Somoto.Better installer

[SPACKlick]

So I discovered a few issues with my laptop recently, most worrying was that Chrome would go into crash loops. I ran malwarebytes and Spybot but that doesn't seem to have fixed it. The one item that recurrs in these scans, even though it claims to be fixed, is Somoto better.installer.

Chrome is running fine now but I'm worried incase the infection is still there. Help would be appreciated.

DDS.Txt - For Reference, All instances of my name have been replaced with User for anonymity purposes.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2

Run by User at 1:00:31 on 2014-01-18

#Option Extended Search is enabled.

Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.5844.3532 [GMT 0:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

C:\windows\system32\dashost.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhostex.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\RuntimeBroker.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\igfxext.exe

C:\Program Files (x86)\Samsung\Settings\sSettings.exe

C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\S Agent\CommonAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\windows\explorer.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\backgroundTaskHost.exe

C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk.disabled

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}\244584572633D274432363 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}\244584572633D2A4636343 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}\244584572633D2A4636343F5548545 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}\244584572653D205830534 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}\45E4341405333464448324D245563736F62427F616462616E646 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [btTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"

x64-Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\x135quvj.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-9-5 645952]

R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-5 92536]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]

R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-8-26 1593976]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-5 128896]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-5 165760]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-15 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-15 701512]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-27 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-27 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-27 168384]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-5 364416]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-10 323584]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-9-5 88728]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-9-5 344216]

R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-9-5 114840]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-9-5 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-9-5 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-9-5 76952]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-9-5 135832]

R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-9-5 567808]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-8-14 313712]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-15 25928]

R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-5 23408]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-5 683664]

S2 Autodesk Content Service;Autodesk Content Service;"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" --> C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [?]

S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-7-13 1471352]

S3 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2012-9-5 30056]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"

.

=============== Created Last 60 ================

.

2014-01-17 22:03:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-17 22:02:40 89304 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2014-01-17 17:33:23 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-17 17:33:23 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2014-01-16 23:21:17 312320 ----a-w- C:\windows\System32\msieftp.dll

2014-01-16 23:21:17 273408 ----a-w- C:\windows\SysWow64\msieftp.dll

2014-01-10 18:38:22 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2014-01-10 18:37:52 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2014-01-01 18:09:49 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin

2013-12-31 04:05:55 -------- d-----w- C:\Program Files (x86)\EasyAutoClicker

2013-12-31 03:51:26 -------- d-----w- C:\Users\user\AppData\Local\Mobogenie

2013-12-21 19:55:51 -------- d-----w- C:\Users\user\AppData\Local\DDMSettings

2013-12-19 19:31:54 -------- d-----w- C:\ProgramData\Oracle

2013-12-19 19:31:41 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-18 20:34:33 -------- d-----w- C:\Users\user\AppData\Roaming\Unity

2013-12-18 20:34:02 -------- d-----w- C:\Users\user\AppData\Local\Unity

2013-12-16 04:32:56 -------- d-----w- C:\Program Files\DivX

2013-12-16 04:32:47 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2013-12-16 04:29:33 -------- d-----w- C:\Program Files (x86)\DivX

2013-12-16 04:28:23 -------- d-----w- C:\ProgramData\DivX

.

==================== Find6M  ====================

.

2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys

2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL

2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll

2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll

2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll

2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll

2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll

2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll

2013-09-18 20:08:56 94208 ----a-w- C:\windows\SysWow64\dpl100.dll

2013-09-13 22:36:37 35328 ----a-w- C:\windows\SysWow64\wuapp.exe

2013-09-13 22:36:23 84992 ----a-w- C:\windows\SysWow64\wudriver.dll

2013-09-13 22:36:23 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll

2013-09-13 22:36:14 247296 ----a-w- C:\windows\SysWow64\ubpm.dll

2013-09-13 22:34:14 40448 ----a-w- C:\windows\System32\wuapp.exe

2013-09-13 22:33:55 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll

2013-09-13 22:33:55 142848 ----a-w- C:\windows\System32\wuwebv.dll

2013-09-13 22:33:54 99328 ----a-w- C:\windows\System32\wudriver.dll

2013-09-13 22:33:54 1622016 ----a-w- C:\windows\System32\wucltux.dll

2013-09-13 22:33:42 328192 ----a-w- C:\windows\System32\ubpm.dll

2013-09-13 22:33:39 175104 ----a-w- C:\windows\System32\storewuauth.dll

2013-09-04 03:11:23 576512 ----a-w- C:\windows\System32\drivers\afd.sys

2013-08-30 05:43:40 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys

2013-08-30 05:20:13 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll

2013-08-29 23:48:12 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll

2013-08-26 09:13:02 354656 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl

2013-08-23 07:22:24 2062848 ----a-w- C:\windows\System32\d3d11.dll

2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys

2013-08-23 01:44:40 1711616 ----a-w- C:\windows\SysWow64\d3d11.dll

2013-08-21 06:39:29 465240 ----a-w- C:\windows\System32\drivers\fvevol.sys

2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys

2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll

2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe

2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe

2013-08-16 05:21:43 688640 ----a-w- C:\windows\System32\WSShared.dll

2013-08-16 05:21:43 183808 ----a-w- C:\windows\System32\WSSync.dll

2013-08-16 05:21:42 204800 ----a-w- C:\windows\System32\WSClient.dll

2013-08-16 05:21:42 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll

2013-08-16 05:21:42 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-16 05:21:18 368640 ----a-w- C:\windows\System32\sppwinob.dll

2013-08-16 05:21:18 1164288 ----a-w- C:\windows\System32\sppobjs.dll

2013-08-16 05:21:12 81408 ----a-w- C:\windows\System32\setupcln.dll

2013-08-16 05:21:00 120320 ----a-w- C:\windows\System32\sppc.dll

2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll

2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll

2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll

2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll

2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll

2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll

2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll

2013-08-10 06:30:22 151896 ----a-w- C:\windows\System32\drivers\tpm.sys

2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll

2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll

2013-08-10 05:21:01 817152 ----a-w- C:\windows\System32\kerberos.dll

2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll

2013-08-10 03:58:09 656896 ----a-w- C:\windows\SysWow64\kerberos.dll

2013-08-07 05:15:02 144896 ----a-w- C:\windows\System32\tssdisai.dll

2013-08-03 06:40:49 462336 ----a-w- C:\windows\System32\sysmon.ocx

2013-08-03 06:40:17 566784 ----a-w- C:\windows\System32\wvc.dll

2013-08-03 06:40:01 1374208 ----a-w- C:\windows\System32\wdc.dll

2013-08-03 05:14:15 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx

2013-08-03 05:13:57 437248 ----a-w- C:\windows\SysWow64\wvc.dll

2013-08-03 05:13:43 1245696 ----a-w- C:\windows\SysWow64\wdc.dll

2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll

2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll

2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-07-31 20:04:55 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2013-07-31 20:04:55 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll

2013-07-24 23:10:31 10799104 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll

2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll

2013-07-24 23:07:09 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll

2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll

.

============= FINISH:  1:00:57.11 ===============

 

 

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 09/11/2012 17:12:56

System Uptime: 16/01/2014 22:16:28 (27 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NP3530EC-A0CDX

Processor: Intel® Core i3-2328M CPU @ 2.20GHz | CPU Socket - U3E1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 442 GiB total, 376.715 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP76: 19/12/2013 19:29:53 - Installed Java 7 Update 45

RP78: 04/01/2014 16:15:50 - Scheduled Checkpoint

RP79: 11/01/2014 18:54:35 - Scheduled Checkpoint

RP80: 16/01/2014 22:24:09 - Removed FARO LS 1.1.500.1 (64bit)

.

==== Installed Programs ======================

.

Adobe Flash Player 12 Plugin

Adobe Reader X (10.1.8) MUI

Allshare Play Link

Autodesk Content Service

Autodesk Content Service Language Pack

Cheat Engine 6.3

CyberLink Power2Go 8

CyberLink PowerDVD 10

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

Dll-Files Fixer

E-POP

Easy Auto Clicker

Easy File Share

ETDWare PS/2-X64 11.7.2.1_WHQL

Google Chrome

Google Update Helper

Grand Theft Auto Vice City

Help Desk

Intel AppUp(SM) center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Java 7 Update 45

Java Auto Updater

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Movie Maker

Mozilla Firefox 26.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

NVIDIA Control Panel 305.46

NVIDIA Graphics Driver 305.46

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0613

NVIDIA Update Components

Photo Common

Photo Gallery

Plants vs. Zombies

Psychonauts Demo

Qualcomm Atheros Bluetooth Suite (64)

Qualcomm Atheros Client Installation Program

Quick Starter

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery

S Agent

ScummVM 1.6.0

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition

Settings

Spybot - Search & Destroy

Steam

Support Center

Support Center FAQ

SW Update

Team Fortress 2

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

User Guide

VC80CRTRedist - 8.0.50727.6195

Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

31/12/2014 21:44:16, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 45. The Windows SChannel error state is 552.

