PUP Detected in my scan

Badyoshi · July 29, 2013

hello i've been infected with the PUP virus and from what i've read its a little different for everybody on how to remove it. Im running on windows 8.

Ever since i scanned with Malwarebytes my computer has been constantly blocking ips from my computer. I'm not very computer savvy and i need instructions on how to remove this. All input is wanted and welcomed.

MrCharlie · July 29, 2013

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Badyoshi · July 29, 2013

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Peter F at 8:45:48 on 2013-07-29
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.7576.5583 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Peter F\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Users\Peter F\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\windows\System32\ThumbnailExtractionHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {8232785C-5C98-4A6E-B7B4-911FFBED7582} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [spotify Web Helper] "C:\Users\Peter F\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [spotify] "C:\Users\Peter F\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\PETERF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Peter F\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B46E1BDE-DB0A-451D-9338-F55E65B8A745} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B46E1BDE-DB0A-451D-9338-F55E65B8A745}\140707C65602E4564777F627B602661616432363 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\cyzzesde.default\
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extentions.webcake.installId - 82344f73-5b83-401e-809d-1333fdefc1b4
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-7-28 65336]
R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-7-28 189936]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-7-28 1030952]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-7-28 378944]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-19 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-25 239616]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-7-28 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-7-28 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-28 46808]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2012-7-26 2252600]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-26 701512]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-28 4153184]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-7-26 164152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2012-9-19 156472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2012-9-19 40248]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-30 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-7-26 25928]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-7-16 57000]
S2 DnsBasic Service;DnsBasic Service;C:\Program Files (x86)\DnsBasic\dnsbasic.exe [2013-6-18 22528]
S2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe --> C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [?]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
S2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-7-19 35232]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-20 49152]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-18 1388120]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-18 169048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-20 138912]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130216.001\IDSviA64.sys [2013-2-18 513184]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem23.inf,%PID_0808_DD%(UVC);Logitech Webcam 600(UVC);C:\windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
S3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\Drivers\mcvidrv_x64.sys [2012-10-10 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\Drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\Drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-18 493656]
S3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-18 1139800]
S3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-18 224416]
S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-18 433752]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-18 23448]
.
=============== Created Last 30 ================
.
2013-07-29 00:03:30   72016   ----a-w-   C:\windows\System32\drivers\aswRdr2.sys
2013-07-29 00:03:21   1030952   ----a-w-   C:\windows\System32\drivers\aswSnx.sys
2013-07-29 00:03:20   189936   ----a-w-   C:\windows\System32\drivers\aswVmm.sys
2013-07-29 00:03:19   65336   ----a-w-   C:\windows\System32\drivers\aswRvrt.sys
