Jump to content

No icons on desktop and frequent ads.


Recommended Posts

Hello Malwarebytes experts,

 

About two months ago my icons on my desktop started dissapeared and ads on my browser started showing me ads.  On top of all that my browser also re-directed me at times to a bogus site.  I have a computer that i made so I have been using that computer but I need this computer (The infected one) running without viruses because I am startign college and would like to be able to use my laptop.

 

I can still access the files on my desktop, I just have to do it through the windows explorer.  Also malware anti-malware did not detect any viruses either.

 

I have uninstalled my peer two peer software and I have used defogger to deisable my disk emulation software.

 

THank you for your time,

 

dhoehna.

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2009 6:56:17 PM
System Uptime: 7/28/2013 10:05:53 AM (4 hours ago)
.
Motherboard: Hewlett-Packard |  | 3627
Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 211.899 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.128 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP831: 5/28/2013 8:26:30 PM - Windows Update
RP832: 6/1/2013 2:41:35 PM - Windows Update
RP833: 6/8/2013 6:03:34 PM - Windows Update
RP834: 6/12/2013 6:51:49 PM - Windows Update
RP835: 6/13/2013 7:49:11 AM - Windows Update
RP836: 6/19/2013 7:42:27 PM - Windows Update
RP837: 6/22/2013 1:53:51 PM - Windows Update
RP838: 6/25/2013 3:57:23 PM - Windows Update
RP839: 6/28/2013 4:46:02 PM - Windows Update
RP840: 7/6/2013 2:37:23 PM - Windows Update
RP841: 7/11/2013 7:52:06 PM - Windows Update
RP842: 7/12/2013 4:38:18 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Advanced Port Scanner v1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astroburn Lite
Belkin F6D4050 Enhanced Wireless USB Adapter
Belkin Setup and Router Monitor
Belkin Wireless USB Adapter Setup
Blaze Media Pro
Bonjour
CCleaner
Combined Community Codec Pack 2008-01-24
COMODO Internet Security
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Cygwin B20
D3DX10
DAEMON Tools Lite
Digsby
ENE CIR Receiver Driver
Entity Framework Designer for Visual Studio 2012 - enu
F.lux
FileZilla Client 3.6.0.2
Git version 1.7.11-preview20120710
GitHub
GlassFish Server Open Source Edition 3.1.2
GlassFish Server Open Source Edition 3.1.2.2
Google Chrome
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
IDT Audio
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 17
Java Auto Updater
Java SE Development Kit 7 Update 4 (64-bit)
Java SE Development Kit 7 Update 5 (64-bit)
Java 7 Update 5 (64-bit)
Java SE Development Kit 6 Update 25 (64-bit)
Java SE Development Kit 6 Update 26 (64-bit)
JavaFX 2.1.1 (64-bit)
JavaFX 2.1.1 SDK (64-bit)
jGRASP
Junk Mail filter update
JustCloud Setup
LabelPrint
League of Legends
LG USB Modem Driver
LightScribe System Software
Live 8.1.1
Loki ActiveX Control
LSI HDA Modem
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft Help Viewer 1.0
Microsoft Help Viewer 2.0
Microsoft Mathematics (64-bit)
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Platform Installer 4.0
Microsoft Windows Media Video 9 VCM
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
MinGW-Get version 0.5-beta-20120426-1
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetAssistant
NetAssistant for Firefox
NetBeans IDE 7.1.1
NetBeans IDE 7.2
Notepad++
OneTouch 4.6
OverDrive Media Console
PMB
PowerDirector
PowerRecover
Prerequisites for SSDT
Project64 1.6
QLBCASL
QuickTime
Radmin Viewer 3.5
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
River Past Video Cleaner
Roll
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 2 for SQL Server 2008 (KB2285068)
SES Driver
SmartWebPrinting
Sql Server Customer Experience Improvement Program
Steam
Super Mario Bros. X version 1.3
swMSM
TDM-GCC
UnityScript Editor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Servicepoint 3.7.44
Visioneer 7400 Driver
VLC media player 1.0.3
Vz In Home Agent
WCF RIA Services V1.0 SP2
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR archiver
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
7/28/2013 2:19:49 PM, Error: NetBT [4321]  - The name "DARREN-PC      :0" could not be registered on the interface with IP address 192.168.2.4. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
7/28/2013 10:11:31 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center      Update Stage: Install      Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094      Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version: 0.0.0.0      Error code: 0x80004004      Error description: Operation aborted
7/28/2013 10:10:55 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version: 2.1.9607.0      Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE      Error Code: 0x80004004      Error description: Operation aborted
7/28/2013 10:10:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 105.0.0.0      Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version: 2.1.9607.0      Error code: 0x80004004      Error description: Operation aborted
7/28/2013 10:07:17 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2013 10:07:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/28/2013 10:07:15 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2013 10:07:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2013 10:07:03 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.153.1950.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9607.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
7/28/2013 10:07:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/28/2013 10:06:58 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/28/2013 10:06:47 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2013 10:06:46 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cmdGuard discache MpFilter spldr sptd Wanarpv6
7/28/2013 10:05:56 AM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
7/28/2013 10:04:09 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/28/2013 10:02:56 AM, Error: NetBT [4321]  - The name "DARREN-PC      :20" could not be registered on the interface with IP address 192.168.2.4. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
7/28/2013 10:02:55 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B04F189C-5DBF-4069-86CF-2F1F1ED9D8A9} because another computer on the network has the same name.  The server could not start.
.
==== End Of File ===========================
 

