Jump to content

Malware.Trace removal


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by Erik at 8:38:51 on 2013-12-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7575.5210 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\wwahost.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Erik\AppData\Roaming\svcmedia.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Erik\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com?cid={6713C9B8-AD3C-44C5-9F9C-88FCDEEABC31}&mid=58d33ddb0ac547d39dd7a5ac0571fbc4-36dbc873e1758a3f415bf555f9c05a86cf73b486〈=us/finishurl=http://toolbar.avg.com/p-install?lang=us&ds=ht011&coid=avgtbdisht&cmpid=&pr=sa&d=2013-12-18 02:15:05&v=17.2.0.38&pid=safeguard&sg=0&sap=hp
mWinlogon: Userinit = userinit.exe,
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [spotify] "C:\Users\Erik\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [svcmedia] C:\Users\Erik\AppData\Roaming\svcmedia.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e9ee1361-48b0-474b-9842-fa9d0f566b3a.exe /check
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B46E1BDE-DB0A-451D-9338-F55E65B8A745} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B46E1BDE-DB0A-451D-9338-F55E65B8A745}\140707C65602E4564777F627B602661616432363 : DHCPNameServer = 10.0.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-10-1 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-10-1 205320]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-10-1 1032416]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-10-1 409832]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-19 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-25 239616]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-10-1 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-10-1 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-6 50344]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-7-19 35232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-1 701512]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-2 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-2 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-2 171928]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-18 1771544]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2013-8-9 170712]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-30 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-1 25928]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-7-16 57000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 btwampfl;btwampfl;C:\windows\System32\Drivers\btwampfl.sys [2013-8-9 166104]
S3 hpvision;hpvision;C:\windows\System32\Drivers\hp64vision.sys [2013-11-5 26912]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== Created Last 30 ================
.
2013-12-18 12:53:31 -------- d-----w- C:\Program Files\CCleaner
2013-12-18 12:03:52 1413454 ----a-w- C:\Users\Erik\AppData\Roaming\vlcmedia.exe
2013-12-18 12:03:52 1413454 ----a-w- C:\Users\Erik\AppData\Roaming\svcmedia.exe
2013-12-18 10:36:45 -------- d-----w- C:\Users\Erik\AppData\Roaming\iDealshare VideoGo
2013-12-18 10:36:35 -------- d-----w- C:\Program Files (x86)\iDealshare
2013-12-18 10:15:00 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-18 10:14:41 -------- d-----w- C:\Program Files\HyperCam 2
2013-12-15 15:30:42 -------- d-----w- C:\Users\Erik\AppData\Local\Mozilla
2013-12-14 19:59:43 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 19:59:39 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-13 11:20:54 254128 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10227.bin
2013-12-11 06:01:00 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-12-11 05:58:36 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-06 22:45:58 -------- d-----w- C:\Users\Erik\AppData\Roaming\AVAST Software
2013-11-22 22:20:15 -------- d-----w- C:\windows\.jagex_cache_32
2013-11-22 01:19:23 -------- d-----w- C:\Program Files (x86)\PasswordBox
.
==================== Find3M  ====================
.
2013-12-06 22:26:31 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-12-06 22:26:31 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-12-06 22:26:31 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-12-06 22:26:30 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-12-06 22:26:30 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-12-06 22:26:28 43152 ----a-w- C:\windows\avastSS.scr
2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-22 01:19:11 46368 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-10-08 15:50:37 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 06:10:20 285016 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-10-02 02:50:07 447320 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-28 05:48:00 778752 ----a-w- C:\windows\System32\oleaut32.dll
2013-09-28 03:58:44 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2013-09-28 03:35:36 288768 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-09-26 06:14:41 290776 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2013-09-26 06:14:41 290776 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2013-09-26 06:04:18 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2013-09-26 05:46:15 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll
.
============= FINISH:  8:39:11.12 ===============
 
 
attach
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 9/1/2013 7:52:44 PM
System Uptime: 12/18/2013 8:05:22 AM (0 hours ago)
.
Motherboard: MSI |  | 2AE0
Processor: AMD A6-5400K APU with Radeon HD Graphics    | P0 | 3600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 846.883 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.43 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP17: 11/26/2013 12:47:11 PM - Removed Overwolf
RP18: 12/3/2013 7:26:18 PM - Scheduled Checkpoint
RP19: 12/6/2013 2:22:01 PM - avast! antivirus system restore point
RP20: 12/10/2013 10:47:58 PM - Windows Update
RP21: 12/14/2013 2:30:27 PM - Windows Update
.
==== Installed Programs ======================
.
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD VISION Engine Control Center
APB Reloaded
avast! Free Antivirus
AVG SafeGuard toolbar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike: Source
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Dolphin 4.0
Garry's Mod
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.0.0
HP Connected Music (Meridian - installer)
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP MyRoom
HP Postscript Converter
HP Registration Service
HP Support Assistant
HP Support Information
HyperCam 2
iDealshare VideoGo 4.1.21.4997
IDT Audio
Java 7 Update 45
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MSVCRT
Mumble 1.2.4
NVIDIA PhysX
Project64 1.6
PunkBuster Services
Puzzle Pirates
Recovery Manager
Skype™ 6.11
Spotify
Spybot - Search & Destroy
Steam
TeamSpeak 3 Client
Vizzed Retro Game Room
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/18/2013 8:05:44 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 126
12/18/2013 8:05:26 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
12/18/2013 7:23:28 AM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
12/14/2013 10:26:54 AM, Error: Service Control Manager [7000]  - The UAC File Virtualization service failed to start due to the following error:  This driver has been blocked from loading
12/13/2013 5:03:45 AM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.12. The computer with the IP address 192.168.0.16 did not allow the name to be claimed by this computer.
12/13/2013 2:27:23 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer MOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B46E1BDE-DB0A-451D-9338-F55E65B8A745}. The master browser is stopping or an election is being forced.
12/11/2013 8:34:09 AM, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
.
==== End Of File ===========================
 
