Jump to content

Don't know...


acma20

Recommended Posts

The other day I ran a bunch of virus scans and malware stuff on my laptop because I kept having issues with ads popping up/all over my web pages. The problem seems to be gone now. One of the things I ran was the ESET online scanner. I have the results from it but I'm not sure what to do with it now? Was hoping to get some help with that. I'll post the results from it below...

 

C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ff\chrome\content\inject.js.vir Win32/AdWare.BetterSurf.A application
C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir probably a variant of MSIL/DomaIQ.A application
C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir a variant of Win32/ExpressFiles.B application
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want This.dll.vir Win32/Toolbar.CrossRider application
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want This.exe.vir a variant of Win32/Toolbar.CrossRider.E application
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want ThisGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.E application
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\Vaudix\uninstall.exe.vir Win32/SProtector.B application
C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir Win32/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.I application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Local\TempDir\BetterInstaller.exe.vir a variant of Win32/Somoto.A application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\Program Files\Better-Surf\ie\BetterSrf.dll a variant of Win32/AdWare.BetterSurf.B application
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
C:\Users\Amanda\Downloads\frogger_2_downloader_ca_133.exe a variant of Win32/ExpressFiles.B application
C:\Users\Amanda\Downloads\PFPortChecker (1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Amanda\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Amanda\Downloads\Portforward-Setup-Static-IP-Address (1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Amanda\Downloads\Portforward-Setup-Static-IP-Address.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Amanda\Downloads\Songza_Allmyapps.exe a variant of Win32/InstallCore.BH application
C:\Users\Amanda\Downloads\utorrent (1).exe a variant of Win32/Bunndle application
C:\_OTL\MovedFiles\11292013_154756\C_Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AP application
 
Link to post
Share on other sites

Hello acma20 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

I ran the MBAM quick scan yesterday and it picked up 11 things. I can post that log if you want; but I ran it again just now and it picked up nothing. I also ran the DDS program..

 

MBAM (today)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.30.09
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Amanda :: AMANDA-HP [administrator]
 
Protection: Enabled
 
01/12/2013 12:29:03 PM
mbam-log-2013-12-01 (12-29-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278946
Time elapsed: 14 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Amanda at 12:45:08 on 2013-12-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.2803.1436 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\atiesrxx.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Hpservice.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Users\Amanda\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\notepad.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Better-Surf: {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - c:\program files\better-surf\ie\BetterSrf.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Easy Dock] c:\users\amanda\documents\rca easyrip\EZDock.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Facebook Update] "c:\users\amanda\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [broadcom Wireless Manager UI] c:\program files\broadcom\broadcom 802.11\WLTRAY.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzctODA3NDUxMzQzLUZMMTArMS1UVUcrMy1DSVArMi1MU0QrMi1ERFQrMC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRFQrMS1UQisxLVUxMCsxLVNUMTJPSSsx"&"prod=92"&"ver=2012.0.1831"&"mid=b50c5fdcb59a47d1ad173163c4373b73-cf8b83e13c94c1de072bf73562d09d7175213e9a
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3B88F19B-00A4-472C-97C5-C5BE18FED0D4} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\16E67656C636161393733323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\16E67656C636161393733323 : DHCPNameServer = 206.248.154.22 206.248.154.170
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\6456C6C6F6773786960702F6660247865602255646022456162746 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\6456C6C6F6773786960702F6660247865602255646022456162746 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{57CAFAAD-8378-4577-AAB2-1DBB4A716650}\C696E6B6379737 : DHCPNameServer = 64.71.255.198
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-1-26 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-1-26 13256]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-14 37664]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-1-26 40088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-3 574272]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-11-6 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2011-9-12 142904]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-5-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-1-26 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2010-1-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-3-1 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-2 821592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-29 701512]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-11-6 113264]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-6-2 32672]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2011-2-15 506472]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2011-2-15 29824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-29 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-12-8 186912]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2011-2-15 78848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-29 418376]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BRDriver;BRDriver;c:\programdata\bitraider\BRDriver.sys [2013-8-9 64808]
S3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe [2013-7-30 476936]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-2-15 294952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-15 33320]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-12-7 362040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-26 108032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-12 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-9-28 279656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-12 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-5 1343400]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-29 21:41:28 -------- d-----w- c:\program files\ESET
2013-11-29 21:06:21 -------- d-----w- c:\users\amanda\appdata\roaming\Malwarebytes
2013-11-29 21:06:14 -------- d-----w- c:\programdata\Malwarebytes
2013-11-29 21:06:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-29 21:06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-29 21:05:13 -------- d-----w- c:\users\amanda\appdata\roaming\Foxit Software
2013-11-29 21:05:12 -------- d-----w- c:\program files\Foxit Software
2013-11-29 20:47:56 -------- d-----w- C:\_OTL
2013-11-29 20:26:06 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-29 20:22:50 -------- d-----w- c:\users\amanda\appdata\local\temp
2013-11-29 20:07:05 98816 ----a-w- c:\windows\sed.exe
2013-11-29 20:07:05 256000 ----a-w- c:\windows\PEV.exe
2013-11-29 20:07:05 208896 ----a-w- c:\windows\MBR.exe
2013-11-29 19:59:59 -------- d-----w- c:\windows\ERUNT
2013-11-29 19:42:04 -------- d-----w- C:\AdwCleaner
2013-11-28 20:12:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-28 19:51:45 -------- d-----w- c:\program files\Belarc
2013-11-25 12:47:03 -------- d-----w- c:\program files\Better-Surf
2013-11-11 17:48:01 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-06 02:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-05 02:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M  ====================
.
2013-11-28 20:49:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-28 20:49:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 04:56:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-01 04:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-11-01 03:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-25 03:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-10 20:11:59 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 20:11:59 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 20:11:59 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 20:11:59 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 20:11:59 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 20:11:59 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 20:11:59 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-18 20:08:56 94208 ----a-w- c:\windows\system32\dpl100.dll
2013-09-17 05:57:26 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-10 05:43:20 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
.
============= FINISH: 12:46:41.98 ===============
 
Attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 21/03/2011 1:16:15 PM
System Uptime: 29/11/2013 4:25:49 PM (44 hours ago)
.
Motherboard: Hewlett-Packard |  | 142C
Processor: AMD Athlon II P340 Dual-Core Processor | Unknown | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 79.138 GiB free.
F: is FIXED (FAT32) - 2 GiB total, 1.486 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP362: 10/11/2013 1:35:33 AM - Scheduled Checkpoint
RP363: 13/11/2013 3:00:19 AM - Windows Update
RP364: 25/11/2013 12:23:18 AM - Scheduled Checkpoint
RP365: 26/11/2013 1:32:09 AM - Windows Update
RP366: 26/11/2013 1:34:59 AM - Windows Update
RP367: 28/11/2013 3:10:02 PM - Removed Java 7 Update 45
RP368: 28/11/2013 3:11:27 PM - Installed Java 7 Update 45
RP369: 28/11/2013 3:36:12 PM - Installed Java SE Development Kit 7 Update 45
RP370: 28/11/2013 3:43:46 PM - Installed QuickTime
RP371: 29/11/2013 4:00:14 PM - Removed Adobe Reader X (10.1.8).
.
==== Installed Programs ======================
.
ABC Amber LIT Converter
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
ATI Catalyst Install Manager
AVG 2014
Belarc Advisor 8.4
BitRaider Web Client
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CloudReading
D3DX10
Device Access Manager for HP ProtectTools
Diablo 2: Lord of Destruction version 1.13c
DivX Setup
Drive Encryption for HP ProtectTools
Energy Star Digital Logo
Face Recognition for HP ProtectTools
Facebook Video Calling 1.2.0.287
File Sanitizer For HP ProtectTools
Foxit Reader
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP QuickLook
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP Webcam Driver
HP Wireless Assistant
iCloud
IDT Audio
IObit Malware Fighter
iTunes
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 45
Java 6 Update 22
Java 6 Update 33
JavaFX 2.1.1
League of Legends
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MobileMe Control Panel
Movie Maker
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter
Norton Internet Security
OpenAL
OpenOffice.org 3.3
Pando Media Booster
Path of Exile
PC VGA Camer@ Plus
Photo Common
Photo Gallery
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
Protected Folder
QuickTime
Realtek Ethernet Controller All-In-One Windows Driver
Realtek USB 2.0 Card Reader
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype Click to Call
Skype™ 6.9
Star Wars The Old Republic
Star Wars: The Old Republic
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Theft Recovery
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Validity Fingerprint Driver
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VIO Player version 1.2
Visual Studio 2012 x86 Redistributables
Warcraft III
Windows 7 Default Setting
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
World of Warcraft
World of Warcraft Public Test
.
==== Event Viewer Messages From Past Week ========
.
29/11/2013 4:27:33 PM, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  The system cannot find the file specified.
29/11/2013 4:26:48 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater17.1.2 service failed to start due to the following error:  The system cannot find the file specified.
29/11/2013 3:16:58 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
Link to post
Share on other sites