31/12/2014 21:44:16, Error: Schannel [36881]  - The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

16/01/2014 22:41:09, Error: Service Control Manager [7000]  - The Autodesk Content Service service failed to start due to the following error:  The system cannot find the file specified.

15/01/2014 00:09:45, Error: bowser [8003]  - The master browser has received a server announcement from the computer SYLVIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E1F50B77-E2E3-4A92-BB3F-A3B2465F5DAC}. The master browser is stopping or an election is being forced.

12/01/2014 20:50:06, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

.

==== End Of File ===========================

 

Thanks in advance

[Maniac]

Hello SPACKlick and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[SPACKlick]

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8 x64

Ran by USER on 18/01/2014 at 22:02:11.69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\webcakedesktop_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\webcakedesktop_rasmancs

 

 

 

~~~ Files

 

Failed to delete: [File] "C:\windows\Tasks\dll-files.com fixer_monthly.job"

Failed to delete: [File] "C:\windows\Tasks\dll-files.com fixer_updates.job"

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\USER\AppData\Roaming\b1toolbar"

Successfully deleted: [Folder] "C:\Users\USER\AppData\Roaming\dll-files.com"

Successfully deleted: [Folder] "C:\Users\USER\AppData\Roaming\media finder"

Successfully deleted: [Folder] "C:\Users\USER\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\boost_interprocess"

Failed to delete: [Folder] "C:\windows\syswow64\ai_recyclebin"

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\USER\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/01/2014 at 22:13:52.35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW log

# AdwCleaner v3.017 - Report created 18/01/2014 at 22:29:03

# Updated 12/01/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : USER - HOME2

# Running from : C:\Users\USER\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\Users\USER\AppData\Local\Mobogenie

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Users\USER\Documents\Mobogenie

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Wajam

Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\x135quvj.default\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.76

 

[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2511 octets] - [18/01/2014 22:25:36]

AdwCleaner[s0].txt - [2476 octets] - [18/01/2014 22:29:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2536 octets] ##########

MBAM log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.02.27.12

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16484

USER :: HOME2 [administrator]

 

Protection: Enabled

 

27/02/2013 23:27:03

mbam-log-2013-02-27 (23-27-03).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228907

Time elapsed: 7 minute(s), 47 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\USER\downloads\Psychonauts-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

 

(end)

As before all references to my name are changed for USER

[Maniac]

Database version: v2013.02.27.12

Your database version is not updated more than a year ago. Please update it and perform a quick scan.

[SPACKlick]

I looked in Malwarebytes It says my database version was 2014.01.16.06 but I updated to 2014.01.19.05 and did a new scan. I then realised I'd copied my oldest not my newest log. So here is the log for the scan I did yesterday
 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.16.06

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

USER :: HOME2 [limited]

 

18/01/2014 22:43:48

mbam-log-2014-01-18 (22-43-48).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 391847

