Jump to content

jrat infected


Recommended Posts

Welcome to the forum, please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which one am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

 

 

 

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 2/16/2008 6:41:52 AM

System Uptime: 10/23/2013 8:45:55 PM (1 hours ago)

.

Motherboard:   |  |  

Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 2660/332mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 112.391 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Generic Marvell Yukon 88E8056 based Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_00BA11AB&REV_14\4&3F154DE&0&00E4

Manufacturer: Marvell

Name: Generic Marvell Yukon 88E8056 based Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_00BA11AB&REV_14\4&3F154DE&0&00E4

Service: yukonw7

.

==== System Restore Points ===================

.

RP1742: 10/18/2013 4:10:58 PM - Installed The Sims 3 World Adventures

RP1743: 10/18/2013 4:18:51 PM - Removed The Sims 3 Ambitions

RP1744: 10/18/2013 4:22:34 PM - Installed The Sims 3 Ambitions

RP1745: 10/18/2013 8:58:39 PM - Removed Steam

RP1746: 10/18/2013 9:03:36 PM - Installed Steam

RP1747: 10/22/2013 2:15:55 PM - Installed The Sims 3

RP1748: 10/22/2013 2:21:22 PM - Installed TheSims3EP8

RP1750: 10/23/2013 10:57:24 AM - Installed DirectX

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

µTorrent

7-Zip 4.65

A4 TECH PC Camera H

AC2 server emulator 0.41 by Dormine

Activision®

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Template Projects & Footage

Adobe After Effects CS3 Third Party Content

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Anchor Service CS4

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Creative Suite 3 Master Collection

Adobe Creative Suite 4 Master Collection

Adobe CSI CS4

Adobe Default Language CS3

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Device Central CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS3

Adobe Extension Manager CS4

Adobe Flash CS3

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Illustrator CS4

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe Linguistics CS4

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe MotionPicture Color Files

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files

Adobe PDF Library Files CS4

Adobe Photoshop CS3

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.4)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SING CS3

Adobe Soundbooth CS4 Codecs

Adobe Stock Photos CS3

Adobe Type Support

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Update Manager CS4

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Age of Empires II HD

AHV content for Acrobat and Flash

Alice Madness Returns

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

American McGee's Alice

AMR to MP3 Converter 1.4

Any Video Converter 5 5.0.4

Apple Application Support

Apple Software Update

Assassin's Creed II

ATI AVIVO Codecs

Audacity 1.3.12 (Unicode)

AutoCAD 2008 - English

Autodesk DWF Viewer 7

AVG Security Toolbar

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

Bamboo Dock

BandMaster

BLAZBLUE -CALAMITY TRIGGER-

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CBR Reader

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 5.6

Combined Community Codec Pack 2008-09-21 16:18

Connect

Corel Painter 12

Corel Painter 12 - IPM

D3DX10

DAEMON Tools Toolbar

Dealio Toolbar v7.6

DefaultTab

DefaultTab Chrome

Diablo II

DivX Setup

Dota 2

Download Accelerator Plus (DAP)

Dragon Age: Origins

Dragon Nest SEA

Facebook Plug-In

Facebook Video Calling 1.2.0.287

Fallout New Vegas

Fiesta Online(EU_English) 1.03.005

GameClub Launcher PH (Remove only)

