Jump to content

Recommended Posts

Hey guys, due to my stupidity I accidentally downloaded some crapware and became infected. Malwarebytes repeatedly detects threats called pup.software.updater, and allows me to remove them, but they keep returning. Please help. :( The sticky thread told me to download dds.scr and post both logs it produced. Here they are.

-------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Sam at 21:22:53 on 2013-06-16

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.16261.14345 [GMT -4:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\dashost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={DAF2E8D9-D6D5-11E2-BE7B-BC5FF478D806}

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={DAF2E8D9-D6D5-11E2-BE7B-BC5FF478D806}

mWinlogon: Userinit = userinit.exe,

BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Sam\AppData\Local\DownloadTerms\temp.dat

uRun: [ASRockROC] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A8904F29-2391-408F-BCB5-F5E174F3D9C8} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sipx8o7i.default-1371428794340\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-06-16 18:40; gencrawler@some.com; C:\Users\Sam\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

.

============= SERVICES / DRIVERS ===============

.

R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\Drivers\AsrAppCharger.sys [2013-1-5 17192]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-1-18 283200]

R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-7-16 146984]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-18 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-18 701512]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\Drivers\dadder.sys [2007-8-2 12672]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\Drivers\EtronHub3.sys [2013-1-5 65152]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\Drivers\EtronXHCI.sys [2013-1-5 88704]

R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-7-16 20968]

R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-7-16 19944]

R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-7-16 46016]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]

R3 lvpepf64;Volume Adapter;C:\Windows\System32\Drivers\lv302a64.sys [2008-7-26 15768]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2008-7-26 790424]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\Drivers\LVUSBS64.sys [2008-7-26 50072]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-1-18 25928]

R3 MBfilt;MBfilt;C:\Windows\System32\Drivers\MBfilt64.sys [2013-1-5 32344]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-1-5 34752]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

.

=============== Created Last 30 ================

.

2013-06-17 01:15:30 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp

2013-06-16 22:43:45 -------- d-----w- C:\Windows\System32\appmgmt

2013-06-16 22:42:00 -------- d-----w- C:\Users\Sam\AppData\Local\DownloadTerms

2013-06-16 22:41:46 -------- d-----w- C:\ProgramData\Tarma Installer

2013-06-16 22:40:51 -------- d-----w- C:\Users\Sam\AppData\Local\SwvUpdater

2013-06-16 22:40:13 -------- d-----w- C:\Users\Sam\AppData\Roaming\Media Finder

2013-06-16 14:21:54 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74F239C8-DFF1-411B-A329-E81B7B4DF85A}\mpengine.dll

2013-06-15 21:50:11 -------- d-----w- C:\Program Files (x86)\SquareEnix

2013-06-15 11:32:27 888320 ----a-w- C:\Windows\System32\autochk.exe

2013-06-15 11:32:27 793088 ----a-w- C:\Windows\SysWow64\autochk.exe

2013-06-15 11:32:27 542208 ----a-w- C:\Windows\System32\untfs.dll

2013-06-15 11:32:27 482816 ----a-w- C:\Windows\SysWow64\untfs.dll

2013-06-15 09:49:45 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-06-15 09:46:35 1300992 ----a-w- C:\Windows\System32\gdi32.dll

2013-06-15 09:46:35 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-06-12 15:49:49 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 14:38:32 68096 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 14:38:32 1889280 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 14:38:32 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-12 14:38:32 141312 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 14:38:32 1255936 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 14:38:32 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-12 14:38:32 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-06-12 12:48:16 733184 ----a-w- C:\Windows\System32\win32spl.dll

2013-05-21 18:18:54 -------- d-----w- C:\Users\Sam\AppData\Local\Solid State Networks

2013-05-21 18:18:49 -------- d-----w- C:\Program Files (x86)\MeteorEntertainment

.

==================== Find3M ====================

.

2013-06-17 01:15:30 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys

2013-06-04 22:09:22 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-04 22:09:22 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe

2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-05-04 07:34:17 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys

2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe

2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe

2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe

2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll

2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll

2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll

2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll

2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll

2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll

2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll

2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll

2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll

2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll

2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll

2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll

2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll

2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll

2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll

2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll

2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll

2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll

2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll

2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll

2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll

2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll

2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl

2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe

2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll

2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll

2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll

2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll

2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll

2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll

2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll

2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll

2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll

2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-04 04:55:58 389632 ----a-w- C:\Windows\SysWow64\intl.cpl

2013-05-04 04:51:38 14848 ----a-w- C:\Windows\System32\rars.rs

2013-05-04 04:48:33 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-05-04 04:48:26 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys

2013-05-04 04:47:02 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys

2013-05-04 04:10:47 14848 ----a-w- C:\Windows\SysWow64\rars.rs

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-04-28 22:28:00 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll

2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll

2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe

2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll

2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll

2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll

2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll

2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe

2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe

2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe

2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe

2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll

2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll

2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll

2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll

2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll

2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll

2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll

2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll

2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll

2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll

2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll

2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll

2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll

2013-04-09 04:49:54 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll

.