Time elapsed: 1 hour(s), 5 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

And here's the results of todays

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.19.05

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

USER :: HOME2 [administrator]

 

19/01/2014 18:34:18

mbam-log-2014-01-19 (18-34-18).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 393228

Time elapsed: 1 hour(s), 5 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[SPACKlick]

They're too long to post so attached.

Extras.Txt

OTL.Txt

[Maniac]

How are things now?

[SPACKlick]

I ran a spybot search to see what was kicking about. Here is the report from it
 

Search results from Spybot - Search & Destroy

 

22/01/2014 21:14:43

Scan took 01:00:15.

7 items found.

 

MS DirectDraw: [sBI $EB49D5AF] Most recent application (Registry Change, nothing done)

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

 

MS DirectInput: [sBI $9A063C91] Most recent application (Registry Change, nothing done)

  HKEY_USERS\S-1-5-21-1843453403-1170319950-560944888-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name

 

MS DirectInput: [sBI $7B184199] Most recent application ID (Registry Change, nothing done)

  HKEY_USERS\S-1-5-21-1843453403-1170319950-560944888-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id

 

Windows: [sBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

 

Windows: [sBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

 

Cache: [sBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done)

  

 

History: [sBI $49804B54] Browser: History (11) (Browser: History, nothing done)

  

 

 

--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

 

2012-11-13 blindman.exe (2.0.12.151)

2012-11-13 explorer.exe (2.0.12.173)

2012-11-13 SDBootCD.exe (2.0.12.109)

2012-11-13 SDCleaner.exe (2.0.12.110)

2012-11-13 SDDelFile.exe (2.0.12.94)

2012-11-13 SDFiles.exe (2.0.12.135)

2012-11-13 SDFileScanHelper.exe (2.0.12.1)

2012-11-13 SDFSSvc.exe (2.0.12.205)

2012-11-13 SDImmunize.exe (2.0.12.130)

2012-11-13 SDLogReport.exe (2.0.12.107)

2012-11-13 SDPESetup.exe (2.0.12.3)

2012-11-13 SDPEStart.exe (2.0.12.86)

2012-11-13 SDPhoneScan.exe (2.0.12.27)

2012-11-13 SDPRE.exe (2.0.12.13)

2012-11-13 SDPrepPos.exe (2.0.12.10)

2012-11-13 SDQuarantine.exe (2.0.12.103)

2012-11-13 SDRootAlyzer.exe (2.0.12.116)

2012-11-13 SDSBIEdit.exe (2.0.12.39)

2012-11-13 SDScan.exe (2.0.12.173)

2012-11-13 SDScript.exe (2.0.12.53)

2012-11-13 SDSettings.exe (2.0.12.130)

2012-11-13 SDShred.exe (2.0.12.105)

2012-11-13 SDSysRepair.exe (2.0.12.101)

2012-11-13 SDTools.exe (2.0.12.150)

2012-11-13 SDTray.exe (2.0.12.127)

2012-11-13 SDUpdate.exe (2.0.12.89)

2012-11-13 SDUpdSvc.exe (2.0.12.76)

2012-11-13 SDWelcome.exe (2.0.12.126)

2012-11-13 SDWSCSvc.exe (2.0.12.2)

2013-02-27 unins000.exe (51.1052.0.0)

1999-12-02 xcacls.exe

2012-08-23 borlndmm.dll (10.0.2288.42451)

2012-09-05 DelZip190.dll (1.9.0.107)

2012-09-10 libeay32.dll (1.0.0.4)

2012-09-10 libssl32.dll (1.0.0.4)

2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)

2012-11-13 SDECon32.dll (2.0.12.113)

2012-11-13 SDECon64.dll (2.0.12.113)

2012-11-13 SDEvents.dll (2.0.12.2)

2012-11-13 SDFileScanLibrary.dll (2.0.12.9)

2012-11-13 SDHelper.dll (2.0.12.88)

2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)

2012-11-13 SDLists.dll (2.0.12.4)

2012-11-13 SDResources.dll (2.0.12.7)

2012-11-13 SDScanLibrary.dll (2.0.12.131)

2012-11-13 SDTasks.dll (2.0.12.15)

2012-11-13 SDWinLogon.dll (2.0.12.0)

2012-08-23 sqlite3.dll

2012-09-10 ssleay32.dll (1.0.0.4)

2012-11-13 Tools.dll (2.0.12.36)

2012-11-13 UninsSrv.dll (2.0.12.52)

2014-01-08 Includes\Adware-000.sbi (*)

2014-01-08 Includes\Adware-001.sbi (*)

2014-01-14 Includes\Adware-C.sbi (*)