Garena - Heroes of Newerth

Garena - League of Legends PH

Garena 2010

Garena Messenger

GIMP 2.8.6

Google Chrome

Google Toolbar for Internet Explorer

HydraVision

IconHandler 32 bit

Java 7 Update 7

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 25

Java SE Development Kit 6 Update 21

JCreator LE 4.50

Katawa Shoujo

kuler

Legend of Grimrock

LightScribe  1.8.15.1

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Minecraft1.5.2

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPaint 1.0.0

Nero 7 Essentials

neroxml

Nexus Mod Manager

NVIDIA PhysX

Opera 10.60

Painter 12 - Content

Painter 12 - Core

Painter 12 - EN

Painter 12 - Painter

Painter 12 - Setup Files

Pando Media Booster

PCSX2 - Playstation 2 Emulator

PDF Settings

PDF Settings CS4

Photoshop Camera Raw

Pixel Bender Toolkit

PSP ISO Compressor

QuickTime

Rainmeter

Ran Online PH 7.0.935.072811

Realtek High Definition Audio Driver

RegistryReviver

Resident Evil 6 version 1

ROSE Online

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 

Simple Table Demo Application

Skype Toolbars

Skype™ 5.10

SpeedBit Video Accelerator

SpeedBit Video Downloader

Spider-Man - Shattered Dimensions

Steam

Suite Shared Configuration CS4

TeamSpeak 3 Client

TeraCopy 2.1

The Elder Scrolls V: Skyrim

The Lord of the Rings Online™ v03.08.00.8029

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Late Night

The Sims™ 3 Pets

The Sims™ 3 Seasons

The Sims™ 3 World Adventures

Toon Boom Animate

Tunngle beta

Ubisoft Game Launcher

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

USB Disk Security

USB Game Controller

USB PC Camera Plus

VBA (2627.01)

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.9

Wacom

WebTablet FB Plugin 32 bit

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinRAR archiver

Wrye Bash

Yahoo! Messenger

YouTube Downloader 3.4

.

==== Event Viewer Messages From Past Week ========

.

10/23/2013 11:06:18 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.

10/23/2013 1:47:26 PM, Error: Service Control Manager [7034]  - The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

10/22/2013 2:07:21 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

10/22/2013 2:03:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

10/18/2013 9:17:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.

10/18/2013 9:17:22 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

10/18/2013 7:49:46 PM, Error: Service Control Manager [7034]  - The TunngleService service terminated unexpectedly.  It has done this 1 time(s).

10/18/2013 2:40:58 PM, Error: Microsoft-Windows-Application-Experience [205]  - The Program Compatibility Assistant service failed to perform the phase two initialization.

10/17/2013 3:26:08 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

10/16/2013 2:53:02 PM, Error: Service Control Manager [7038]  - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/16/2013 2:53:02 PM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure.

.

==== End Of File ===========================

 

 


DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16450  BrowserJavaVersion: 10.7.2

Run by BTP at 21:44:42 on 2013-10-23

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1234 [GMT 8:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DefaultTab\DefaultTabSearch.exe

C:\Users\BTP\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Bamboo Dock\BambooCore.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\FixCamera.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\program files\avira\antivir desktop\ipmGui.exe

C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\program files\avira\antivir desktop\avscan.exe

C:\Users\BTP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\BTP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\BTP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Users\BTP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\BTP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.




uURLSearchHooks: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\ie\7.6\dealioToolbarIE.dll

uURLSearchHooks: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - <orphaned>

uURLSearchHooks: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - <orphaned>

BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\ie\7.6\dealioToolbarIE.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SBCONVERT Class: {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\btp\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\dap\dapieloader.dll

BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll

TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\ie\7.6\dealioToolbarIE.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"                                                                                                                                                                                                                

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP                                                                                                                                                                                                                                  

uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup                                                                                                                                                                                              

uRun: [Facebook Update] "c:\users\btp\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [MSIDLL] rundll32.exe msiokc32.dll,QAAfrLbwt

uRun: [Google Update] "c:\users\btp\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [] "c:\program files\java\jre7\bin\javaw.exe" -jar "c:\users\btp\appdata\roaming\MineCraft.jar"

uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [uSB Antivirus] c:\program files\usb disk security\USBGuard.exe

mRun: [VMSnap3] c:\windows\VMSnap3.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [bambooCore] c:\program files\bamboo dock\BambooCore.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [FixCamera] c:\windows\FixCamera.exe

mRun: [tsnpstd3] c:\windows\tsnpstd3.exe

mRun: [snpstd3] c:\windows\vsnpstd3.exe

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

StartupFolder: c:\users\btp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\SBLSP.dll





TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4DA5D257-7934-4136-87BC-DEDFC1E2A6EF} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{D39FAF99-6AEB-4F29-BE4E-B7CD9A2525FC} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 37664]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-5-3 37352]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-5-3 88840]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]

R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-10-15 11680]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-5 277536]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-12-4 27136]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-10-15 70048]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-29 52224]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2010-6-5 480128]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.js: <filetype is not registered>

.

=============== Created Last 30 ================

.