 
RKreport
 
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Scan -- Date : 12/18/2013 08:44:04
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] svcmedia.exe -- C:\Users\Erik\AppData\Roaming\svcmedia.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : svcmedia (C:\Users\Erik\AppData\Roaming\svcmedia.exe [-]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA630 +++++
--- User ---
[MBR] a9d214ce677802939f26c329079eb3a8
[bSP] f98612a450bb8fa044ffa3514c8e2d43 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12182013_084404.txt >>
 
 
 
 
Link to post
Share on other sites

Can you find this file and upload it to VirusTotal for a free scan: http://www.virustotal.com/

C:\Users\Erik\AppData\Roaming\svcmedia.exe

You may have to enable hidden files to see it:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-8/

If you don't find it, it may be located inside of the RK_Quarantine folder on your desktop.

MrC

Link to post
Share on other sites

Antivirus

Result

Update

Ad-Aware

 

20131211

Agnitum

 

20131217

AhnLab-V3

 

20131218

AntiVir

DR/AutoIt.Gen2

20131219

Antiy-AVL

 

20131218

Avast

 

20131219

AVG

 

20131218

Baidu-International

 

20131213

BitDefender

 

20131211

Bkav

 

20131218

ByteHero

 

20130613

CAT-QuickHeal

 

20131218

ClamAV

 

20131219

CMC

Trojan.Win32.Generic!O

20131217

Commtouch

 

20131219

Comodo

 

20131219

DrWeb

 

20131219

Emsisoft

 

20131219

ESET-NOD32

a variant of Win32/Injector.Autoit.SP

20131219

F-Prot

 

20131219

F-Secure

 

20131219

Fortinet

 

20131218

GData

 

20131219

Ikarus

 

20131219

Jiangmin

 

20131218

K7AntiVirus

 

20131218

K7GW

 

20131218

Kaspersky

 

20131219

Kingsoft

 

20130829

Malwarebytes

 

20131219

McAfee

 

20131219

McAfee-GW-Edition

 

20131218203556

Microsoft

 

20131219

MicroWorld-eScan

 

20131218

NANO-Antivirus

 

20131219

Norman

 

20131218

nProtect

 

20131218

Panda

 

20131218

Rising

 

20131218

Sophos

 

20131219025557

SUPERAntiSpyware

 

20131219

Symantec

 

20131219

TheHacker

 

20131218

TotalDefense

 

20131218

TrendMicro

 

20131219

TrendMicro-HouseCall

 

20131219

VBA32

 

20131218

VIPRE

 

20131219

ViRobot

 

20131219

Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][sUSP PATH] HKCU\[...]\Run : svcmedia (C:\Users\Erik\AppData\Roaming\svcmedia.exe [-]) -> FOUND


Now click Delete on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)
 

[sUSP PATH] svcmedia.exe -- C:\Users\Erik\AppData\Roaming\svcmedia.exe [-] -> KILLED [TermProc]


Now click Delete on the right hand column under Options

Delete this file if found:

C:\Users\Erik\AppData\Roaming\svcmedia.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2013.12.19.09

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Erik :: BADYOSHI [administrator]

 

12/19/2013 12:44:56 AM

mbar-log-2013-12-19 (00-44-56).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 253055

Time elapsed: 17 minute(s), 50 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

 


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16750

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.593000 GHz

Memory total: 7943278592, free: 6431338496

 

Downloaded database version: v2013.12.19.09

Downloaded database version: v2013.12.18.01

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16750

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.593000 GHz

Memory total: 7943278592, free: 6216871936

 

Initializing...