 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.17.2
Run by Darren at 14:20:35 on 2013-07-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2513 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mURLSearchHooks: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [F.lux] "C:\Users\Darren\Local Settings\Apps\F.lux\flux.exe" /noshow
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B04F189C-5DBF-4069-86CF-2F1F1ED9D8A9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B04F189C-5DBF-4069-86CF-2F1F1ED9D8A9}\353434023547574656E647027596D26496 : DHCPNameServer = 134.39.70.172 134.39.70.219 134.39.76.218
TCP: Interfaces\{B04F189C-5DBF-4069-86CF-2F1F1ED9D8A9}\37E6F6D29637C65602075726C69636 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B04F189C-5DBF-4069-86CF-2F1F1ED9D8A9}\C616175796E64716 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\
FF - prefs.js: browser.search.selectedEngine - Search

FF - component: C:\Program Files (x86)\PriceGong\2.1.0\FF\components\PriceGongFF.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}\platform\WINNT_x86-msvc\components\wrxpcom.dll
FF - component: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Darren\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-08 19:26; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23168]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-7 283200]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 706560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-4-20 30520]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-7-8 357248]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-7-8 62976]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-1-6 139264]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-8-25 7058432]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-25 216576]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-25 233472]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S4 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-2-9 689464]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-07-28 19:30:04    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB7B7E1C-38A7-4253-ACEB-8A653809169F}\offreg.dll
2013-07-28 17:09:43    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB7B7E1C-38A7-4253-ACEB-8A653809169F}\mpengine.dll
2013-07-14 01:45:58    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-12 03:30:12    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-12 03:30:12    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-12 03:30:12    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-12 03:30:11    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 03:30:11    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-12 03:30:11    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 03:30:11    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-12 03:28:47    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-12 03:28:46    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-12 03:28:42    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-12 03:28:42    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-12 03:25:46    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-12 03:20:50    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 03:20:49    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 03:17:45    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-12 03:17:44    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-06-22 20:52:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-22 20:52:40    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-08 06:10:12    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-05-08 03:29:32    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2010-06-30 19:43:39    401408    ----a-w-    C:\Program Files\aescrypt.exe
2009-02-13 18:02:52    80896    ----a-w-    C:\Program Files\devcon_amd64.exe
.
============= FINISH: 14:20:43.26 ===============
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Okay, let's do the following scan and cleanup routines.

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.

Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.

Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Awdware:

 

 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 18:24:35
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Darren - DARREN-PC
# Boot Mode : Normal
# Running from : C:\Users\Darren\Desktop\AdwCleaner.exe
# Option [Delete]


***** [services] *****

Stopped & Deleted : BrowserDefendert

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BrowserDefender
File Deleted : C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\bProtector_extensions.rdf
File Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\bprotector_prefs.js
File Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\searchplugins\Babylon.xml
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Darren\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Darren\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Darren\AppData\Roaming\delta
Folder Deleted : C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\StumbleUpon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\828bddb535e812
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344324454}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\828bddb535e812
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322322254}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355325554}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355325554}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKU\S-1-5-21-2721305690-830823134-3592505243-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635



-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\prefs.js

C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\7j9b12e4.default\user.js ... Deleted !


Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "c4e4194c000000000000001e647c3fe6");
Deleted : user_pref("extensions.delta.instlDay", "15918");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.019:24:43");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119360&tsp=4961");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Preferences



*************************

AdwCleaner[s1].txt - [321 octets] - [29/07/2013 21:29:04]
AdwCleaner[s2].txt - [14032 octets] - [29/07/2013 21:29:11]
AdwCleaner[s3].txt - [12101 octets] - [01/08/2013 18:24:35]

########## EOF - C:\AdwCleaner[s3].txt - [12162 octets] ##########
 

 

jrt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Darren on Thu 08/01/2013 at 18:32:58.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    NTRedirect    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Darren\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Darren\AppData\Roaming\mozilla\firefox\profiles\7j9b12e4.default\searchplugins\babylon.xml
Successfully deleted the following from C:\Users\Darren\AppData\Roaming\mozilla\firefox\profiles\7j9b12e4.default\prefs.js

user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.js", "\n\n  /************************************************************
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "1403ca473c35eadbdd468c7d13fd2370");
Emptied folder: C:\Users\Darren\AppData\Roaming\mozilla\firefox\profiles\7j9b12e4.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/01/2013 at 19:00:58.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESET:

 

C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe    Win32/NetTool.Portscan.AC application
C:\Program Files (x86)\Safe Saver\utils.exe    a variant of Win32/Packed.VMDetector.A application
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll    a variant of Win32/bProtector.A application
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe    a variant of Win32/bProtector.A application
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe    a variant of Win32/bProtector.A application
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js    Win32/bProtector.F application
C:\TDSSKiller_Quarantine\13.05.2013_18.28.23\mbr0000\tdlfs0000\tsk0001.dta    a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\13.05.2013_18.28.23\mbr0000\tdlfs0000\tsk0002.dta    Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\13.05.2013_18.28.23\mbr0000\tdlfs0000\tsk0003.dta    a variant of Win32/Rootkit.Kryptik.UK trojan
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll    a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe    a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe    a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js    Win32/bProtector.F application
C:\Users\Darren\AppData\Local\Temp\ICReinstall_setup.exe    Win32/InstallCore.BG application
C:\Users\Darren\AppData\Local\Temp\C8237671-BAB0-7891-980E-DDF44F03E027\Latest\BExternal.dll    a variant of Win32/Toolbar.Babylon.C application
C:\Users\Darren\AppData\Local\Temp\C8237671-BAB0-7891-980E-DDF44F03E027\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E application
C:\Users\Darren\AppData\Local\Temp\is1326335552\safe-saver.exe    a variant of Win32/Packed.VMDetector.A application
C:\Users\Darren\Desktop\cbsidlm-tr1_13-HitmanPro_3_64bit-SEO-75110395.exe    Win32/DownloadAdmin.G application
C:\Users\Darren\Desktop\FoxitReader602.0413_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Darren\Desktop\setup.exe    Win32/InstallCore.BG application
Operating memory    a variant of Win32/bProtector.A application
 

 

 

Addition.txt

ESETOnlineScanner.txt

mbar-log-2013-08-01 (20-10-46).txt

RKreport0_S_08012013_213004.txt

system-log.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Please disable your Comodo antivirus and run the following antivirus.  Pay attention to the link at the end as some users seem to miss it.

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

There is signs of infection.  I still don't have icons on my desktop and I still get ads showing up when I run Firefox.  As well when I run firefox when I go to some sites I am re-directed to other sites to sell stuff.  It's kinda weird that the scans haven't been picking up anything.

Link to post
Share on other sites

Hey,

 

I didn't follow the directions exactly because I never had another window pop up.  But when I did open up firfow in safe mode I had the option to refresh firefow which I did.  Thank you for that.

 

geoads was the thing redirecting me.  It's so much easier to paruse the internet now.  Thank you.

 

Now, how do I ge the icons back on my desktop?  I can access my desktop through windows explorer and I have my background, just no icons.

Link to post
Share on other sites

  • Root Admin

The tools we've run should have already corrected any icon issue in general unless an infection removed them.

 

Please see the following link and see if this helps you to restore, set, or fix some of them.

 

http://www.howtogeek.com/howto/13631/customize-your-icons-in-windows-7-and-vista/

Link to post
Share on other sites

That unfortunantly did not work.  I unchecked the button that said "Allow themes to change icons" and I pressed the button that said restore default"  I still have no desktop icons.  I also did try to change my theme and the result was that there was still no desktop icons.

 

I noticed I had a lot of things on my desktop as well and deletes a bunch of still and there was still no icons.

 

Lastly I restarted.

Link to post
Share on other sites

  • Root Admin

Unfortunately it sounds like your current profile has been corrupted and you'll need to move your data to a new profile and get that setup working again how you want it.

 

Not much you can do about a corrupted profile except to create a new one and move your data over.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.