2013-10-18 09:42:28 -------- d-----w- c:\users\btp\appdata\roaming\Unity

2013-10-18 09:28:17 -------- d-----w- c:\users\btp\appdata\local\Unity

2013-10-18 09:17:20 -------- d-----w- c:\program files\Games

2013-10-18 07:01:47 94208 ----a-w- c:\windows\DIIUnin.exe

2013-10-18 07:01:47 2829 ----a-w- c:\windows\DIIUnin.pif

2013-10-18 06:59:04 -------- d-----w- c:\program files\Diablo II

2013-10-18 06:53:32 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2013-10-18 06:53:02 -------- d-----w- c:\program files\DAEMON Tools Lite

2013-10-17 13:56:08 -------- d-----w- c:\users\btp\appdata\roaming\Tunngle

2013-10-17 13:56:08 -------- d-----w- c:\programdata\Tunngle

2013-10-17 13:36:48 -------- d-----w- c:\programdata\McAfee Security Scan

2013-10-17 13:36:43 -------- d-----w- c:\program files\McAfee Security Scan

2013-10-17 11:55:56 -------- d-----w- c:\users\btp\appdata\local\CRE

2013-10-17 11:55:56 -------- d-----w- c:\program files\Conduit

2013-10-15 15:51:31 -------- d-----r- c:\users\btp\My Videos

2013-10-15 05:29:15 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2013-10-15 05:29:15 11680 ----a-w- c:\windows\system32\drivers\hidkmdf.sys

2013-10-15 05:29:14 70048 ----a-w- c:\windows\system32\drivers\wachidrouter.sys

.

==================== Find3M  ====================

.

2013-10-17 13:36:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-17 13:36:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-01 20:48:53 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-16 07:34:53 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-09-15 07:31:56 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2013-09-15 07:31:56 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2013-08-29 12:06:53 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys

.

============= FINISH: 21:46:47.72 ===============

 

Link to post
Share on other sites

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : BTP [Admin rights]

Mode : Scan -- Date : 10/23/2013 21:58:16

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run :  ("C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\BTP\AppData\Roaming\MineCraft.jar" [7][-]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : VMSnap3 (C:\Windows\VMSnap3.exe [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-958819792-2693934330-2994157847-1000\[...]\Run :  ("C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\BTP\AppData\Roaming\MineCraft.jar" [7][-]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 5 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{1795F195-221A-4ED1-952A-4F2C0625AC84}.exe - --uninstall=1 [x] -> FOUND

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{889B64BC-2556-4575-BE69-CD00C4543809}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{1795F195-221A-4ED1-952A-4F2C0625AC84}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{889B64BC-2556-4575-BE69-CD00C4543809}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] {193AEF86-ECDF-45CA-BFA2-69A77911DE44} : C:\Users\BTP\Desktop\New Folder (3)\Xpadder.exe [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[84] : NtCreateSection @ 0x8367404D -> HOOKED (Unknown @ 0x8F453B96)

[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x8368EA43 -> HOOKED (Unknown @ 0x8F453BA0)

[Address] SSDT[316] : NtSetContextThread @ 0x8372E755 -> HOOKED (Unknown @ 0x8F453B9B)

[Address] SSDT[347] : NtSetSecurityObject @ 0x8365271E -> HOOKED (Unknown @ 0x8F453BA5)

[Address] SSDT[368] : NtSystemDebugControl @ 0x836D66BC -> HOOKED (Unknown @ 0x8F453BAA)

[Address] SSDT[370] : NtTerminateProcess @ 0x836ABBCD -> HOOKED (Unknown @ 0x8F453B37)

[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F453BBE)

[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8F453BC3)

[Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85D881F8)

[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCDE9333C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++

--- User ---

[MBR] d1f75d4300bdd7d6088579c0167920f1

[bSP] 9748f514c34a293160b18326292d1464 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10232013_215816.txt >>
Link to post
Share on other sites

Please uninstall these from your add/remove programs:

DefaultTab
DefaultTab Chrome
Dealio Toolbar v7.6
DAEMON Tools Toolbar


Next:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Im really sorry sir i fell asleep yesterday, i'll post the log of adwcleaner first while Malwarebytes is still scanning

 

# AdwCleaner v3.010 - Report created 24/10/2013 at 08:35:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : BTP - BTP-PC
# Running from : C:\Users\BTP\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\BTP\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\BTP\AppData\Local\OpenCandy
Folder Deleted : C:\Users\BTP\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\BTP\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\BTP\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\BTP\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\BTP\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\BTP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\Extensions\dealio@mybrowserbar.com
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\searchplugins\Ask.xml
File Deleted : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-movie-maker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16450
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[ File : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\prefs.js ]
 
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("speedbit.dap_installed", true);
 
-\\ Google Chrome v
 
[ File : C:\Users\BTP\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17375 octets] - [24/10/2013 08:33:21]
AdwCleaner[s0].txt - [17163 octets] - [24/10/2013 08:35:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [17224 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.23.10

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

BTP :: BTP-PC [administrator]

 

Protection: Enabled

 

10/24/2013 8:44:29 AM

mbam-log-2013-10-24 (08-44-29).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220743

Time elapsed: 11 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\SOFTWARE\VÍTIMA (Backdoor.Trace) -> Quarantined and deleted successfully.

