Jump to content

Getsavin causing havoc

DaveLea
 Share

Recommended Posts

DaveLea

DaveLea

Posted
Posted

For about 3 weeks numerous double underlined links will appear shortly after an email letter, forum posting, news article, facebook entry, etc, etc appears.  These links will most often be "roll over balloons" with ads for things that run from seemingly harmless "Five foods to never eat.." to more sinister products and services.  There will almost always be "getsavin" in a corner of the balloon. These balloons "relate" very strangely and randomly to the text on our screen. For instance at the bottom of this post editor, at this moment that I am writing, there are the following words: "You can upload up to 20MB of files. (Max. single file size: 20MB)"  The word "single" appears orange with a double underline, when I mouse over it a little balloon pops up with a fetching damsel looking my way and the heading: "Chat now with local singles - Jennifer 24 ...." "getsavin" is in the upper left corner.  Three words over, 20MB is also orange with double underline. When I mouse over it I get a balloon saying: "20MB. Find What You Need Here Now! Fast And Easy - Hassle Free! BrightLocal.org"

 

Also new tabs will pop up when you click a legitimate link. When I clicked the link to register with Malwarebytes, a new tab opened for "Backup MYPC". I had to click back to the previous tab to register. 

 

About the same time "Lavasoft search" has inserted itself on blank new tabs where google previously was displayed; which is my prefrence. Haven't taken the "long walk" through Firefox's control features to change this back to google.  Could they be related??

 

Also I updated and ran Malwarebytes, Spybot S&D, Adaware and MS Security essentials soon after I noticed this strange behaviour. No effect. No "virus" or "trojan" detected. 

 

I purchased the Wondershare Video Editor, about a month ago in my search for a video editor now that System 7 has dumped the excellent MovieMaker that was available with Vista!  Windows Live MM is a poor replacement! I am always carefull to look out for "Included free....." with the little check box already checked - which I then uncheck.  I could have missed one! In that case it is not a "trojan" since I "invited" it.  If so, how do I  track down where to dislodge this beasty!!

 

Here are the contents of DDS.txt and Attach.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by David at 20:44:16 on 2013-07-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1014.77 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Nova Development\Print Artist Gold 24\ReminderApp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\PIXELA\Transfer Utility\CameraMonitor.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\taskhost.exe
C:\lotus\wordpro\wordpro.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>;*.local

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: GetSavin 5.0: {AAD5BA52-392B-489F-8CC7-247E2EBB4E31} - c:\users\david\appdata\local\getsavin\ie\getsavin_1364141402.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [smart PC Cleaner] c:\program files\smart pc cleaner\SPCLauncher.exe
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "c:\users\david\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] c:\program files\nova development\print artist gold 24\ReminderApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [search Protection] c:\programdata\search protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\jllond~1.lnk - c:\program files\jl london advent calendar\JL London Advent Calendar.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster platinum 18.1\Remind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lotuso~1.lnk - c:\lotus\organize\easyclip.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lotuss~2.lnk - c:\lotus\smartctr\smartctr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lotuss~1.lnk - c:\lotus\smartctr\suitest.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\transf~1.lnk - c:\program files\pixela\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll




TCP: NameServer = 192.168.254.254
TCP: Interfaces\{4F45D87B-81BB-4EE0-9DA8-DF74BF8EA53C} : DHCPNameServer = 192.168.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\2l6mual3.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch


FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\firefox\profiles\2l6mual3.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-25 21:26; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\david\appdata\roaming\mozilla\firefox\profiles\2l6mual3.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: !HIDDEN! 2011-08-03 00:29; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-25 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-10-31 16024]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-10-31 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2011-10-31 12952]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\jgsoft\editpad classic\EditPad.exe" "%1"
ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
.
=============== Created Last 30 ================
.
2013-07-09 02:33:08    7068072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{a5110dc7-8ddc-4338-8cf1-00d3e5d2033f}\mpengine.dll
2013-07-07 13:13:20    7068072    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-26 02:43:50    --------    d-----w-    c:\users\david\appdata\roaming\LavasoftStatistics
2013-06-26 02:43:48    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-06-26 02:28:50    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-06-26 02:27:36    --------    d-----w-    c:\programdata\Downloaded Installations
2013-06-26 02:27:24    --------    d-----w-    c:\programdata\Search Protection
2013-06-26 02:27:21    --------    d-----w-    c:\programdata\blekko toolbars
2013-06-26 02:27:19    --------    d-----w-    c:\users\david\appdata\local\adawarebp
2013-06-26 02:27:16    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-06-26 02:26:51    --------    d-----w-    c:\program files\Toolbar Cleaner
2013-06-26 02:25:55    --------    d-----w-    c:\program files\adawaretb
2013-06-26 02:24:08    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-06-26 02:24:08    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-26 02:23:56    --------    d-----w-    c:\users\david\appdata\roaming\Ad-Aware Antivirus
2013-06-21 16:38:06    724464    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{22f54c35-729f-4071-80ea-2a8c81d13c6a}\gapaengine.dll
2013-06-20 19:21:04    339784    ----a-w-    c:\windows\system32\WPShellExt32.dll
2013-06-20 19:20:40    --------    d-----w-    c:\programdata\Wondershare Player
2013-06-20 19:20:24    --------    d-----w-    c:\users\david\appdata\local\Wondershare
2013-06-20 19:20:17    --------    d-----w-    c:\program files\common files\Wondershare
2013-06-20 19:18:50    --------    d-----w-    c:\program files\Wondershare
2013-06-12 08:09:37    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-12 08:09:36    218112    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-06-12 05:14:48    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-12 05:14:43    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-12 05:14:26    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 05:14:22    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 05:14:21    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 05:14:21    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 05:14:21    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 05:14:21    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 05:14:06    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-12 05:14:04    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 05:14:03    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 05:13:59    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-12 02:43:03    --------    d-----w-    c:\users\david\appdata\local\{E98176C6-3FCB-42BA-8082-870DAB3D0CED}
2013-06-11 14:42:27    --------    d-----w-    c:\users\david\appdata\local\{B3947F2B-E695-4C1C-9C5F-FCDE187C263D}
.
==================== Find3M  ====================
.
2013-06-12 09:18:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 09:18:07    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 20:47:30.41 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/15/2011 8:26:05 AM
System Uptime: 7/7/2013 9:20:59 PM (47 hours ago)
.
Motherboard: Intel Corporation |  | D945GCL
Processor: Intel® Pentium® D CPU 2.80GHz | LGA 775 | 2794/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 747.33 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 466 GiB total, 134.177 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (UDF)
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP291: 6/16/2013 10:42:45 AM - Windows Update
RP292: 6/19/2013 11:31:38 AM - Windows Update
RP293: 6/23/2013 1:22:58 AM - Windows Update
RP294: 6/26/2013 11:11:47 PM - Windows Update
RP295: 6/30/2013 1:01:51 AM - Windows Update
RP296: 7/3/2013 8:06:42 AM - Windows Update
RP297: 7/7/2013 12:34:02 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Audacity 1.2.6
Aura Video Editor 1.1.2
Bing Bar
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
C4500
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
ConvertHelper 2.2
Copy
D3DX10
Destinations
DeviceDiscovery
Driver Genius Professional Edition
FLV Player 2.0 (build 25)
GetSavin
Google Chrome
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
honestech VHS to DVD 4.0 Deluxe
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8000 A809 Series
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImTOO MOV Converter 6
ImTOO Video Converter Standard 6
Intel® Graphics Media Accelerator Driver
iTunes
Jacquie Lawson London Advent Calendar
Java 7 Update 21
Java Auto Updater
Java 6 Update 38
JGsoft EditPad Classic 3.5.2
K-Lite Codec Pack 7.0.0 (Full)
Logitech QuickCam Software
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English
LSI PCI-SV92PP Soft Modem
Macrium Reflect - Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Access 2000 Runtime
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Movie Maker 6.0 for Windows 7 (32-bit)
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myPrintMileage (Officejet Pro 8000 A809)
Myst III: Exile
Myst Masterpiece Edition
Network
OpenOffice.org 3.4.1
PIXELA AAC LC CODEC
Print Artist Gold
PrintMaster Platinum 18.1
ProductContext
PS_AIO_04_C4500_Software_Min
QuickTime
Riven
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Shop for HP Supplies
Smart PC Cleaner v3.0
SmartWebPrinting
Smilebox
SolutionCenter
Spybot - Search & Destroy
Statistical Report Program 2.1
Status
swMSM
The Print Shop 2.0 Deluxe
Toolbox
Transfer Utility
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB2.0 VIDBOX NW03
WD SmartWare
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Wondershare Player(Build 1.0.2)
Wondershare Video Editor(Build 3.1.3)
.
==== End Of File ===========================
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.


STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE
    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept