Jump to content

I believe I am infected with something

Recommended Posts


Yesterday I downloaded a free eBook (not from it's original site, that site was down for maintenance) and it came with an "extractor". The eBook is quite big in terms of file size so I didn't think much of the extractor, besides, a lot of big repacks include some form of extraction application. So I ran the thing and it installed something called NCDownloader followed by some other crap. I have MSE installed but it didn't detect anything when I scanned the extractor nor when I ran it.

Paranoid as I am, I uninstalled it and ran a full scan with MSE, it found some adware files that it successfully removed. One of the files were actually for a fix for GTA 4 (drunk cam fix). I figured it was just a false positive due to the nature of the fix but I still removed it and the other file was to allow remote access to my computer, which I instantly removed. After that I ran a full scan with MBAM which found 3 objects (can post the log if requested) which it successfully deleted.

But I still feel a bit paranoid, so I'm currently running another scan with MSE. But I figured that some experts might be able to help me a bit more than just MSE. I have noticed that my PC is running a bit slower (might be because of the current scan with MSE) but some settings have been changed too, my PC went into "Locked" mode, as if I had left it idle for too long but the thing is, I disabled that several months ago. So it should never go into "Locked" mode, yet , for some reason it now does. It also reset my Chrome installation, bookmarks, addons and such were removed.


DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by Ecaz at 11:51:31 on 2013-03-19

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8178.5565 [GMT 1:00]


AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


============== Running Processes ===============



C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe


C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService



C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe


C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\program files (x86)\teamviewer\version8\TeamViewer.exe




C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe


C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe


C:\Windows\System32\svchost.exe -k swprv







============== Pseudo HJT Report ===============


uStart Page = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE

mStart Page = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor Apache Servers.lnk - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer =

TCP: Interfaces\{11C3484C-5D13-46BC-B515-F02915EE27A4} : DHCPNameServer =

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\browsetosave\sprotector.dll c:\progra~2\websearch\sprotector.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\

user_pref(security.default_personal_cert, Ask Every Time);FF - prefs.js: browser.startup.homepage - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE&l=1&q=

FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE&l=1&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll

FF - plugin: C:\Users\Ecaz\AppData\Local\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Users\Ecaz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll


============= SERVICES / DRIVERS ===============


R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]

R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-12-6 794272]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-8 3560288]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-18 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-18 676968]

R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2012-8-17 25600]

R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-8-17 110592]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-8-17 22528]

R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2012-10-21 50176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-17 49152]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-2 102368]

S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-12-6 1147040]

S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-12-6 1134240]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-18 136896]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-9-17 13368]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-2 203104]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-22 1255736]


=============== File Associations ===============


FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]


=============== Created Last 30 ================


2013-03-19 06:03:14 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18D5A895-5521-4475-96FB-03476ECFA115}\mpengine.dll

2013-03-19 00:03:05 -------- d-----w- C:\ProgramData\SoftSafe

2013-03-19 00:03:05 -------- d-----w- C:\ProgramData\SeaaRchh-NewTTaobb

2013-03-19 00:03:01 -------- d-----w- C:\Program Files (x86)\WebSearch

2013-03-19 00:02:50 -------- d-----w- C:\Program Files (x86)\BrowseToSave

2013-03-19 00:02:43 -------- d-----w- C:\ProgramData\BerroWWse22saavE

2013-03-19 00:02:06 -------- d-----w- C:\ProgramData\InstallMate

2013-03-17 19:50:46 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-13 10:44:20 -------- d-----w- C:\stuff

2013-03-13 07:41:31 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F09781F9-EB41-455B-9F6D-BE3EB5CCC376}\gapaengine.dll

2013-03-12 17:33:48 -------- d-----w- C:\dayz_mission (1)

2013-03-12 17:31:24 -------- d-----w- C:\pboview

2013-03-12 17:11:01 -------- d-----w- C:\Users\Ecaz\AppData\Local\PboM

2013-03-11 17:23:30 -------- d-----w- C:\Program Files\PBO Manager v.1.4 beta

2013-03-11 01:36:34 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\Toribash

2013-03-08 15:03:53 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\TeamViewer

2013-03-08 14:48:42 -------- d-----w- C:\Program Files (x86)\TeamViewer

2013-03-05 22:53:03 -------- d-----w- C:\Users\Ecaz\AppData\Local\Darksiders2

2013-03-05 22:44:31 -------- d-----w- C:\Program Files (x86)\THQ

2013-03-05 19:24:40 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\Litecoin