 

Registry Values Detected: 2

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSIDLL (Trojan.Agent) -> Data: rundll32.exe msiokc32.dll,QAAfrLbwt -> Quarantined and deleted successfully.

HKCU\Software\vítima|FirstExecution (Backdoor.Trace) -> Data: 06/04/2010 -- 14:03 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 2

C:\Users\BTP\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Local\Temp\CT3289075\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

Files Detected: 7

C:\Users\BTP\Desktop\AutoClicker.exe (Trojan.AutoClick) -> Quarantined and deleted successfully.

C:\Users\BTP\Downloads\CS4LicenseFix.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\BTP\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Next......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.10.23.10

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

BTP :: BTP-PC [administrator]

 

10/24/2013 9:59:59 AM

mbar-log-2013-10-24 (09-59-59).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.

Objects scanned: 224406

Time elapsed: 16 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_25

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.660000 GHz

Memory total: 3219316736, free: 965132288

 

Downloaded database version: v2013.10.23.10

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     10/24/2013 09:59:53

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\bijlc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spuy.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx86.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\ssmdrv.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt86win7.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\System32\Drivers\ajmtt4qy.SYS

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\tap0901t.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW73.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\wachidrouter.sys

\SystemRoot\system32\DRIVERS\hidkmdf.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Program Files\DAEMON Tools Lite\Engine.dll

\Windows\System32\nsi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\wininet.dll

\Windows\System32\user32.dll

\Windows\System32\gdi32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\iertutil.dll

\Windows\System32\imagehlp.dll

\Windows\System32\imm32.dll

\Windows\System32\lpk.dll

\Windows\System32\difxapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\urlmon.dll

\Windows\System32\shell32.dll

\Windows\System32\sechost.dll

\Windows\System32\oleaut32.dll

\Windows\System32\usp10.dll

\Windows\System32\ws2_32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\clbcatq.dll

\Windows\System32\setupapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\shlwapi.dll

\Windows\System32\ole32.dll

\Windows\System32\psapi.dll

\Windows\System32\msctf.dll

\Windows\System32\devobj.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\comctl32.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86e17030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xffffffff86d04908

Lower Device Driver Name: \Driver\atapi\

IRP handler 0 of \Driver\atapi points to an unknown module

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86e17030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xffffffff86d04908

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff86e17030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86e17d10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86e17030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86c96c20, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff86d04908, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffba127cf0, 0xffffffff86e17030, 0xffffffff864a7ac8

Lower DeviceData: 0xffffffffb96007a0, 0xffffffff86d04908, 0xffffffff868f4258

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 68BBB882

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 976769024

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished
Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-10-24.01 - BTP 10/25/2013   9:34.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1779 [GMT 8:00]

Running from: c:\users\BTP\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\BTP\AppData\Roaming\Local

c:\users\BTP\AppData\Roaming\Local\FalloutNV\Fallout.ini

c:\users\BTP\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini

c:\users\BTP\AppData\Roaming\Local\FalloutNV\NVDLCList.txt

c:\users\BTP\AppData\Roaming\Local\FalloutNV\plugins.txt

c:\users\BTP\AppData\Roaming\Local\FalloutNV\RendererInfo.txt

c:\windows\system32\Cache

c:\windows\system32\Cache\095bdebc27a6d7f8.fb

c:\windows\system32\Cache\0cfad42d6d7638ed.fb

c:\windows\system32\Cache\261a3892528a7826.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\441d4708723d6314.fb

c:\windows\system32\Cache\44d0cb62d78e8c75.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\7f97e2e9752aa188.fb

c:\windows\system32\Cache\8699677cb4d420cc.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\988c4cb566f0ad4a.fb

c:\windows\system32\Cache\9b9d0d4352e77f12.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b0387e4183b70d65.fb

c:\windows\system32\Cache\b4f4c7bd754bf2c9.fb

c:\windows\system32\Cache\b6abccf087b99fbc.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\db9004ecb9de0677.fb

c:\windows\system32\Cache\dd5650cfc3350597.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f1d56c5885a317dd.fb

c:\windows\system32\Cache\f6e1ecf36794a77d.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\SETFF7B.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-25 to 2013-10-25  )))))))))))))))))))))))))))))))

.