Step 1

I notice that you are using more than one antivirus program.

  • AVG 2014
  • Norton Internet Security
  • This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them.

    Next, uninstall IObit Malware Fighter and reboot your system.

    Step 2

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 3

    Please scan your machine with ESET OnlineScan

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

      ESET OnlineScan

    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

        Save it to your Desktop.

      • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under Scan Settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    In your next reply, post the following log files:
    • Junkware Removal Tool log
    • ESET Online Scanner log
Link to post
Share on other sites

ESET

C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ch\Chrome.crx.vir Win32/AdWare.BetterSurf.A application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ff\BetterSurf.xpi.vir Win32/AdWare.BetterSurf.A application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ff\chrome\content\inject.js.vir Win32/AdWare.BetterSurf.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir probably a variant of MSIL/DomaIQ.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir a variant of Win32/ExpressFiles.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want This.dll.vir Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want This.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\I Want ThisGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\I Want This\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vaudix\uninstall.exe.vir Win32/SProtector.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir Win32/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Local\TempDir\BetterInstaller.exe.vir a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Amanda\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\Program Files\Better-Surf\ie\BetterSrf.dll a variant of Win32/AdWare.BetterSurf.B application cleaned by deleting - quarantined
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application cleaned by deleting - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Amanda\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120830223701325.rsc multiple threats deleted - quarantined
C:\Users\Amanda\Downloads\frogger_2_downloader_ca_133.exe a variant of Win32/ExpressFiles.B application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\PFPortChecker (1).exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\Portforward-Setup-Static-IP-Address (1).exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\Portforward-Setup-Static-IP-Address.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\Songza_Allmyapps.exe a variant of Win32/InstallCore.BH application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\utorrent (1).exe a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\Users\Amanda\Downloads\winplay.dll.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\_OTL\MovedFiles\11292013_154756\C_Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AP application cleaned by deleting - quarantined
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by Amanda on 01/12/2013 at 13:22:54.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/12/2013 at 13:26:46.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Sorry it's taken so long to post the contents. The scan took quite a while to complete and I didn't start it right away. 

 

KRVT

 

Status: Deleted   (events: 2)
03/12/2013 3:20:26 AM Deleted adware not-a-virus:AdWare.Win32.BetterSurf.b C:\Program Files\Better-Surf\ff\chrome\content\better-surf.js Medium
03/12/2013 12:52:09 PM Deleted adware not-a-virus:AdWare.Win32.BetterSurf.b C:\_OTL\MovedFiles\11292013_154756\C_Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\BetterSrf.js Medium
Status: Detected   (events: 1)
03/12/2013 2:39:20 AM Detected adware not-a-virus:AdWare.Win32.BetterSurf.b C:\Program Files\Better-Surf\ch\Chrome.crx/BetterSrf.js Medium
Status: Disinfected   (events: 2)
03/12/2013 3:19:45 AM Disinfected adware not-a-virus:AdWare.Win32.BetterSurf.b C:\Program Files\Better-Surf\ff\Better-Surf.xpi Medium
03/12/2013 3:19:45 AM Disinfected adware not-a-virus:AdWare.Win32.BetterSurf.b C:\Program Files\Better-Surf\ff\Better-Surf.xpi/chrome/content/better-surf.js Medium
Link to post
Share on other sites

Seems to be running fine and I'm not having problems with ads/pop-ups anymore. Though that stuff was pretty much gone when I posted here lol I just wanted to know what to do with the information from the ESET scan really. But, running the other scans and stuff here has helped clean it up a lot so :)

Link to post
Share on other sites

Glad I could help! :)

Let's clean these tools:

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.