2013-07-29 00:03:13   80816   ----a-w-   C:\windows\System32\drivers\aswMonFlt.sys
2013-07-29 00:02:45   41664   ----a-w-   C:\windows\avastSS.scr
2013-07-29 00:02:29   --------   d-----w-   C:\Program Files\AVAST Software
2013-07-29 00:01:57   --------   d-----w-   C:\ProgramData\AVAST Software
2013-07-29 00:00:49   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\GlarySoft
2013-07-28 23:59:57   --------   d-----w-   C:\Program Files (x86)\Glarysoft
2013-07-28 23:42:42   --------   d-----w-   C:\Program Files (x86)\TeamViewer
2013-07-28 15:30:37   --------   d-----w-   C:\Users\Peter F\AppData\Local\SWTOR
2013-07-28 05:28:09   --------   d-----w-   C:\Users\Peter F\AppData\Local\SWTORPerf
2013-07-28 05:26:16   --------   d-----w-   C:\Program Files (x86)\Common Files\BioWare
2013-07-26 21:34:59   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\Malwarebytes
2013-07-26 21:34:48   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-26 21:34:46   25928   ----a-w-   C:\windows\System32\drivers\mbam.sys
2013-07-26 21:34:46   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 17:30:58   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\Toribash
2013-07-23 17:30:29   --------   d-----w-   C:\Games
2013-07-23 12:35:16   --------   d-----w-   C:\Program Files (x86)\LyricsSpeaker
2013-07-21 04:40:05   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\RIFT
2013-07-21 04:40:04   --------   d-----w-   C:\Program Files (x86)\RIFT
2013-07-19 22:53:56   --------   d-----w-   C:\Users\Peter F\AppData\Local\Solid State Networks
2013-07-19 22:53:52   --------   d-----w-   C:\Program Files (x86)\MeteorEntertainment
2013-07-19 16:37:14   --------   d-----w-   C:\Users\Peter F\AppData\Local\nCryptedCloud
2013-07-19 16:36:20   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\uTorrent
2013-07-18 17:17:09   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\RotMG.Production
2013-07-18 00:05:16   --------   d-----w-   C:\ProgramData\HappyCloud
2013-07-17 18:18:25   14376   ----a-w-   C:\Users\Peter F\AppData\Roaming\TheHunterSettings_live.bin
2013-07-17 18:16:48   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\theHunter
2013-07-17 18:16:48   --------   d-----w-   C:\Users\Peter F\AppData\Local\theHunter
2013-07-16 00:58:40   --------   d-----w-   C:\ProgramData\id Software
2013-07-12 01:03:39   --------   d-----w-   C:\Program Files (x86)\StarCraft II
2013-07-11 07:09:15   --------   d-----w-   C:\windows\System32\MRT
2013-07-10 22:21:12   --------   d-----w-   C:\Users\Peter F\AppData\Local\Adobe
2013-07-10 22:20:04   --------   d-----w-   C:\Program Files (x86)\LogMeIn Hamachi
2013-07-10 22:18:52   --------   d-----w-   C:\Hewlett-Packard
2013-07-08 20:24:39   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\TS3Client
2013-07-08 20:24:06   --------   d-----w-   C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-08 20:23:44   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\BabSolution
2013-07-08 20:23:11   --------   d-----w-   C:\ProgramData\Babylon
2013-07-08 20:23:10   --------   d-----w-   C:\Users\Peter F\AppData\Roaming\Babylon
2013-07-08 20:23:10   --------   d-----w-   C:\ProgramData\Tarma Installer
2013-07-06 16:58:09   --------   d-----w-   C:\ProgramData\Hunter
2013-07-06 16:57:46   --------   d-----w-   C:\Program Files (x86)\theHunter
2013-07-06 16:55:16   --------   d-----w-   C:\ProgramData\SystemRequirementsLab
2013-07-04 13:07:23   108968   ----a-w-   C:\windows\System32\WindowsAccessBridge-64.dll
2013-07-02 20:48:22   26520   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-07-02 20:48:18   263576   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M ====================
.
2013-07-04 13:07:18   972712   ----a-w-   C:\windows\System32\deployJava1.dll
2013-07-04 13:07:18   1093032   ----a-w-   C:\windows\System32\npDeployJava1.dll
2013-06-27 22:04:51   78200   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51   693112   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-19 04:20:21   177312   ----a-w-   C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-16 22:41:31   997632   ----a-w-   C:\windows\System32\drivers\ndis.sys
2013-06-11 23:43:37   1767936   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00   2877440   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\windows\System32\jscript9.dll
2013-06-01 11:54:16   194816   ----a-w-   C:\windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10   125184   ----a-w-   C:\windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21   2391280   ----a-w-   C:\windows\explorer.exe