2014-01-08 Includes\Adware.sbi (*)

2014-01-08 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2014-01-08 Includes\Dialer-000.sbi (*)

2014-01-08 Includes\Dialer-001.sbi (*)

2014-01-08 Includes\Dialer-C.sbi (*)

2014-01-08 Includes\Dialer.sbi (*)

2014-01-08 Includes\DialerC.sbi (*)

2012-11-14 Includes\HeavyDuty.sbi (*)

2014-01-08 Includes\Hijackers-000.sbi (*)

2014-01-08 Includes\Hijackers-001.sbi (*)

2014-01-08 Includes\Hijackers-C.sbi (*)

2014-01-08 Includes\Hijackers.sbi (*)

2014-01-08 Includes\HijackersC.sbi (*)

2014-01-08 Includes\iPhone-000.sbi (*)

2014-01-08 Includes\iPhone.sbi (*)

2014-01-08 Includes\Keyloggers-000.sbi (*)

2014-01-08 Includes\Keyloggers-C.sbi (*)

2014-01-08 Includes\Keyloggers.sbi (*)

2014-01-08 Includes\KeyloggersC.sbi (*)

2014-01-14 Includes\Malware-C.sbi (*)

2013-05-29 Includes\Malware.sbi (*)

2013-12-23 Includes\MalwareC.sbi (*)

2014-01-15 Includes\PUPS-000.sbi (*)

2014-01-15 Includes\PUPS-001.sbi (*)

2014-01-15 Includes\PUPS-002.sbi (*)

2014-01-14 Includes\PUPS-C.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2014-01-07 Includes\PUPSC.sbi (*)

2014-01-08 Includes\Security-000.sbi (*)

2014-01-08 Includes\Security-C.sbi (*)

2014-01-08 Includes\Security.sbi (*)

2014-01-08 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2014-01-08 Includes\Spyware-000.sbi (*)

2014-01-08 Includes\Spyware-001.sbi (*)

2014-01-08 Includes\Spyware-C.sbi (*)

2014-01-08 Includes\Spyware.sbi (*)

2014-01-08 Includes\SpywareC.sbi (*)

2011-06-07 Includes\Tracks.sbi (*)

2012-11-19 Includes\Tracks.uti (*)

2014-01-15 Includes\Trojans-000.sbi (*)

2014-01-15 Includes\Trojans-001.sbi (*)

2014-01-15 Includes\Trojans-002.sbi (*)

2014-01-15 Includes\Trojans-003.sbi (*)

2014-01-15 Includes\Trojans-004.sbi (*)

2014-01-15 Includes\Trojans-005.sbi (*)

2014-01-15 Includes\Trojans-006.sbi (*)

2014-01-15 Includes\Trojans-007.sbi (*)

2014-01-15 Includes\Trojans-008.sbi (*)

2014-01-15 Includes\Trojans-009.sbi (*)

2014-01-14 Includes\Trojans-C.sbi (*)

2014-01-15 Includes\Trojans-OG-000.sbi (*)

2014-01-15 Includes\Trojans-TD-000.sbi (*)

2014-01-15 Includes\Trojans-VM-000.sbi (*)

2014-01-15 Includes\Trojans-VM-001.sbi (*)

2014-01-15 Includes\Trojans-VM-002.sbi (*)

2014-01-15 Includes\Trojans-VM-003.sbi (*)

2014-01-15 Includes\Trojans-VM-004.sbi (*)

2014-01-15 Includes\Trojans-VM-005.sbi (*)

2014-01-15 Includes\Trojans-VM-006.sbi (*)

2014-01-15 Includes\Trojans-VM-007.sbi (*)

2014-01-15 Includes\Trojans-VM-008.sbi (*)

2014-01-15 Includes\Trojans-VM-009.sbi (*)

2014-01-15 Includes\Trojans-VM-010.sbi (*)

2014-01-15 Includes\Trojans-VM-011.sbi (*)

2014-01-15 Includes\Trojans-VM-012.sbi (*)

2014-01-15 Includes\Trojans-VM-013.sbi (*)

2014-01-15 Includes\Trojans-VM-014.sbi (*)

2014-01-15 Includes\Trojans-VM-015.sbi (*)

2014-01-15 Includes\Trojans-VM-016.sbi (*)

2014-01-15 Includes\Trojans-VM-017.sbi (*)

2014-01-15 Includes\Trojans-VM-018.sbi (*)

2014-01-15 Includes\Trojans-VM-019.sbi (*)

2014-01-15 Includes\Trojans-VM-020.sbi (*)

2014-01-15 Includes\Trojans-VM-021.sbi (*)

2014-01-15 Includes\Trojans-VM-022.sbi (*)

2014-01-15 Includes\Trojans-VM-023.sbi (*)

2014-01-15 Includes\Trojans-VM-024.sbi (*)

2014-01-15 Includes\Trojans-ZB-000.sbi (*)

2014-01-15 Includes\Trojans-ZL-000.sbi (*)

2014-01-09 Includes\Trojans.sbi (*)

2014-01-16 Includes\TrojansC-01.sbi (*)

2014-01-16 Includes\TrojansC-02.sbi (*)

2014-01-16 Includes\TrojansC-03.sbi (*)

2014-01-16 Includes\TrojansC-04.sbi (*)

2014-01-16 Includes\TrojansC-05.sbi (*)

2014-01-09 Includes\TrojansC.sbi (*)

 

 

The laptop seems to be acting reasonably well just concerned that spybot found those items in the registry.

[Maniac]

In my opinion they are false positives.

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!