Jump to content

Random Audio Ads

scorpio4712000
 Share

Recommended Posts

scorpio4712000

scorpio4712000

Posted
Posted

Hello

 

Yesterday, I updated my install of SUPER. EXE to convert video.  Upon completion, I started to get a whole slew of random audio ads and occasional browser redirects/popups.  After a quick Google search, I ran both Malwarebytes and Kaspersky tdsskiller.  Both found some issues and cleaned them up, and there are far fewer audio ads and no browser redirects (at least so far), but it's obviously still not clean.  Further scans do not bring up any issues, even in safe mode.  Interestingly, I can go to the malwarebytes site, but could not log in, so I am sending this from an alternate computer.  Thanks in advance.  Here are the contents of the two files:

 

Attach.txt

============================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 7/29/2007 9:04:47 PM
System Uptime: 12/12/2013 3:56:54 PM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0CT017
Processor: Intel® Core2 Quad CPU           @ 2.40GHz | Microprocessor | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 75.484 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.779 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is FIXED (NTFS) - 2795 GiB total, 130.239 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.0.8
Adobe Setup
Adobe Shockwave Player 12.0
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
ANIWZCS2 Service
Audacity 2.0.3
Auto Gordian Knot 2.55
Avidemux 2.6 (32-bit)
AviSynth 2.5
calibre
Canon DR-2050C/2080C Scanner Driver
CapturePerfect 2.0
Compatibility Pack for the 2007 Office system
Dell Support Center
Dell System Customization Wizard
DellSupport
DivX Setup
Dropbox
DVD Decrypter (Remove Only)
Encompass Document Converter
Encompass360 SmartClient
Evernote v. 4.6.4
Fitbit Connect
Flickr Uploadr 3.2.1
Games, Music, & Photos Launcher
GigaClicks Crawler
GoldWave v4.26
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Java SE Runtime Environment 6
Jawbone Updater
KeePass Password Safe 1.25
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mouse Recorder Pro 1.3
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
Norton Identity Safe
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Password Remover v3.1
PDF Settings
PocketCloud Windows Companion
PowerDVD
Product Documentation Launcher
PVSonyDll
QualxServ Service Agreement
QuickTime Alternative 1.81
RangeBooster G WUA-2340
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SigmaTel Audio
SmartClient Core
SmartClient Installation Manager
Sonic Activation Module
Splashtop Software Updater
Splashtop Streamer
SUPER © v2013.build.58+Recorder (2013/11/13) version v2013.buil
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
URL Assistant
User's Guides
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.5
VobSub v2.23 (Remove Only)
WinRAR 4.20 (32-bit)
Wondershare Player(Build 1.5.0)
Wondershare Video Editor(Build 3.1.4)
XviD MPEG4 Video Codec (remove only)
Zoolz2
.
==== End Of File ===========================

 

Dds.txt
==============================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Chad at 16:13:13 on 2013-12-12
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2045.818 [GMT -10:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Ellie Mae\SCAppMgr\SCAppMgr.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\Chad\AppData\Local\GCC\Controller.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Genie9\Zoolz2\Zoolz.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Chad\AppData\Local\GCC\Controller.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer provided by Dell

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: TidyNetwork: {2AB79858-CE81-3FAB-FF4B-623DC0AE43AF} - c:\program files\tidynetwork\petn.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] "c:\windows\system32\rundll32.exe" "c:\users\chad\appdata\roaming\valueapps\ch\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [D-Link RangeBooster G WUA-2340] c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Zoolz Tray] "c:\program files\genie9\zoolz2\zoolzlauncher.exe" "c:\program files\genie9\zoolz2\Zoolz.exe" "-Delay"
mRun: [RUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\rusb3mon.exe"
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sigmatelSysTrayApp] sttray.exe
StartupFolder: c:\users\chad\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chad\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\chad\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\chad\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch jawbone updater.lnk - c:\program files\jawbone\LaunchJU.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html



TCP: NameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{20DAA8D4-FD68-4A8C-9BD3-E797E03B3476} : DHCPNameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{F1E51A6D-7C82-46FE-8D7B-F364F48162B0} : DHCPNameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chad\appdata\roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2013-10-16 23:05; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\IPSFF
FF - ExtSQL: 2013-10-17 08:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\coFFPlgn
FF - ExtSQL: 2013-10-17 21:52; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\chad\appdata\roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-11-15 17:26; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\chad\appdata\roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-12-02 17:22; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\chad\appdata\roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-18 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-18 934488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-18 134744]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd04000.00a\ccsetx86.sys [2013-6-17 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\ipsdefs\20131210.001\IDSvix86.sys [2013-12-10 393816]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2013-4-8 20384]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-18 352344]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-4-8 21504]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.4.0.10\ccsvchst.exe [2013-6-17 144368]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SCAppMgr;Smart Client Manager;c:\program files\ellie mae\scappmgr\SCAppMgr.exe [2012-8-7 59392]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-4-3 551264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2013-8-7 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-11-5 191488]
R2 WyseRemoteAccess;Wyse Remote Access;c:\program files\wyse\pocketcloud windows companion\WyseRemoteAccess.exe [2012-11-5 1436160]
R2 Zoolz 2 Service;Zoolz Service;c:\program files\genie9\zoolz2\ZoolzService.exe [2013-5-21 453648]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx86.sys [2013-4-8 905728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-20 108120]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [2012-8-27 91016]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [2012-8-27 181128]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-18 175264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-25 43392]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\rangebooster g wua-2340\jswutilvst\jswpsapi.exe [2013-4-8 954368]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 07/08/2013,1.2.6.1;c:\windows\system32\drivers\libusb0.sys [2013-8-30 42592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-12 08:16:43 -------- d-----w- c:\programdata\Oracle
2013-12-12 08:15:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-12 07:20:55 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 07:20:53 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 07:20:53 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 07:20:53 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 07:20:49 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 07:20:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 07:20:49 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 07:20:49 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 07:20:49 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 07:20:38 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 06:58:40 -------- d-----w- c:\users\chad\appdata\roaming\Malwarebytes
2013-12-12 06:58:21 -------- d-----w- c:\programdata\Malwarebytes
2013-12-12 06:58:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-12 06:58:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-12 05:31:41 -------- d-----w- c:\users\chad\.android
2013-12-12 05:31:35 -------- d-----w- c:\users\chad\appdata\local\cache
2013-12-12 05:31:32 -------- d-----w- c:\users\chad\appdata\local\genienext
2013-12-12 05:31:30 -------- d-----w- c:\users\chad\appdata\local\Mobogenie
2013-12-12 05:30:38 -------- d-----w- c:\program files\Mobogenie
2013-12-12 05:30:08 -------- d-----w- c:\users\chad\appdata\roaming\iSafe
2013-12-12 05:28:30 -------- d-----w- c:\users\chad\appdata\roaming\ValueApps
2013-12-12 05:27:59 -------- d-----w- c:\program files\TidyNetwork
2013-12-12 05:27:52 -------- d-----w- c:\users\chad\appdata\local\GCC
2013-12-12 05:27:30 -------- d-----w- c:\users\chad\appdata\local\SwvUpdater
2013-12-05 18:40:08 -------- d-----w- c:\users\chad\appdata\roaming\ePASS
2013-11-26 00:59:48 -------- d-----w- c:\users\chad\appdata\roaming\avidemux
2013-11-26 00:59:10 -------- d-----w- c:\program files\Avidemux 2.6
2013-11-22 17:24:15 -------- d-----w- c:\users\chad\appdata\local\NPE
2013-11-13 07:42:13 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 07:42:08 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 07:42:06 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 07:42:06 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
.
==================== Find3M  ====================
.
2013-12-11 06:55:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 06:55:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-26 00:57:54 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2013-10-08 17:51:05 873384 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-08 17:51:00 796072 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-27 19:39:26 369152 --sh--w- c:\windows\system32\avisynth.dll
2005-07-14 22:31:20 32256 --sh--w- c:\windows\system32\AVSredirect.dll
2004-05-26 12:37:34 719872 --sha-w- c:\windows\system32\devil.dll
2011-06-16 09:00:00 163328 --sha-r- c:\windows\system32\flvDX.dll
2004-01-25 10:00:00 70656 --sh--w- c:\windows\system32\i420vfw.dll
2007-02-21 22:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-17 00:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2011-02-11 20:26:20 112128 --sha-r- c:\windows\system32\OptimFROG.dll
2010-01-07 09:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
2012-10-06 05:54:00 188416 --sha-r- c:\windows\system32\winDCE32.dll
2004-01-25 10:00:00 70656 --sh--w- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 16:14:24.46 ===============
 

