=1 fh=5ca9af64539f2372 vn="a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\Willard\AppData\Local\Application Data\Temp\RarSFX0\bie_kms.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\Willard\Downloads\cpu-z_1.62-setup-en.exe"

Maniac · March 3, 2013

Good!

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

chronos872 · March 3, 2013

Thank you again Maniac i ran the OTC and removed ESET. There also has been no more sign's of a infected computer.

chronos872 · March 3, 2013

Also thank you for the tips Ill keep them in hand

Maniac · March 3, 2013

You're welcome!

Maurice Naggar · March 4, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Caught the webhp

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information