.

2013-10-25 01:47 . 2013-10-25 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-24 02:10 . 2013-10-25 01:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB3FB0EE-BD6F-4352-A881-BCDBFDD5EEDD}\offreg.dll

2013-10-24 01:59 . 2013-10-24 02:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-24 01:57 . 2013-10-24 01:57 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-24 00:42 . 2013-10-24 00:42 -------- d-----w- c:\users\BTP\AppData\Roaming\Malwarebytes

2013-10-24 00:42 . 2013-10-24 00:42 -------- d-----w- c:\programdata\Malwarebytes

2013-10-24 00:42 . 2013-10-24 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-24 00:42 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-24 00:33 . 2013-10-24 00:36 -------- d-----w- C:\AdwCleaner

2013-10-23 14:05 . 2013-10-23 14:05 -------- d-----w- c:\windows\ERUNT

2013-10-18 09:42 . 2013-10-18 09:42 -------- d-----w- c:\users\BTP\AppData\Roaming\Unity

2013-10-18 09:28 . 2013-10-18 09:28 -------- d-----w- c:\users\BTP\AppData\Local\Unity

2013-10-18 09:17 . 2013-10-18 09:31 -------- d-----w- c:\program files\Games

2013-10-18 07:01 . 2013-10-18 07:01 94208 ----a-w- c:\windows\DIIUnin.exe

2013-10-18 07:01 . 2013-10-18 07:01 2829 ----a-w- c:\windows\DIIUnin.pif

2013-10-18 06:59 . 2013-10-19 17:41 -------- d-----w- c:\program files\Diablo II

2013-10-18 06:53 . 2013-10-18 06:53 -------- d-----w- c:\program files\DAEMON Tools Lite

2013-10-17 13:56 . 2013-10-18 12:47 -------- d-----w- c:\users\BTP\AppData\Roaming\Tunngle

2013-10-17 13:56 . 2013-10-18 12:47 -------- d-----w- c:\programdata\Tunngle

2013-10-17 13:36 . 2013-10-23 15:01 -------- d-----w- c:\programdata\McAfee Security Scan

2013-10-17 13:36 . 2013-10-17 14:07 -------- d-----w- c:\program files\McAfee Security Scan

2013-10-17 11:55 . 2013-10-17 11:56 -------- d-----w- c:\users\BTP\AppData\Local\CRE

2013-10-16 06:23 . 2013-10-25 01:09 -------- d-----w- c:\program files\Electronic Arts

2013-10-15 15:51 . 2013-10-15 15:57 -------- d-----r- c:\users\BTP\My Videos

2013-10-15 05:29 . 2012-12-03 08:36 11680 ----a-w- c:\windows\system32\drivers\hidkmdf.sys

2013-10-15 05:29 . 2012-04-11 07:34 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2013-10-15 05:29 . 2012-12-03 08:36 70048 ----a-w- c:\windows\system32\drivers\wachidrouter.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-17 13:36 . 2012-04-03 03:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-17 13:36 . 2011-05-27 14:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-01 20:48 . 2012-08-29 15:08 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-16 07:34 . 2013-05-03 04:33 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-09-15 07:31 . 2013-09-15 07:32 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2013-09-15 07:31 . 2013-09-15 07:32 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2013-08-29 12:06 . 2013-05-06 09:25 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-08-29 12:06 . 2013-05-03 04:33 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-27 04:24 . 2011-08-09 10:28 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll

2012-05-05 14:22 . 2011-06-04 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-19 451872]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-10-27 2836656]

"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-04-26 2098376]

"Facebook Update"="c:\users\BTP\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"uTorrent"="c:\users\BTP\AppData\Roaming\uTorrent\uTorrent.exe" [2013-10-17 1141328]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Steam"="c:\program files\Steam\Steam.exe" [2013-10-09 1813928]