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello scorpio4712000 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
scorpio4712000

scorpio4712000

Posted
  • Author
Posted

Hello - thanks again for the help so far.  I completed all three steps, but before I do, I noticed a new symptom.  Occasionally, Norton gives me a pop up now saying that google chrome is taking up too much resources, but I hardly ever use chrome.  it's installed, but I typically used firefox.  when I get this message and I check the tasklist, Chrome is NOT listed in any of the tabs...  Here are the three files:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista Home Basic x86
Ran by Chad on Fri 12/13/2013 at 10:58:37.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] splashtopremoteservice
Successfully deleted: [service] splashtopremoteservice
Successfully stopped: [service] ssuservice
Successfully deleted: [service] ssuservice

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

 

~~~ Files

Successfully deleted: [File] "C:\Users\Chad\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Chad\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Chad\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Chad\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Chad\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\Users\Chad\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Users\Chad\appdata\local\splashtop"
Successfully deleted: [Folder] "C:\Users\Chad\appdata\local\swvupdater"
Failed to delete: [Folder] "C:\Program Files\splashtop"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Chad\AppData\Roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\user.js
Emptied folder: C:\Users\Chad\AppData\Roaming\mozilla\firefox\profiles\j21cih20.default-1382048385744\minidumps [40 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/13/2013 at 11:02:33.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.015 - Report created 14/12/2013 at 15:22:24
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : Chad - QUADPC
# Running from : C:\Users\Chad\Desktop\Burn\Personal\Software\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Splashtop
Folder Deleted : C:\Program Files\TidyNetwork
Folder Deleted : C:\Users\Chad\AppData\Roaming\ValueApps
File Deleted : C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Splashtop Inc.
Key Deleted : HKLM\Software\Splashtop Inc.
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Splashtop Software Updater
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\j21cih20.default-1382048385744\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2127 octets] - [14/12/2013 14:58:41]
AdwCleaner[s0].txt - [2082 octets] - [14/12/2013 15:22:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2142 octets] ##########

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.12.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chad :: QUADPC [administrator]

12/14/2013 3:27:06 PM
mbam-log-2013-12-14 (15-27-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243289
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
scorpio4712000

scorpio4712000

Posted
  • Author
Posted

Unfortunately, I am still getting the random audio ads...  here is the updated scan.  Thank you!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chad :: QUADPC [administrator]

12/15/2013 7:19:27 PM
mbam-log-2013-12-15 (19-19-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242346
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Don't worry. :)

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
scorpio4712000

scorpio4712000

Posted
  • Author
Posted

I am wondering, do I need to worry about any kind of other informant being leaked out, i.e., saved passwords, etc.  Haven't gone to any sensitive sites since this hit, but just want to see what the experts have to say.  Here is the log file as requested.  I also have discovered that renaming my chrome.exe file has stopped the audio ads, but obviously this isn't a great solution to the problem.  Again, thank you

 

ComboFix 13-12-18.01 - Chad 12/19/2013  10:10:59.1.4 - x86
Running from: G:\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-19 to 2013-12-19  )))))))))))))))))))))))))))))))
.
.
2013-12-19 20:21 . 2013-12-19 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-19 20:21 . 2013-12-19 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-19 19:02 . 2013-12-19 19:02 -------- d-----w- c:\users\Chad\AppData\Roaming\Roxio
2013-12-14 04:35 . 2013-12-14 04:35 -------- d-----w- c:\users\Chad\AppData\Roaming\ZJMedia
2013-12-14 04:35 . 2013-12-14 04:35 -------- d-----w- c:\users\Chad\AppData\Local\ZJMedia
2013-12-14 04:35 . 2013-12-14 08:40 -------- d-----w- c:\program files\Kingo Android ROOT
2013-12-13 21:03 . 2013-12-15 01:22 -------- d-----w- C:\AdwCleaner
2013-12-13 20:58 . 2013-12-13 20:58 -------- d-----w- c:\windows\ERUNT
2013-12-12 08:24 . 2013-12-12 08:24 -------- d-----w- c:\windows\Sun
2013-12-12 08:16 . 2013-12-12 08:16 -------- d-----w- c:\programdata\Oracle
2013-12-12 08:15 . 2013-10-08 17:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-12 07:20 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 07:20 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 07:20 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 07:20 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 07:20 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 07:20 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 07:20 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 07:20 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 07:20 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 07:20 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 06:58 . 2013-12-12 06:58 -------- d-----w- c:\users\Chad\AppData\Roaming\Malwarebytes
