Jump to content

Possible PUP/Infection?


chimpy
 Share

Recommended Posts

Hi, I scanned with MBAM and it flagged this as a PUP C:\Users\XX\Downloads\winamp563_full_emusic-7plus_all.exe with the prefix of PUP.Optional.OpenCandy.

I let MBAM remove it and restart my laptop.

 

This is infected MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
XXX [administrator]

23/08/2013 00:27:31
mbam-log-2013-08-23 (00-27-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 244145
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\XXX\Downloads\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

This is the clean one

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
XXX [administrator]

23/08/2013 01:52:12
mbam-log-2013-08-23 (01-52-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 244033
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

DDS.txt log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.21.2
Run by XXX at 2:04:31 on 2013-08-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3561.2019 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{306DE3AC-DBAE-4F34-83BB-4028486A93DE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3C3BC83C-468E-4339-9427-95A7197A58CD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3C3BC83C-468E-4339-9427-95A7197A58CD}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\moomin\AppData\Roaming\Mozilla\Firefox\Profiles\17ghuu51.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 189936]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-25 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-25 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-25 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-25 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-25 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-19 46808]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-13 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-25 2413056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-12 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-12 528760]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-25 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-25 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-10-25 1145448]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-25 53376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-08-21 23:49:21    --------    d-----w-    C:\Program Files\iPod
2013-08-21 23:49:20    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-21 23:49:20    --------    d-----w-    C:\Program Files\iTunes
2013-08-21 23:49:20    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-08-14 14:58:50    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 14:58:49    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 14:58:49    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 14:58:49    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 14:58:49    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 14:58:49    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 14:58:49    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 14:58:49    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-14 14:57:11    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-14 14:57:11    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-14 14:57:08    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-14 14:57:07    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 14:57:06    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 14:57:06    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-08-14 14:57:01    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-14 14:57:00    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-14 14:56:59    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-14 14:56:59    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-14 14:56:58    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-14 14:56:58    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-14 14:56:57    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-14 14:56:56    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-14 14:56:55    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-14 14:56:55    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-14 14:56:55    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-14 14:56:54    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 14:56:21    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-03 21:29:48    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-07-03 21:29:48    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-27 22:47:57    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-27 22:47:57    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH:  2:05:36.32 ===============

And Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27/01/2012 20:53:39
System Uptime: 23/08/2013 01:25:12 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 3566
Processor: AMD E2-3000M APU with Radeon HD Graphics | Socket FS1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 294.848 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.146 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.08 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP77: 22/07/2013 13:57:08 - Scheduled Checkpoint
RP78: 14/08/2013 19:30:37 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 11.6
Age of Empires Online
Aliens vs. Predator
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
Analogue: A Hate Story
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage 2
avast! Free Antivirus
Bad Rats
Bamboo
Bamboo Dock
Bamboo Tablets Tutorial
Bejeweled 3
Bing Bar
Bing Desktop
Blackhawk Striker 2
Blio
Bonjour
Brawl Busters
Breath of Death VII
Call of Cthulhu: Dark Corners of the Earth
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cradle of Rome 2
Cricket Revolution
Cthulhu Saves the World
CyberLink YouCam
D3DX10
Dora's World Adventure
Dota 2
Dota 2 Test
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Garry's Mod
Garry's Mod 13 Beta
Hewlett-Packard ACLM.NET v1.1.2.0
Home
Hoyle Card Games
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
iTunes
Java 7 Update 21
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Killing Floor
Kung Fu Strike: The Warrior's Rise
Left 4 Dead
Left 4 Dead 2
Letters from Nowhere 2
LIMBO
Livebrush Mini
Luxor HD
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 23.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
opensource
Penguins!
PHOTOfunSTUDIO 8.0 LE
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Portal
Realm of the Mad God
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
RollerCoaster Tycoon 3: Platinum
Sandboxie 4.04 (64-bit)
Secret of the Magic Crystal
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Source Filmmaker
Steam
Sumo Paint Bamboo 2.2
swMSM
Synaptics Pointing Device Driver
Terraria
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VVVVVV
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zombie Panic Source
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
23/08/2013 01:32:03, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
23/08/2013 01:32:03, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
23/08/2013 00:50:55, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
21/08/2013 23:05:43, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
21/08/2013 23:05:43, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/08/2013 01:17:37, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
21/08/2013 01:12:19, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
21/08/2013 01:11:27, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
21/08/2013 01:10:57, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
21/08/2013 01:10:57, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/08/2013 01:10:27, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
21/08/2013 01:10:27, Error: Service Control Manager [7000]  - The HP Software Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/08/2013 01:10:27, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
21/08/2013 01:06:47, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
21/08/2013 01:06:47, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
20/08/2013 23:10:52, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
20/08/2013 23:10:42, Error: Service Control Manager [7022]  - The Application Virtualization Client service hung on starting.
20/08/2013 02:43:27, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
19/08/2013 21:28:42, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
18/08/2013 19:50:45, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
18/08/2013 19:50:38, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
18/08/2013 19:50:38, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
18/08/2013 19:50:38, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