"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-24 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-09 8505888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-23 815104]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-12-12 646744]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-16 270336]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

.

c:\users\BTP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-7 273296]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\BTP\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe [2011-04-26 265928]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 GarenaPEngine;GarenaPEngine;c:\users\BTP\AppData\Local\Temp\TRGC33E.tmp [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-18 3753224]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2013-09-02 759192]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-06-23 480128]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]

R3 XDva296;XDva296;c:\windows\system32\XDva296.sys [x]

R3 XDva312;XDva312;c:\windows\system32\XDva312.sys [x]

R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]

R3 XDva369;XDva369;c:\windows\system32\XDva369.sys [x]

R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-05 691696]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-01 37664]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-03 37352]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 217600]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-29 84024]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 528256]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]

S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 11680]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 70048]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-19 01:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:36]

.

2013-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-958819792-2693934330-2994157847-1000Core.job

- c:\users\BTP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 14:39]

.

2013-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-958819792-2693934330-2994157847-1000UA.job

- c:\users\BTP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 14:39]

.

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580636779-2059193832-1228549069-1000Core.job

- c:\users\BTP\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16 05:53]

.

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580636779-2059193832-1228549069-1000UA.job

- c:\users\BTP\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16 05:53]

.

2013-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-958819792-2693934330-2994157847-1000Core.job

- c:\users\BTP\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16 05:53]

.

2013-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-958819792-2693934330-2994157847-1000UA.job

- c:\users\BTP\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16 05:53]

.

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{672D83BE-5030-44DF-AD22-E9B719703B62}.job

- c:\windows\system32\msfeedssync.exe [2012-02-29 15:14]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyOverride = *.local

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll

TCP: DhcpNameServer = 192.168.0.1

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.txt=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - (no file)

WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\BTP\AppData\Local\Temp\TRGC33E.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=hex:51,66,7a,6c,4c,1d,38,12,b8,e4,3a,

   07,66,21,43,03,ec,e0,b6,83,14,d5,e9,e6

"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,

   45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"=hex:51,66,7a,6c,4c,1d,38,12,e9,88,2a,

   05,9d,2f,95,0a,e5,a3,59,5c,5a,ed,de,88

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3017FB3E-9A77-4396-88C5-0EC9548FB42F}"=hex:51,66,7a,6c,4c,1d,38,12,50,f8,04,

   34,45,d4,f8,06,f7,d3,4d,89,51,d1,f0,3b

"{389943B0-C3A2-4E69-82CB-8596A84CB3DC}"=hex:51,66,7a,6c,4c,1d,38,12,de,40,8a,

   3c,90,8d,07,0b,fd,dd,c6,d6,ad,12,f7,c8

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,

   cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f,

   fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14

"{FF7C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,6f,

   fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-10-25  09:50:05

ComboFix-quarantined-files.txt  2013-10-25 01:50

.

Pre-Run: 92,076,605,440 bytes free

Post-Run: 92,308,959,232 bytes free

.

- - End Of File - - E7EFB3BAA158BD4D23C11749112DA1E9

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

OK....Next:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 25/10/2013 at 10:56:45

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : BTP - BTP-PC

# Running from : C:\Users\BTP\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16450

 

 

-\\ Mozilla Firefox v12.0 (en-US)

 

[ File : C:\Users\BTP\AppData\Roaming\Mozilla\Firefox\Profiles\w1puq0z2.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\BTP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [17375 octets] - [24/10/2013 08:33:21]

AdwCleaner[R1].txt - [992 octets] - [25/10/2013 10:55:40]

AdwCleaner[s0].txt - [17305 octets] - [24/10/2013 08:35:24]

AdwCleaner[s1].txt - [914 octets] - [25/10/2013 10:56:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [973 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.25.01

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

BTP :: BTP-PC [administrator]

 

Protection: Enabled

 

10/25/2013 11:03:44 AM

mbam-log-2013-10-25 (11-03-44).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229335

Time elapsed: 12 minute(s), 9 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

I forget we already ran AdwCleaner.

 

--------------------------------
 

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 


I see you have Windows Defender enabled, there's no need for this...you have Avira running. Having 2 anti-virus programs running only causes conflicts and spotty protection.
Please disable Defender:

Disable Defender

Dangers of running 2 anti-virus programs

---------------------------------

Please update and run scan with Avira and let me know how the computer is.

MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.