Jump to content

Repeatedly finding SrvID (Malware.Trace) in Registry


Recommended Posts

MBAM finds, quarantines, and removes this Malware entry every time I run a full scan, but it doesn't seem to permanently go away. I removed Microsoft Security Essentials earlier, and it seemed to fix the issue.  But then when I reinstalled MSE, the issue reappeared. Not sure what to make of that.

 

Below are the following logs: MBAM Full Scan Output; dds.scr Attach.txt; and dds.scr DDS.txt.

 

%%%%MBAM Log%%%%

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.20.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Ed :: I5 [administrator]

Protection: Disabled

1/20/2014 11:24:50 PM
mbam-log-2014-01-20 (23-24-50).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1046256
Time elapsed: 2 hour(s), 22 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

%%%%Attach.txt%%%%

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2012 5:08:03 PM
System Uptime: 1/20/2014 2:49:30 PM (17 hours ago)
.
Motherboard: MSI |  | P67A-G43 (MS-7673)
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3292/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 47.179 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 1863 GiB total, 1056.075 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 250.579 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5005GS Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\5&78811C5&0&0000E4
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5005GS Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\5&78811C5&0&0000E4
Service: athr
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP290: 1/5/2014 7:11:11 PM - Windows Backup
RP291: 1/9/2014 1:31:21 PM - Device Driver Package Install: Microtune International Ltd. Sound, video and game controllers
RP292: 1/9/2014 4:09:21 PM - Windows Update
RP293: 1/12/2014 4:01:10 PM - Windows Update
RP294: 1/12/2014 7:13:56 PM - Windows Backup
RP295: 1/15/2014 7:33:28 AM - Installed Java 7 Update 51
RP296: 1/15/2014 3:53:12 PM - Windows Backup
RP297: 1/16/2014 3:00:27 AM - Windows Update
RP298: 1/19/2014 6:50:15 AM - Windows Update
RP299: 1/19/2014 8:53:23 PM - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Software Update
Avidemux 2.6 (32-bit)
BlazeDTV 6.0
Brother MFL-Pro Suite MFC-7860DW
calibre
Catalina Savings Printer
CouchPotato
Coupon Printer for Windows
COWON Auto Capsule
CrashPlan
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
f.lux
ffdshow v1.2.4494 [2012-11-28]
FileZilla Client 3.6.0.2
Freemake Video Converter version 4.0.4
GIMP 2.8.0
Google Chrome
Google SketchUp 8
Google Update Helper
Google+ Auto Backup
HandBrake 0.9.9.1
Inkscape 0.48.2
Java 7 Update 51
Java Auto Updater
Java 6 Update 37
K-Lite Codec Pack 9.1.0 (Full)
KVIrc
LeapFrog Connect
LeapFrog Tag Junior Plugin
LibreOffice 3.5
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.8 (x86 en-US)
MP4Joiner v2.1.1
MythTV (remove only)
Notepad++
PDF Architect
PDF Split And Merge Basic
PDFCreator
Picasa 3
PlayReady PC Runtime x86
Python 2.7.3
QuickPar 0.9
QuickTime
SABnzbd 0.7.11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 5.10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
VLC media player 2.1.2
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
WinSCP 4.3.9
.
==== End Of File ===========================
 

%%%%DDS.txt%%%%

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Ed at 7:14:02 on 2014-01-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3062.1631 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Users\Ed\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Users\Ed\AppData\Roaming\CouchPotato\application\CouchPotato.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Python27\pythonw.exe
C:\Python27\pythonw.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.

BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - c:\program files\pdf architect\PDFIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - c:\program files\pdf architect\PDFIEPlugin.dll
uRun: [F.lux] "c:\users\ed\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRunOnce: [tqczn] c:\users\ed\appdata\local\temp\tqczn\27690.vbs
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\ed\appdata\roaming\micros~1\windows\startm~1\programs\startup\couchp~1.lnk - c:\users\ed\appdata\roaming\couchpotato\application\CouchPotato.exe
StartupFolder: c:\users\ed\appdata\roaming\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\SABnzbd.exe
StartupFolder: c:\users\ed\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\ed\appdata\local\temp\tqczn\27690.vbs
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{136AA13A-A761-492D-AE1D-017D11FF290F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{136AA13A-A761-492D-AE1D-017D11FF290F}\25F676562737E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{916C04C4-7C8E-469F-83FB-B6FAA3797277} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ed\appdata\roaming\mozilla\firefox\profiles\rtza75lb.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo


FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pdf architect\ffpdfarchitectext\plugins\NPPDFArchitectPreviewerPlugin.dll
FF - plugin: c:\users\ed\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2012-11-12 152576]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-10 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-10 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-4-8 799280]
R3 AuviUADFilter;Microtune USB Audio Filter Driver;c:\windows\system32\drivers\AuviUADFilter.sys [2014-1-9 20992]
R3 AuviUATV;AuviUATV NTSC Capture Device;c:\windows\system32\drivers\AuviUATV.sys [2014-1-9 1793664]
R3 AuviUDTV;AuviUDTV ATSC Capture Device;c:\windows\system32\drivers\AuviUDTV.sys [2014-1-9 1787648]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-3-20 266240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-10 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-20 40776]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2013-10-31 19456]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-13 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-13 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-2-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-5 1343400]
.
=============== Created Last 30 ================
.
2014-01-21 05:24:36    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-20 13:59:03    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{fd31236e-b106-4356-bcf4-7bea854696a3}\mpengine.dll
2014-01-19 12:50:20    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-15 21:19:27    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{dad6d22c-ddbc-43af-8b32-276ff29f445c}\gapaengine.dll
2014-01-15 21:18:33    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-15 13:43:49    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 13:43:47    240576    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 13:43:45    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:43:45    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 13:43:45    43520    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:43:45    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 13:43:45    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:43:45    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:43:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-12 22:56:22    --------    d-----w-    c:\users\ed\.mythtv
2014-01-12 22:53:57    --------    d-----w-    c:\program files\MythTV
2014-01-12 22:39:07    --------    d-----w-    c:\windows\pss
2014-01-12 22:01:34    736952    ----a-w-    c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-12 22:01:21    --------    d-----w-    c:\program files\PlayReady
2014-01-12 22:01:17    2876528    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2014-01-12 22:01:08    42168    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2014-01-12 22:01:05    539984    ----a-w-    c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2014-01-10 10:44:03    --------    d-----w-    c:\users\ed\appdata\roaming\Malwarebytes
2014-01-10 10:43:52    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-10 10:43:51    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-10 10:43:51    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-10 01:07:46    --------    d-----w-    c:\users\ed\appdata\roaming\DataWork
2014-01-09 19:35:41    --------    d-----w-    c:\programdata\Plugins
2014-01-09 19:33:04    --------    d-----w-    c:\programdata\BlazeVideo
2014-01-09 19:33:03    14    ----a-w-    c:\windows\system32\systeminfo.dll
2014-01-09 19:32:56    --------    d-----w-    c:\program files\BlazeVideo
2014-01-09 19:31:37    --------    d-----w-    c:\program files\RC_Bridge
2014-01-09 19:31:21    20992    ----a-w-    c:\windows\system32\drivers\AuviUADFilter.sys
2014-01-09 19:31:21    1793664    ----a-w-    c:\windows\system32\drivers\AuviUATV.sys
2014-01-09 19:31:21    1787648    ----a-w-    c:\windows\system32\drivers\AuviUDTV.sys
2014-01-06 19:23:36    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
.
==================== Find3M  ====================
.
2014-01-21 13:09:20    29    ----a-w-    c:\windows\system32\TempWmicBatchFile.bat
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-19 03:10:01    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-11 18:21:05    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:21:05    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-12 02:07:29    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-10-31 19:40:22    19456    ----a-w-    c:\windows\system32\drivers\FlyUsb.sys
2013-10-30 02:19:52    301568    ----a-w-    c:\windows\system32\msieftp.dll
2009-09-27 14:39:26    369152    --sh--w-    c:\windows\system32\avisynth.dll
2005-07-14 17:31:20    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2004-02-22 15:11:08    719872    --sh--w-    c:\windows\system32\devil.dll
2004-01-25 05:00:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2004-01-25 05:00:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
.
============= FINISH:  7:14:08.79 ===============
 

 

 

 

 

Thanks for your time and attention!

