Jump to content

Google Redirect Virus, please help!


Recommended Posts

I downloaded what I thought was a free pdf creator from this website: http://www.pdfforge.org/pdfcreator.  After installing the program I realized I had made a mistake and clicked on an ad disguised as the download link, you can see this if you go to the website.  I immediately uninstalled the program but it's clear to me I now have an infection.  Google Chrome periodically opens a new tab taking me to some advertisement sites with zero input from me.  I tried Microsoft Security Essentials and AdAware to no effect.  I also tried MalwareBytes which found nothing.  I believe I have some kind of Google Redirect virus.  This is new to me as I thought commercial security software would detect this type of infection and remove it but it seems that's not the case.

 

I have run Rogue Killer and got the following report:

 

Please help me get rid of this!

 

RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : snydera [Admin rights]
Mode : Scan -- Date : 10/22/2013 10:55:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] DigitalSite.job : C:\Users\snydera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][sUSP PATH] DigitalSite : C:\Users\snydera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ATA WDC WD10EZEX-75Z SCSI Disk Device +++++
--- User ---
[MBR] 7e04da700ef3b6e8bf595cf454c4b401
[bSP] d0db89ad5aabd261370ef493fad62b26 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 499 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000 | Size: 953368 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10222013_105522.txt >>
 
 
 
 
Link to post
Share on other sites

Hello PA2SK and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello Borislav!  Thank you for your help.  I have run the scan and am posting results below.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by PA2SK at 14:55:17 on 2013-10-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32726.28648 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\nvwmi64.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\nvwmi64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\wpkg\WPKGSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\snydera\AppData\Local\Akamai\netsession_win.exe
C:\Users\snydera\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxVirtualLCD.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxNumPad.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\mobsync.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\snydera\AppData\Local\Akamai\netsession_win.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 35.8.35.149 35.9.56.201 35.8.33.24
TCP: Interfaces\{235229E0-65D7-4BE0-B0CE-A4F528FCFABB} : DHCPNameServer = 35.8.35.149 35.9.56.201 35.8.33.24
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: WPKGLogon - C:\Program Files\wpkg\wpkglogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\snydera\AppData\Roaming\Mozilla\Firefox\Profiles\mfwztjcy.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\Streaming Client\nprade.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-4-16 578008]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-4-16 26072]
R0 iaStorS;iaStorS;C:\windows\System32\drivers\iaStorS.sys [2013-4-16 652760]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-11-8 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R2 Altiris Deployment Agent;Altiris Deployment Agent;C:\Program Files\Altiris\Dagent\dagent.exe [2010-3-22 1960784]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2009-11-16 123200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2013-4-16 14808]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 NVWMI;NVIDIA WMI Provider;C:\windows\System32\nvwmi64.exe [2013-7-30 1248544]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2013-4-25 218248]
R2 WpkgService;WPKG Service;C:\Program Files\wpkg\WPKGSrv.exe [2010-2-10 330752]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-11-8 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-11-8 181248]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exe [2013-10-14 517344]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2013-7-30 24576]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-5-24 116752]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2013-7-6 77352]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2012-5-10 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-10-12 1431888]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-10 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-24 413800]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-4-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-10 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-10-22 15:10:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-22 15:10:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-22 15:10:45 116440 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2013-10-22 14:27:52 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-10-21 21:12:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35576381-C858-47A6-A21C-BCB3E1C69B16}\mpengine.dll
2013-10-20 21:12:37 10280728 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 13:08:35 -------- d-----w- C:\Users\snydera\AppData\Roaming\LavasoftStatistics
2013-10-18 13:05:21 -------- d-----w- C:\Program Files\Lavasoft
2013-10-18 13:04:26 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-10-17 14:08:42 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-10-17 14:08:00 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 13:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\PDF Architect
2013-10-17 13:52:45 -------- d-----w- C:\Users\snydera\AppData\Roaming\PDF Architect
2013-10-17 13:50:10 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{186201B3-E61A-4A59-AF8D-8313836E61EB}\gapaengine.dll
2013-10-17 13:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-10-17 13:49:02 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-10-14 20:56:46 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-10-14 12:50:43 137000 ----a-w- C:\windows\SysWow64\MSMAPI32.OCX
2013-10-14 12:50:42 23552 ----a-w- C:\windows\SysWow64\MSMPIDE.DLL
2013-10-14 12:48:56 -------- d-----w- C:\Users\snydera\AppData\Local\Programs
2013-10-14 12:48:21 -------- d-----w- C:\Program Files\DivX
2013-10-14 12:48:19 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2013-10-14 12:47:08 -------- d-----w- C:\Users\snydera\AppData\Roaming\LavFilters
2013-10-14 12:47:08 -------- d-----w- C:\Users\snydera\AppData\Roaming\CDXReader
2013-10-14 12:47:08 -------- d-----w- C:\ProgramData\DivX
2013-10-14 12:47:08 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-10-14 12:47:08 -------- d-----w- C:\Program Files (x86)\DSP-worx
2013-10-14 12:46:59 -------- d-----w- C:\Users\snydera\AppData\Roaming\DigitalSite
2013-10-13 09:33:49 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-13 09:33:49 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2013-10-13 09:31:34 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2013-10-13 09:31:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2013-10-13 09:31:34 41472 ----a-w- C:\windows\System32\lpk.dll
2013-10-13 09:31:34 368128 ----a-w- C:\windows\System32\atmfd.dll
2013-10-13 09:31:34 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2013-10-13 09:31:34 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2013-10-13 09:31:34 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2013-10-13 09:31:34 14336 ----a-w- C:\windows\System32\dciman32.dll
2013-10-13 09:31:34 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2013-10-13 09:31:34 100864 ----a-w- C:\windows\System32\fontsub.dll
2013-10-13 09:29:21 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2013-10-13 09:28:15 100864 ----a-w- C:\windows\System32\drivers\usbcir.sys
2013-10-13 09:27:59 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-10-13 09:27:59 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys
2013-10-13 09:27:33 81920 ----a-w- C:\windows\SysWow64\davclnt.dll
2013-10-13 09:27:33 259584 ----a-w- C:\windows\System32\WebClnt.dll
2013-10-13 09:27:33 205824 ----a-w- C:\windows\SysWow64\WebClnt.dll
2013-10-13 09:27:33 140800 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2013-10-13 09:27:33 102400 ----a-w- C:\windows\System32\davclnt.dll
2013-10-13 09:24:55 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-10-13 09:24:55 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-10-13 09:24:55 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-10-13 09:24:55 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-10-13 09:23:25 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-13 09:02:21 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 09:02:21 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 09:00:53 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-10-13 09:00:43 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-10-13 09:00:17 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-10-13 09:00:17 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-10-13 09:00:17 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-10-13 09:00:17 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-10-13 09:00:17 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-10-13 09:00:17 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-10-13 09:00:17 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-10-13 03:26:26 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F381A586-E0E9-4947-A45E-A3E53A6BBFFC}\mpengine.dll
2013-10-12 20:40:04 -------- d-----w- C:\ProgramData\Simpoe
2013-10-12 20:36:35 -------- d-----w- C:\ProgramData\COSMOS Applications
2013-10-12 20:36:23 -------- d-----w- C:\ProgramData\SolidWorks Flow Simulation
2013-10-12 20:22:12 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2013-10-04 19:44:19 -------- d-----w- C:\Program Files\iPod
2013-10-04 19:44:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 19:44:18 -------- d-----w- C:\Program Files\iTunes
2013-10-04 19:44:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-30 19:18:55 -------- d-----w- C:\ProgramData\MentorGraphics
2013-09-23 09:15:55 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
.
==================== Find3M  ====================
.
2013-10-08 22:51:08 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 22:51:08 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-20 12:07:13 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-30 19:56:50 24576 ----a-w- C:\windows\SetupAfterRebootService.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 14:55:36.57 ===============
 