2013-06-01 11:33:13   2233600   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35   337152   ----a-w-   C:\windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35   213248   ----a-w-   C:\windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33   327936   ----a-w-   C:\windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31   6987008   ----a-w-   C:\windows\System32\ntoskrnl.exe
2013-06-01 10:24:46   2106176   ----a-w-   C:\windows\SysWow64\explorer.exe
2013-06-01 09:25:52   364544   ----a-w-   C:\windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05   67584   ----a-w-   C:\windows\SysWow64\samlib.dll
2013-06-01 09:25:03   496640   ----a-w-   C:\windows\SysWow64\qedit.dll
2013-06-01 09:24:19   493056   ----a-w-   C:\windows\SysWow64\mscms.dll
2013-06-01 09:24:09   850944   ----a-w-   C:\windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09   1453568   ----a-w-   C:\windows\SysWow64\mfcore.dll
2013-06-01 09:23:46   1842176   ----a-w-   C:\windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06   680960   ----a-w-   C:\windows\System32\vds.exe
2013-06-01 09:22:47   80896   ----a-w-   C:\windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33   523264   ----a-w-   C:\windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33   446976   ----a-w-   C:\windows\System32\wwansvc.dll
2013-06-01 09:22:09   190976   ----a-w-   C:\windows\System32\vdsutil.dll
2013-06-01 09:21:39   729600   ----a-w-   C:\windows\System32\samsrv.dll
2013-06-01 09:21:39   106496   ----a-w-   C:\windows\System32\samlib.dll
2013-06-01 09:21:34   595968   ----a-w-   C:\windows\System32\qedit.dll
2013-06-01 09:20:45   583168   ----a-w-   C:\windows\System32\mscms.dll
2013-06-01 09:20:34   1527808   ----a-w-   C:\windows\System32\mfcore.dll
2013-06-01 09:20:34   1048576   ----a-w-   C:\windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04   2219520   ----a-w-   C:\windows\System32\dwmcore.dll
2013-06-01 09:19:58   207872   ----a-w-   C:\windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42   785408   ----a-w-   C:\windows\System32\audiosrv.dll
2013-06-01 03:08:57   37632   ----a-w-   C:\windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23   4036096   ----a-w-   C:\windows\System32\win32k.sys
2013-05-24 22:09:20   1403296   ----a-w-   C:\windows\System32\winload.efi
2013-05-24 22:09:20   1271584   ----a-w-   C:\windows\System32\winload.exe
2013-05-24 22:09:20   1217352   ----a-w-   C:\windows\System32\winresume.efi
2013-05-24 22:09:20   1093904   ----a-w-   C:\windows\System32\winresume.exe
2013-05-23 23:01:46   1300992   ----a-w-   C:\windows\System32\gdi32.dll
2013-05-23 22:27:05   1022464   ----a-w-   C:\windows\SysWow64\gdi32.dll
2013-05-23 05:25:28   1139800   ----a-w-   C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-05-21 05:02:00   493656   ----a-w-   C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-05-16 05:02:14   796760   ----a-w-   C:\windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-05-15 22:37:03   44032   ----a-w-   C:\windows\SysWow64\UXInit.dll
2013-05-15 22:35:49   53760   ----a-w-   C:\windows\System32\UXInit.dll
2013-05-15 22:35:47   144384   ----a-w-   C:\windows\System32\tssdisai.dll
2013-05-15 02:25:59   888320   ----a-w-   C:\windows\System32\autochk.exe
2013-05-15 02:25:44   542208   ----a-w-   C:\windows\System32\untfs.dll
2013-05-15 02:24:10   793088   ----a-w-   C:\windows\SysWow64\autochk.exe
2013-05-15 02:24:01   482816   ----a-w-   C:\windows\SysWow64\untfs.dll
2013-05-14 13:14:01   2706432   ----a-w-   C:\windows\System32\mshtml.tlb
2013-05-14 09:23:31   2706432   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17   120736   ----a-w-   C:\windows\System32\AuthHost.exe
2013-05-04 07:34:17   446720   ----a-w-   C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15   284416   ----a-w-   C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56   39424   ----a-w-   C:\windows\System32\wuapp.exe
2013-05-04 06:59:51   1483776   ----a-w-   C:\windows\System32\VSSVC.exe
2013-05-04 06:59:36   812544   ----a-w-   C:\windows\System32\Magnify.exe
2013-05-04 06:59:25   98304   ----a-w-   C:\windows\System32\wudriver.dll
2013-05-04 06:59:25   251904   ----a-w-   C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25   141824   ----a-w-   C:\windows\System32\wuwebv.dll
2013-05-04 06:59:24   1619968   ----a-w-   C:\windows\System32\wucltux.dll
2013-05-04 06:59:21   2842112   ----a-w-   C:\windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08   13644288   ----a-w-   C:\windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54   328192   ----a-w-   C:\windows\System32\ubpm.dll