I already had DDS installed from previous posts so I notice the date on it is last year, not sure if there is a updated version that you would prefer me to download and run, I was just in a bit of hurry to post these.

 

Thanks.
 

Link to post
Share on other sites

Welcome to the forum.

Lets check for any adware.....

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
MrC
Link to post
Share on other sites

Hi, thanks for the help, just one question, how do I know its finished? It has said "Pending please uncheck any elements you want to remove" for a long time so I clicked the report which is here.

 

# AdwCleaner v3.000 - Report created 23/08/2013 at 22:51:59
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : XXX - XXX-HP
# Running from : C:\Users\XXX\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\moomin\AppData\Roaming\Mozilla\Firefox\Profiles\17ghuu51.default\prefs.js ]


[ File : C:\Users\A J\AppData\Roaming\Mozilla\Firefox\Profiles\y02oni0a.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2139 octets] - [23/08/2013 22:51:59]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2199 octets] ##########

 

Did I prematurely stop it or had it completed?

I have no idea what it found but it all says its from IE which I don't really use but it looks harmless I think? I'm not sure.

Link to post
Share on other sites

It's harmless.....nothing to worry about:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then..............

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

It didn't open up on reboot so I had to look for it in my C drive if that makes a difference?

 

# AdwCleaner v3.000 - Report created 24/08/2013 at 00:59:00
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : XXX - XXX-HP
# Running from : C:\Users\XXX\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\17ghuu51.default\prefs.js ]


[ File : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\y02oni0a.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2301 octets] - [23/08/2013 22:51:59]
AdwCleaner[R1].txt - [2361 octets] - [24/08/2013 00:57:50]
AdwCleaner[s0].txt - [1953 octets] - [24/08/2013 00:59:00]

 

And this is MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
XXX :: XXX-HP [administrator]

24/08/2013 01:24:27
mbam-log-2013-08-24 (01-24-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 244778
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

So far my laptop seems to be running ok.
 

Link to post
Share on other sites

Looks Good......If you want to take a look at your computers security:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Yes sorry I was out of town and just got back a few hours ago.

 

This is the log

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 21 <------please update, should be Update 25

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".
 
-------------------------

Adobe Flash Player 10 Flash Player out of Date! <---please uninstall from your add/remove programs

Adobe Flash Player 11.7.700.202 <----------Check for an update if available

---------------------

Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

SSD = Solid State Drive:
http://en.wikipedia.org/wiki/Solid-state_drive

Windows has a built in defrag program:
http://www.dummies.com/how-to/content/defragmenting-a-hard-drive-in-windows-7.html

I like to use Defraggler:
http://www.piriform.com/defraggler

Just a note....it can take many hours to perform no matter which program you use.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.