attach - Copy.zip

Link to post
Share on other sites

Step 1

I notice that you are using more than one antivirus program.

  • Ad-Aware Antivirus (including: AdAwareInstaller, AdAwareUpdater)
  • ESET NOD32 Antivirus
  • Microsoft Security Essentials
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. If you have license for NOD32 I recommend you to keep it, if not keep Security Essentials and uninstall the others. When you are ready, reboot your system.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hello again Borislav,

 

You are correct, I have multiple anti virus programs installed.  Normally I only use NOD32, however I tried additional programs to see if any of them could remove the infection.  They all failed and I have now removed them.

 

I am unable to disable NOD32 as access is locked by the network administrators.  However I have run the scans you suggested anyway and I believe they were effective in removing the infection!  I have posted the logs below, see if you agree.

 

So far Google Chrome has not been directing me to anymore advertisement sites, which was my first indication I had a problem, but I will leave it open for a few hours and make sure.

 

Thank you again for your help.  If my system is indeed clean I will make a small donation to you.

 

Thanks,

Aaron

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.1 (07.15.2013:2)
OS: Windows 7 Professional x64
Ran by snydera on Wed 10/23/2013 at 14:11:40.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/23/2013 at 14:15:18.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.010 - Report created 23/10/2013 at 15:31:31
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username :
# Running from : 
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\PA2SK\AppData\Roaming\digitalsite
File Deleted : C:\windows\Tasks\digitalsite.job
File Deleted : C:\windows\System32\Tasks\digitalsite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\dsiteproducts
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\PA2SK\AppData\Roaming\Mozilla\Firefox\Profiles\mfwztjcy.default\prefs.js ]
 
 
[ File : C:\Users\helpme\AppData\Roaming\Mozilla\Firefox\Profiles\mxax0e5i.default\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\PA2SK\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1257 octets] - [23/10/2013 15:28:43]
AdwCleaner[s0].txt - [1141 octets] - [23/10/2013 15:31:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1201 octets] ##########
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.10.23.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
PA2SK :: PA2SK-WIN7 [administrator]
 
10/23/2013 3:35:34 PM
mbar-log-2013-10-23 (15-35-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 368267
Time elapsed: 8 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.