2013-05-04 06:58:54   10116096   ----a-w-   C:\windows\System32\twinui.dll
2013-05-04 06:58:49   173568   ----a-w-   C:\windows\System32\storewuauth.dll
2013-05-04 06:58:49   1332736   ----a-w-   C:\windows\System32\sysmain.dll
2013-05-04 06:58:48   330240   ----a-w-   C:\windows\System32\stobject.dll
2013-05-04 06:58:28   93696   ----a-w-   C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02   470528   ----a-w-   C:\windows\System32\netprofmsvc.dll
2013-05-04 06:58:02   151552   ----a-w-   C:\windows\System32\netprofm.dll
2013-05-04 06:58:01   169984   ----a-w-   C:\windows\System32\netplwiz.dll
2013-05-04 06:57:59   17408   ----a-w-   C:\windows\System32\muifontsetup.dll
2013-05-04 06:57:46   560640   ----a-w-   C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15   501760   ----a-w-   C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05   179712   ----a-w-   C:\windows\System32\bisrv.dll
2013-05-04 06:57:05   122368   ----a-w-   C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04   389120   ----a-w-   C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:04   2305024   ----a-w-   C:\windows\System32\authui.dll
2013-05-04 06:57:00   708096   ----a-w-   C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00   1131520   ----a-w-   C:\windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53   419840   ----a-w-   C:\windows\System32\intl.cpl
2013-05-04 04:58:34   34304   ----a-w-   C:\windows\SysWow64\wuapp.exe
2013-05-04 04:58:14   758784   ----a-w-   C:\windows\SysWow64\Magnify.exe
2013-05-04 04:58:02   83968   ----a-w-   C:\windows\SysWow64\wudriver.dll
2013-05-04 04:58:02   125952   ----a-w-   C:\windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58   2620928   ----a-w-   C:\windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49   10788864   ----a-w-   C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39   8857088   ----a-w-   C:\windows\SysWow64\twinui.dll
2013-05-04 04:57:39   247296   ----a-w-   C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35   303616   ----a-w-   C:\windows\SysWow64\stobject.dll
.
============= FINISH: 8:47:08.47 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/20/2012 9:33:31 AM
System Uptime: 7/29/2013 8:43:22 AM (0 hours ago)
.
Motherboard: MSI | | 2AE0
Processor: AMD A6-5400K APU with Radeon HD Graphics | P0 | 3600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 732.001 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.462 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 7/19/2013 7:22:03 PM - Installed DirectX
RP45: 7/26/2013 8:43:40 PM - Scheduled Checkpoint
RP46: 7/28/2013 8:02:10 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD VISION Engine Control Center
avast! Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike: Source
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Delta Chrome Toolbar
DnsBasic 1.0 build 111
DomaIQ
Dropbox
Garry's Mod
Happy Cloud Client
Hawken
Hewlett-Packard ACLM.NET v1.2.0.0
HP Connected Music (Meridian - installer)
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP MyRoom
HP Postscript Converter
HP Registration Service
HyperCam 2
IDT Audio
Java 7 Update 21
Java 7 Update 25 (64-bit)
Java Auto Updater
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mumble 1.2.4
Norton Internet Security
NVIDIA PhysX
Quake Live Mozilla Plugin
Realm of the Mad God
Recovery Manager
Registry Repair 4.1.0.388
RIFT
RuneScape Launcher 1.2.2
Skype™ 6.5
Source SDK Base 2007
Spotify
Star Wars: The Old Republic
StarCraft II
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 8
TERA
theHunter (remove only)
VAFPlayer
Ventrilo Client for Windows x64
Vizzed Retro Game Room
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/29/2013 8:44:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DnsBasic Service service to connect.
7/29/2013 8:44:15 AM, Error: Service Control Manager [7000] - The FastFreeConverterUpdt service failed to start due to the following error: The system cannot find the file specified.
7/29/2013 8:44:13 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 126
7/29/2013 8:43:25 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/28/2013 4:16:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B46E1BDE-DB0A-451D-9338-F55E65B8A745}. The master browser is stopping or an election is being forced.
7/27/2013 3:29:59 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer GAREIKN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD921E70-EDA8-4BC8-B261-FEC2A8882DD9}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