======================

------------ Kernel report ------------

     12/19/2013 00:27:23

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\??\C:\windows\system32\drivers\aswSnx.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\??\C:\windows\system32\drivers\aswRdr2.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\??\C:\windows\system32\drivers\aswSP.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\system32\DRIVERS\L1C63x64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl63a.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\system32\drivers\bcbtums.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_storahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\??\C:\windows\system32\drivers\mbam.sys

\??\C:\windows\system32\drivers\aswFsBlk.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\ATMFD.DLL

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8009292060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003e\

Lower Device Object: 0xfffffa8008dea060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80092d9740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003d\

Lower Device Object: 0xfffffa8008baf060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8008d11740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003c\

Lower Device Object: 0xfffffa8008d98b00

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8008de6740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003b\

Lower Device Object: 0xfffffa8008d9d890

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007b21060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000030\

Lower Device Object: 0xfffffa80075e9060

Lower Device Driver Name: \Driver\storahci\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007b21060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007b21b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007b21060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa80075e9060, DeviceName: \Device\00000030\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 7AFEF895

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 1817046958

    GPT Header CurrentLba = 1 BackupLba 1953525167

    GPT Header FirstUsableLba 34  LastUsableLba 1953525134

    GPT Header Guid 2fc27bc0-1a9d-4937-b2d2-b177745dde84

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 1817046958

    Backup GPT header CurrentLba = 1953525167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134

    Backup GPT header Guid 2fc27bc0-1a9d-4937-b2d2-b177745dde84

    Backup GPT header Contains 128 partition entries starting at LBA 1953525135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID e6eac46-4bb6-4db5-a6e1-a7baa7ca98e2

    FirstLBA 2048  Last LBA 2097151

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 53a55977-6ddb-45d6-9674-efab826ee370

    FirstLBA 2097152  Last LBA 2834431

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID b0b7264e-a4a0-4793-886e-9652fea2c3b9

    FirstLBA 2834432  Last LBA 3096575

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 14a35ef8-d997-4808-9b5d-33af9fc32916

    FirstLBA 3096576  Last LBA 1912238079

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 8df85d1e-d37d-4915-a12b-8718a9dfba73

    FirstLBA 1912238080  Last LBA 1953523711

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8008de6740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008de4040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008de6740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008d9d890, DeviceName: \Device\0000003b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8008d11740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008d97040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008d11740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008d98b00, DeviceName: \Device\0000003c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80092d9740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80092b3870, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80092d9740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008baf060, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8009292060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80092beb10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009292060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008dea060, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Infected: HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID --> [Malware.Trace]

Scan finished

Creating System Restore point...

Cleaning up...

Removal successful. No system shutdown is required.

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16750

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.593000 GHz

Memory total: 7943278592, free: 5237059584

 

=======================================

Initializing...

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8009292060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003e\

Lower Device Object: 0xfffffa8008dea060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80092d9740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003d\

Lower Device Object: 0xfffffa8008baf060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8008d11740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003c\

Lower Device Object: 0xfffffa8008d98b00

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8008de6740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003b\

Lower Device Object: 0xfffffa8008d9d890

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007b21060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000030\

Lower Device Object: 0xfffffa80075e9060

Lower Device Driver Name: \Driver\storahci\

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 7AFEF895

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 1817046958

    GPT Header CurrentLba = 1 BackupLba 1953525167

    GPT Header FirstUsableLba 34  LastUsableLba 1953525134

    GPT Header Guid 2fc27bc0-1a9d-4937-b2d2-b177745dde84

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 1817046958

    Backup GPT header CurrentLba = 1953525167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134

    Backup GPT header Guid 2fc27bc0-1a9d-4937-b2d2-b177745dde84

    Backup GPT header Contains 128 partition entries starting at LBA 1953525135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID e6eac46-4bb6-4db5-a6e1-a7baa7ca98e2

    FirstLBA 2048  Last LBA 2097151

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 53a55977-6ddb-45d6-9674-efab826ee370

    FirstLBA 2097152  Last LBA 2834431

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID b0b7264e-a4a0-4793-886e-9652fea2c3b9

    FirstLBA 2834432  Last LBA 3096575

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 14a35ef8-d997-4808-9b5d-33af9fc32916

    FirstLBA 3096576  Last LBA 1912238079

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 8df85d1e-d37d-4915-a12b-8718a9dfba73

    FirstLBA 1912238080  Last LBA 1953523711

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8008de6740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008de4040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008de6740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008d9d890, DeviceName: \Device\0000003b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8008d11740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008d97040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008d11740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008d98b00, DeviceName: \Device\0000003c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80092d9740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80092b3870, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80092d9740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008baf060, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8009292060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80092beb10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009292060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008dea060, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

Link to post
Share on other sites

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.015 - Report created 19/12/2013 at 02:49:40

# Updated 10/12/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Erik - BADYOSHI

# Running from : C:\Users\Erik\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Erik\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Erik\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

File Deleted : C:\Users\Public\Desktop\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\qzlx2r2s.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7661 octets] - [19/12/2013 02:45:32]

AdwCleaner[R1].txt - [7721 octets] - [19/12/2013 02:46:44]

AdwCleaner[s0].txt - [6865 octets] - [19/12/2013 02:49:40]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6925 octets] ##########

 

 

i will report back in a day and give a status on the state of my computer, thank you for your help mrc, for the second time. 

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.