2013-12-12 06:58 . 2013-12-12 06:58 -------- d-----w- c:\programdata\Malwarebytes
2013-12-12 06:58 . 2013-12-12 06:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-12 06:58 . 2013-04-05 00:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-12 05:31 . 2013-12-12 05:31 -------- d-----w- c:\users\Chad\.android
2013-12-12 05:31 . 2013-12-12 05:31 -------- d-----w- c:\users\Chad\AppData\Local\cache
2013-12-12 05:31 . 2013-12-12 05:31 -------- d-----w- c:\users\Chad\AppData\Local\genienext
2013-12-12 05:31 . 2013-12-12 05:48 -------- d-----w- c:\users\Chad\AppData\Local\Mobogenie
2013-12-12 05:30 . 2013-12-12 05:48 -------- d-----w- c:\program files\Mobogenie
2013-12-12 05:27 . 2013-12-12 05:27 -------- d-----w- c:\users\Chad\AppData\Local\GCC
2013-12-05 18:40 . 2013-12-05 18:40 -------- d-----w- c:\users\Chad\AppData\Roaming\ePASS
2013-11-26 00:59 . 2013-11-26 03:15 -------- d-----w- c:\users\Chad\AppData\Roaming\avidemux
2013-11-26 00:59 . 2013-11-26 00:59 -------- d-----w- c:\program files\Avidemux 2.6
2013-11-22 17:24 . 2013-11-23 19:51 -------- d-----w- c:\users\Chad\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 06:55 . 2013-04-09 09:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 06:55 . 2013-04-09 09:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-30 02:13 . 2006-11-02 10:25 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-26 00:57 . 2013-10-26 00:57 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2013-10-11 02:08 . 2013-11-13 07:42 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 07:42 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 17:51 . 2013-05-14 19:40 873384 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-08 17:51 . 2013-05-14 19:40 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-03 12:45 . 2013-11-13 07:42 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 07:42 993792 ----a-w- c:\windows\system32\crypt32.dll
2009-09-27 19:39 369152 --sh--w- c:\windows\System32\avisynth.dll
2005-07-14 22:31 32256 --sh--w- c:\windows\System32\AVSredirect.dll
2004-05-26 12:37 719872 --sha-w- c:\windows\System32\devil.dll
2011-06-16 09:00 163328 --sha-r- c:\windows\System32\flvDX.dll
2004-01-25 10:00 70656 --sh--w- c:\windows\System32\i420vfw.dll
2007-02-21 22:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-17 00:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2011-02-11 20:26 112128 --sha-r- c:\windows\System32\OptimFROG.dll
2010-01-07 09:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
2012-10-06 05:54 188416 --sha-r- c:\windows\System32\winDCE32.dll
2004-01-25 10:00 70656 --sh--w- c:\windows\System32\yv12vfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedupIcon]
@="{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 148992 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedUpModifiedIcon]
@="{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 148992 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-ColdStorageIcon]
@="{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 148992 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-FolderInCloudIcon]
@="{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 148992 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-NotBackedUpIcon]
@="{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 148992 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-07 01:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 1862144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-04-26 295512]
"Zoolz Tray"="c:\program files\Genie9\Zoolz2\ZoolzLauncher.exe" [2013-05-21 390160]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-11-06 935312]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-26 1985824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
Launch Jawbone Updater.lnk - c:\program files\Jawbone\LaunchJU.exe [2013-8-30 64120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-07 905728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 00:07 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-09 06:55]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 09:12]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 09:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.akamaimail.com/owa/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\j21cih20.default-1382048385744\
FF - ExtSQL: 2013-11-15 17:26; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\j21cih20.default-1382048385744\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-12-02 17:22; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\j21cih20.default-1382048385744\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2AB79858-CE81-3FAB-FF4B-623DC0AE43AF} - c:\program files\TidyNetwork\petn.dll
SafeBoot-51272532.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-19 10:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
Completion time: 2013-12-19  10:25:04
ComboFix-quarantined-files.txt  2013-12-19 20:25
.
Pre-Run: 91,566,182,400 bytes free
Post-Run: 91,709,906,944 bytes free
.
- - End Of File - - D1C8EC7A361320D9D94884BCB7172765
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

In your case I don't believe it is leaking any kind of information.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
scorpio4712000

scorpio4712000

Posted
  • Author
Posted

Wow, that was a really long scan.  Here is the log :)

 

==================

C:\Users\Chad\Desktop\Burned\Personal\Software\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D application 
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application 
C:\Users\Chad\AppData\Local\GCC\Controller.exe a variant of Win32/GigaClicks.AC application cleaned by deleting - quarantined
==================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.