RogueKiller Report

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Peter F [Admin rights]
Mode : Scan -- Date : 07/29/2013 08:54:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] EPUpdater : C:\Users\PETERF~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [-] -> FOUND
[V2][sUSP PATH] Test TimeTrigger : C:\Users\PETERF~1\AppData\Local\Temp\Runner.exe - C:\Users\PETERF~1\AppData\Local\Temp\DNS.exe [-][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA630 +++++
--- User ---
[MBR] a9d214ce677802939f26c329079eb3a8
[bSP] f98612a450bb8fa044ffa3514c8e2d43 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07292013_085407.txt >>

I pretty sure i didnt post the log in quotes or codes. sorry if i did, further instructions on how not to do that would be good if i did.

MrCharlie · July 29, 2013

Please uninstall DnsBasic 1.0 build 111 from your add/remove programs.

Then.......

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Badyoshi · July 29, 2013

AdwCleaner Log

# AdwCleaner v2.306 - Logfile created 07/29/2013 at 09:41:53
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Peter F - PETER
# Boot Mode : Normal
# Running from : C:\Users\Peter F\Desktop\adwcleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\cyzzesde.default\searchplugins\BrowserDefender.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DnsBasic
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Program Files (x86)\SingAlong
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Peter F\AppData\Local\Conduit
Folder Found : C:\Users\Peter F\AppData\LocalLow\Conduit
Folder Found : C:\Users\Peter F\AppData\LocalLow\delta
Folder Found : C:\Users\Peter F\AppData\Roaming\BabSolution
Folder Found : C:\Users\Peter F\AppData\Roaming\Babylon
Folder Found : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\vbt1c0k1.default-1356321908718\extensions\plugin@getwebcake.com
Folder Found : C:\windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\delta LTD
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\5d578dd1b03fbe15
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-1224414146-3666997841-312124505-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1224414146-3666997841-312124505-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-1224414146-3666997841-312124505-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\cyzzesde.default\prefs.js

[OK] File is clean.

File : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\vbt1c0k1.default-1356321908718\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6581 octets] - [29/07/2013 09:41:53]

########## EOF - C:\AdwCleaner[R1].txt - [6641 octets] ##########

MrCharlie · July 29, 2013

Please create a new system restore point before continuing :

http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#manual

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Badyoshi · July 29, 2013

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5d578dd1b03fbe15
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\cyzzesde.default\prefs.js

C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\cyzzesde.default\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\vbt1c0k1.default-1356321908718\prefs.js

C:\Users\Peter F\AppData\Roaming\Mozilla\Firefox\Profiles\vbt1c0k1.default-1356321908718\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6696 octets] - [29/07/2013 09:41:53]
AdwCleaner[R2].txt - [6756 octets] - [29/07/2013 10:04:26]
AdwCleaner[s1].txt - [6635 octets] - [29/07/2013 10:04:53]

########## EOF - C:\AdwCleaner[s1].txt - [6695 octets] ##########

I am now removing it and going to restart it, then i'll run another Quick Scan and see if the PUP.lyric is still there and inform you as soon as it's all complete

MrCharlie · July 29, 2013

OK, let me know......MrC

Badyoshi · July 29, 2013

Thank you MrC no malicious content was found on my computer, thank you for the help.

MrCharlie · July 29, 2013

Good.......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (May be down)

Cached version:
http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC

LDTate · July 30, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PUP Detected in my scan

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information