============= FINISH: 21:22:59.35 ===============

----------------------------------------------------------------------- And

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 1/5/2013 6:26:28 PM

System Uptime: 6/16/2013 9:15:08 PM (0 hours ago)

.

Motherboard: ASRock | | Z77 OC Formula

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 264.422 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP24: 5/29/2013 3:01:23 AM - Scheduled Checkpoint

RP25: 6/6/2013 3:20:20 AM - Scheduled Checkpoint

RP26: 6/12/2013 7:43:50 AM - Windows Update

RP27: 6/15/2013 10:13:13 AM - Windows Update

RP28: 6/16/2013 6:43:28 PM - Removed Internet Explorer Toolbar 4.8 by SweetPacks

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

ASRock App Charger v1.0.5

ASRock Rapid OC v1.0.15

Bandicam

Bandisoft MPEG-1 Decoder

Battlefield 3™

Battlelog Web Plugins

BioShock Infinite

DAEMON Tools Lite

DownloadTerms

ESN Sonar

Etron USB3.0 Host Controller

FINAL FANTASY XIV - A Realm Reborn (Beta Version)

Free YouTube Downloader 3.5.134

Hawken

High-Definition Video Playback

Intel® Control Center

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Smart Connect Technology 3.0 x64

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

Nero 10 Movie ThemePack 1

Nero 10 Movie ThemePack Basic

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA Install Application

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Open Broadcaster Software

Origin

PlanetSide 2

PlayClaw 3

Realtek High Definition Audio Driver

Skype™ 6.3

Software Version Updater

StarCraft II

Uplay

Ventrilo Client for Windows x64

WinRAR 4.20 (32-bit)

World of Warcraft

Thank you. <3

Link to post
Share on other sites

Hello Rainboom and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: DownloadTerms

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

*Junkware Removal Tool log

 

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro x64
Ran by Sam on Tue 06/18/2013 at  0:23:59.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3290216199-2245102632-1746607938-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\download with &media finder
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Sam\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Sam\appdata\local\swvupdater"
Failed to delete: [Folder] "C:\Program Files (x86)\free youtube downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/18/2013 at  0:25:30.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

*AdwCleaner log

 

# AdwCleaner v2.303 - Logfile created 06/18/2013 at 00:26:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : Sam - SAM2013
# Boot Mode : Normal
# Running from : C:\Users\Sam\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Sam\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537



-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sipx8o7i.default-1371428794340\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3762 octets] - [16/06/2013 21:07:52]
AdwCleaner[s1].txt - [2438 octets] - [18/06/2013 00:26:40]

########## EOF - C:\AdwCleaner[s1].txt - [2498 octets] ##########
 

*Malwarebytes Anti-Malware log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.18.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Sam :: SAM2013 [administrator]

6/18/2013 12:29:34 AM
mbam-log-2013-06-18 (00-29-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233440
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

 

------------------------------------------------

DDS Log

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2013 6:26:28 PM
System Uptime: 6/18/2013 12:27:26 AM (0 hours ago)
.
Motherboard: ASRock |  | Z77 OC Formula
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 261.217 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 5/29/2013 3:01:23 AM - Scheduled Checkpoint
RP25: 6/6/2013 3:20:20 AM - Scheduled Checkpoint
RP26: 6/12/2013 7:43:50 AM - Windows Update
RP27: 6/15/2013 10:13:13 AM - Windows Update
RP28: 6/16/2013 6:43:28 PM - Removed Internet Explorer Toolbar 4.8 by SweetPacks
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
ASRock App Charger v1.0.5
ASRock Rapid OC v1.0.15
Bandicam
Bandisoft MPEG-1 Decoder
Battlefield 3™
Battlelog Web Plugins
BioShock Infinite
ESN Sonar
Etron USB3.0 Host Controller
FINAL FANTASY XIV - A Realm Reborn (Beta Version)
Free YouTube Downloader 3.5.134
Hawken
High-Definition Video Playback
Intel® Control Center
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Smart Connect Technology 3.0 x64
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Open Broadcaster Software
Origin
PlanetSide 2
PlayClaw 3
Realtek High Definition Audio Driver
Skype™ 6.3
StarCraft II
Uplay
Ventrilo Client for Windows x64
WinRAR 4.20 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
6/18/2013 12:29:55 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/18/2013 12:29:55 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
.
==== End Of File ===========================

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.