2013-03-05 19:24:09 -------- d-----w- C:\Program Files (x86)\Litecoin

2013-03-05 18:06:29 -------- d-----w- C:\Program Files (x86)\FTL

2013-03-03 15:32:05 -------- d-----w- C:\Program Files (x86)\Dragonborn

2013-03-03 12:14:21 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim

2013-02-28 22:14:39 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\webex

2013-02-28 22:14:18 -------- d-----w- C:\ProgramData\WebEx

2013-02-22 15:10:11 -------- d-----w- C:\python

2013-02-22 15:07:22 -------- d-----w- C:\Users\Ecaz\.idlerc

2013-02-22 15:05:58 -------- d-----w- C:\Python33

2013-02-22 13:16:34 -------- d-----w- C:\wwwroot

2013-02-22 13:01:37 -------- d-----w- C:\php

2013-02-22 12:26:58 -------- d-----w- C:\Program Files (x86)\Apache Software Foundation

2013-02-22 12:00:26 -------- d-----w- C:\Program Files (x86)\JDownloader

2013-02-22 11:06:50 -------- d-----w- C:\inetpub

2013-02-22 11:01:52 -------- d-----w- C:\Program Files (x86)\Helicon

2013-02-22 10:58:03 -------- d-----w- C:\Program Files\Microsoft

2013-02-22 01:54:57 -------- d-----w- C:\Program Files\MySQL

2013-02-22 01:39:54 -------- d-----w- C:\ProgramData\MySQL

2013-02-21 23:34:59 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\DVDVideoSoft

2013-02-21 23:34:59 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft

2013-02-21 23:34:59 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft

2013-02-21 14:22:23 -------- d-----w- C:\Users\Ecaz\AppData\Local\Unity

2013-02-21 13:14:33 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\MySQL

2013-02-21 00:32:01 -------- d-----w- C:\Users\Ecaz\AppData\Local\NuGet

2013-02-21 00:31:55 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\NuGet

2013-02-20 19:47:37 -------- d-----w- C:\Users\Ecaz\AppData\Local\Apple Computer


==================== Find3M ====================


2013-03-17 18:46:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-03-17 18:46:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-03-17 18:42:45 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-13 17:22:40 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 17:22:40 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-06 23:25:15 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe


============= FINISH: 11:53:31.67 ===============






DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 10/18/2012 17:46:02

System Uptime: 3/19/2013 10:47:19 (1 hours ago)


Motherboard: MSI | | 970A-G46 (MS-7693)

Processor: AMD Phenom™ II X4 965 Processor | CPU 1 | 3400/200mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 233 GiB total, 18.147 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0.084 GiB free.

E: is FIXED (NTFS) - 75 GiB total, 38.74 GiB free.

G: is FIXED (NTFS) - 1863 GiB total, 958.599 GiB free.


==== Disabled Device Manager Items =============


Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_76931462&REV_00\4&1047CFC0&0&0020


Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_76931462&REV_00\4&1047CFC0&0&0020



==== System Restore Points ===================


RP151: 3/19/2013 05:31:35 - Scheduled Checkpoint


==== Installed Programs ======================


Adobe After Effects CS5.5

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

Adobe Story

Alien Swarm


AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apache HTTP Server 2.2.22

Apple Application Support

Apple Software Update



ARMA 2: Operation Arrowhead

Audacity 2.0.2

BankID Security Application

Battlefield 3™

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

BF3 Settings Editor

BrowseToSave 1.74

Call of Duty: Black Ops II

Call of Duty: Black Ops II - Multiplayer

Call of Duty: Black Ops II - Zombies

Call of Duty: Modern Warfare 3 - Multiplayer

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All


CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco WebEx Meetings

Counter-Strike: Global Offensive

Counter-Strike: Source

CPUID HWMonitor 1.20

Curse Client


Darksiders II

DayZ Commander

Diablo II



Effects Suite 64-bit

ESN Sonar

FileZilla Client

FitDay PC version 1.0

Fraps (remove only)

