Jump to content

infected?Win32.downloader.gen & cannot remove hotspot shield toolbar and converter toolbar for IE


Recommended Posts

Hi There,


I just inherited my brothers dell laptop (early Xmas gift) and I thinkit has a Trojan/virus on it.

I removed what junk he had on it and still found some issues.

It was sort of sluggish and

There's a couple of applications I tried to uninstall through programs and features:

hotspot shield toolbar and install converter toolbar for IE.

(clicked uninstall and nothing worked)

Also, I ran spybot on the laptop after this and found the following problem:



Spybot could not remove this after rebooting and running spybot again.


I would appreciate some assistance on these issues:

somewhat sluggish,

toolbar removals,

this bug.


After running malwarebytes scan, I found more viruses.


downloaded dds.com and ran it.









Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Admin at 0:02:21 on 2013-12-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8052.5619 [GMT -8:00]
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
============== Pseudo HJT Report ===============

uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
uURLSearchHooks: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbIns2.dll
mURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mURLSearchHooks: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbIns2.dll
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbIns2.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
TB: Installl Converter Toolbar: {6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - C:\Program Files (x86)\Installl_Converter\prxtbIns2.dll
TB: Installl Converter Toolbar: {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - C:\Program Files (x86)\Installl_Converter\prxtbIns2.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ICONRE~1.LNK - C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} - <orphaned>
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A} : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\05056434 : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\4556C6573783838303 : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\4656661657C647 : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\46C696E6B6D293735334 : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\C696E6B6379737 : DHCPNameServer =
TCP: Interfaces\{1DB4773D-3BB4-4806-A056-5951A6FB820A}\D48457265627 : DHCPNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts:    www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a2verr3w.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - startpage.com

FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-02-15 21:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
============= SERVICES / DRIVERS ===============
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-16 137312]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-7 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-3-7 18792]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2012-3-6 142944]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-1 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-7 202752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2011-2-24 1132032]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-12-21 50624]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-3-7 60928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-21 701512]
R2 nlsX86cc;NLS Service;C:\WINDOWS\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-16 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-2-23 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-7 656624]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-2-1 23912]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-3-7 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-7 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-1 151936]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-2-1 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-21 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-2-23 760168]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-2-23 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-2-23 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-2-23 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-2-23 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-5-20 35840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-1 220672]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-1 40712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-15 1255736]
=============== Created Last 30 ================
2013-12-22 07:36:53    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-12-22 07:36:46    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-22 07:36:45    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-22 07:36:45    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 02:36:33    --------    d-sh--w-    C:\BOOT
2013-12-22 01:52:12    272496    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-12-22 01:52:05    28272    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-12-22 01:52:00    872352    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-12-22 01:52:00    276592    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-12-22 01:52:00    22370928    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-12-22 01:52:00    170960    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-12-22 01:52:00    153712    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-12-22 01:52:00    108144    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-12-21 08:02:14    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5904C6D3-7515-4743-9975-6F7E1D35EED1}\mpengine.dll
2013-12-12 05:08:15    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 05:08:15    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 05:08:14    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 05:08:13    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 23:56:20    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-11-26 05:45:18    --------    d-----w-    C:\ProgramData\Brother
2013-11-26 05:45:06    45056    ----a-w-    C:\Windows\SysWow64\BRTCPCON.DLL
2013-11-26 05:45:05    77824    ----a-w-    C:\Windows\SysWow64\BRLMW03A.DLL
2013-11-26 05:45:05    25299    ----a-w-    C:\Windows\SysWow64\BRLM03A.DLL
2013-11-26 05:45:05    180224    ----a-w-    C:\Windows\SysWow64\BROSNMP.DLL
2013-11-26 05:45:05    103736    ----a-w-    C:\Windows\SysWow64\BRRBTOOL.EXE
2013-11-23 03:57:45    6582    ----a-w-    C:\Windows\SysWow64\PerfStringBackup.TMP
==================== Find3M  ====================
2013-12-11 02:14:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:14:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 11:33:38    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-27 21:14:25    282104    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
============= FINISH:  0:03:15.20 ===============



DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/20/2011 12:29:27 PM
System Uptime: 12/21/2013 11:59:48 PM (1 hours ago)
Motherboard: Dell Inc. |  | 0VF0FR
Processor: Intel® Core i5 CPU       M 430  @ 2.27GHz | CPU 1 | 2267/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 172 GiB total, 95.564 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 279 GiB total, 274.541 GiB free.
Q: is FIXED (App Virt AppFS) - 6 GiB total, 4.364 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
64 Bit HP CIO Components Installer
7-Zip 4.57
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Advanced Audio FX Engine
ATI Catalyst Control Center
Avery Wizard 4.0
Belkin F5D8053 N Wireless USB Adapter
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Dell Wireless WLAN Card Utility
Desktop Icon Position Saver (64-bit)
Dokan Library 0.6.0
ESET Smart Security
Evernote v. 4.5.10
eWallet 7.0
Hotspot Shield Toolbar
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HxD Hex Editor version
IconRestorer SR1
Installl Converter Toolbar for IE
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Java 6 Update 17 (64-bit)
Java 6 Update 35
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Choice Guard
Microsoft Office Click-to-Run 2010
Microsoft Office Mondo 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.3
Pando Media Booster
Printer Pro Desktop
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype™ 6.9
SplashID Safe 6.2
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Ten Thumbs 4.7
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.0.7
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software
Windows Live Essentials
Windows Live Writer
==== Event Viewer Messages From Past Week ========
12/22/2013 12:01:15 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/21/2013 5:04:07 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/21/2013 4:35:05 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
12/21/2013 11:46:46 AM, Error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).
12/21/2013 11:18:37 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/21/2013 1:37:51 PM, Error: Service Control Manager [7034]  - The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
12/21/2013 1:37:47 PM, Error: Service Control Manager [7034]  - The Hotspot Shield Routing Service service terminated unexpectedly.  It has done this 1 time(s).
12/20/2013 11:39:08 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/20/2013 11:39:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/20/2013 11:39:07 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
==== End Of File ===========================

Link to post
Share on other sites

Hello jdeee and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Hotspot Shield Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

I have attempted Step 1 several times (to uninstall the Hotspot Shield toolbar) thru Windows Programs and Features, It does nothing. I click to uninstall and it is unresponsive.


I have proceeded to Step 2 and only downloaded Junkware removal tool to my desktop.


What do I do now?

Link to post
Share on other sites

sorry, maybe it's my ignorance, but the jrt.exe seems to be running in the background.

Im not sure though...

In viewing the JRT.exe website, I was assuming that I would have be prompted within the cmd window that opened up "press any key to continue..." and then I would see it is checking modules, processes, etc....


Instead, all Ive seen so far is a cursor blinking in the top left hand corner of the applications cmd box that opened up.

Ive been prompted with nothing otheer than this.

Link to post
Share on other sites

no change in the jst.exe application that is still running. as of this moment returning home. The laptop has been running and I have the same blank cmd screen with the cursor blinking in the top left hand corner.

I dont think this application has performed any scanning these past several hours OR is performing anything at this time.

Link to post
Share on other sites

Ive tried to close the running jst.exe app down by closing it. no success.


Ive tried closing it down throiugh windows task manager several times. no success.

The jst.exe app has been open and running (as described above) in the background pretty much all day.

Ive shut down the laptop to close down this app.

Link to post
Share on other sites

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Mon 12/23/2013 at  6:19:16.41

~~~ Services

~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
    BackgroundContainer    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3299872
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D913EA7-0EB0-43AD-B791-3F9EBA9D5E60}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ FireFox

Successfully deleted: [File] C:\user.js

~~~ Event Viewer Logs were cleared

Scan was completed on Mon 12/23/2013 at  6:21:58.42
End of JRT log

Link to post
Share on other sites

additional note:

 when windows rebooted, it took more than 3min for it to close down and reboot.



# AdwCleaner v3.016 - Report created 23/12/2013 at 06:39:33
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\Program Files (x86)\Hotspot_Shield
Folder Deleted : C:\Program Files (x86)\Installl_Converter
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Installl_Converter
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a2verr3w.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a2verr3w.default\searchplugins\bingp.xml
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE3EFC66-E071-4312-9D57-89AC622F04E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4E14DB7-3073-4EC4-89A4-D7881AF26CE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C212D0A7-C1E5-43D4-A00F-72F67624BBD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5070550A-BA76-46F4-AB7D-14FBD3938A0F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKCU\Software\AppDataLow\Software\Installl_Converter
Key Deleted : HKLM\Software\Hotspot_Shield
Key Deleted : HKLM\Software\Installl_Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Installl_Converter Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v18.0.1 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a2verr3w.default\prefs.js ]


AdwCleaner[R0].txt - [5463 octets] - [23/12/2013 06:25:48]
AdwCleaner[R1].txt - [5523 octets] - [23/12/2013 06:27:30]
AdwCleaner[s0].txt - [4962 octets] - [23/12/2013 06:39:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5022 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial)

Database version: v2013.12.23.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrator]

Protection: Disabled

12/23/2013 6:52:05 AM
mbam-log-2013-12-23 (06-52-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259807
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware preventions:


Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.