Free YouTube to MP3 Converter version

FTL version 1.03.1

Futuremark SystemInfo


Garry's Mod

GnuWin32: Wget-1.11.4-1

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

Grand Theft Auto IV

Handelsbanken kortläsare

HD Tune Pro 5.00

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Indeo® Software

Java 7 Update 10

Java Auto Updater

Java™ 6 Update 22

JDownloader 0.9

JetBrains PhpStorm 5.0.4

Left 4 Dead 2


Logitech Gaming Software

Logitech Gaming Software 8.35

Magic Bullet Suite 64-bit

Malwarebytes Anti-Malware version

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft ASP.NET Web Pages 2

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft IntelliType Pro 8.2

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1

Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server System CLR Types

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Deploy 3.0

Microsoft Web Platform Installer 4.5

Microsoft WebMatrix 2

Microsoft WSE 3.0 Runtime
















Mozilla Firefox 18.0.1 (x86 sv-SE)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 sv-SE)

MSI Afterburner 2.2.4




MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

MySQL Connector Net 6.5.4

MySQL Connector/ODBC 5.2(w)

MySQL Installer

MySQL Notifier 1.0.3

MySQL Server 5.6

MySQL Workbench 5.2 CE



OpenOffice.org 3.3


PBO Manager v.1.4 beta

PC Tools Performance Toolkit 2.1

PDF Settings CS5

Photo Common

Play withSIX

PremiumSoft Navicat 10.1 for MySQL

PunkBuster Services

Python 3.3.0 (64-bit)


Razer Synapse 2.0

Realtek Ethernet Controller Driver

Rockstar Games Social Club

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Search Assistant WebSearch 1.74

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 6.1



Team Fortress 2

TeamSpeak 3 Client

TeamViewer 8

The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1

The Sims™ 3

The Sims™ 3 Generations

The Sims™ 3 Late Night

The Sims™ 3 Seasons

The Sims™ 3 Supernatural

The Sims™ 3 World Adventures

Trapcode Starglow


Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VLC media player 2.0.4

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack


WinRAR 4.20 (64-bit)

World of Warcraft



==== Event Viewer Messages From Past Week ========


3/19/2013 10:48:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

3/19/2013 10:48:20, Error: Service Control Manager [7023] - The Web Deployment Agent Service service terminated with the following error: %%-2146233088

3/19/2013 10:48:16, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

3/19/2013 10:46:32, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

3/19/2013 03:23:37, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/18/2013 21:27:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

3/18/2013 21:27:01, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/18/2013 12:34:28, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Handelsbanken card reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX

3/17/2013 04:06:58, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [616] - Reader monitor 'Handelsbanken card reader 0' received uncaught error code: The requested resource is in use.

3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [612] - Reader insertion monitor error retry threshold reached: The requested resource is in use.

3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Handelsbanken card reader 0' rejected IOCTL POWER: The device does not recognize the command. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 00 00 00 00


==== End Of File ===========================

Link to post
Share on other sites

Since this is a rather "delicate" matter I didn't want to wait forever, so I ran AdwCleaner and RogueKiller.

Here is the AdwCleaner log

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 18:59:28

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Ecaz - ECAZ-PC

# Boot Mode : Normal

# Running from : C:\Users\Ecaz\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\searchplugins\WebSearch.xml

Folder Deleted : C:\Program Files (x86)\BrowseToSave

Folder Deleted : C:\Program Files (x86)\WebSearch

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\extensions\staged

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websearch\sprotector.dll

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (sv-SE)

File : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\prefs.js

Deleted : user_pref("security.default_personal_cert", "Ask Every Time");user_pref("browser.startup.homepage", [...]

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3[...]

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=E[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ecaz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [3435 octets] - [19/03/2013 18:53:59]

AdwCleaner[R2].txt - [3495 octets] - [19/03/2013 18:54:25]

AdwCleaner[R3].txt - [3614 octets] - [19/03/2013 18:59:16]

AdwCleaner[s1].txt - [299 octets] - [19/03/2013 18:54:32]

AdwCleaner[s2].txt - [3526 octets] - [19/03/2013 18:59:28]

########## EOF - C:\AdwCleaner[s2].txt - [3586 octets] ##########

I can post my previous MBAM log and the RogueKiller log if requested.

The thing is, before I ran AdwCleaner none of my browsers worked. I kept getting "No data received" in Chrome, and the equivalent in IE and FF. I'm currently using my phone, USB tethering. And now, after I ran AdwCleaner and restarted it telling me that I have a connection to a network but not to Internet. It's possible that Internet just isn't working right now, my ISP doesn't have 24/7 support so I can't really find out, other than waiting.

Link to post
Share on other sites

Hi TheDoctorIsIn,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

If you don't have internet access, you may have to download on a good computer and transfer the program to the one we are working on.

Let's try this:

Download ComboFix:


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.