Link to post
Share on other sites

Hello stretch44 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as CouchPotato or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh DDS log files.

Link to post
Share on other sites

Thank you for you attention! 

 

Here are my updated logs:

 

%%%%MBAM Log%%%%

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Ed :: I5 [administrator]

Protection: Disabled

1/22/2014 2:57:51 PM
mbam-log-2014-01-22 (14-57-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1047096
Time elapsed: 2 hour(s), 22 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\runonce|tqczn (Trojan.Agent.VBS) -> Data: C:\Users\Ed\AppData\Local\Temp\tqczn\27690.vbs -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ed\AppData\Local\Temp\tqczn\27690.vbs (Trojan.Agent.VBS) -> Quarantined and deleted successfully.

(end)
 

 

%%%%DDS.txt%%%%

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Ed at 18:24:27 on 2014-01-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3062.1598 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Ed\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - c:\program files\pdf architect\PDFIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - c:\program files\pdf architect\PDFIEPlugin.dll
uRun: [F.lux] "c:\users\ed\appdata\local\fluxsoftware\flux\flux.exe" /noshow
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\ed\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\ed\appdata\local\temp\tqczn\27690.vbs
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{136AA13A-A761-492D-AE1D-017D11FF290F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{136AA13A-A761-492D-AE1D-017D11FF290F}\25F676562737E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{916C04C4-7C8E-469F-83FB-B6FAA3797277} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ed\appdata\roaming\mozilla\firefox\profiles\rtza75lb.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo


FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pdf architect\ffpdfarchitectext\plugins\NPPDFArchitectPreviewerPlugin.dll
FF - plugin: c:\users\ed\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2012-11-12 152576]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-10 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-10 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-4-8 799280]
R3 AuviUADFilter;Microtune USB Audio Filter Driver;c:\windows\system32\drivers\AuviUADFilter.sys [2014-1-9 20992]
R3 AuviUATV;AuviUATV NTSC Capture Device;c:\windows\system32\drivers\AuviUATV.sys [2014-1-9 1793664]
R3 AuviUDTV;AuviUDTV ATSC Capture Device;c:\windows\system32\drivers\AuviUDTV.sys [2014-1-9 1787648]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-3-20 266240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-10 22856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2013-10-31 19456]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-13 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-13 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-2-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-5 1343400]
.
=============== Created Last 30 ================
.
2014-01-22 01:23:07    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{f62e4bbe-3b0f-4a2f-b7ca-3539b2a99d0c}\mpengine.dll
2014-01-21 18:37:15    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-15 21:19:27    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{dad6d22c-ddbc-43af-8b32-276ff29f445c}\gapaengine.dll
2014-01-15 21:18:33    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-15 13:43:49    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 13:43:47    240576    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 13:43:45    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:43:45    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 13:43:45    43520    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:43:45    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 13:43:45    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:43:45    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:43:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-12 22:56:22    --------    d-----w-    c:\users\ed\.mythtv
2014-01-12 22:53:57    --------    d-----w-    c:\program files\MythTV
2014-01-12 22:39:07    --------    d-----w-    c:\windows\pss
2014-01-12 22:01:34    736952    ----a-w-    c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-12 22:01:21    --------    d-----w-    c:\program files\PlayReady
2014-01-12 22:01:17    2876528    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2014-01-12 22:01:08    42168    ----a-w-    c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2014-01-12 22:01:05    539984    ----a-w-    c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2014-01-10 10:44:03    --------    d-----w-    c:\users\ed\appdata\roaming\Malwarebytes
2014-01-10 10:43:52    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-10 10:43:51    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-10 10:43:51    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-10 01:07:46    --------    d-----w-    c:\users\ed\appdata\roaming\DataWork
2014-01-09 19:35:41    --------    d-----w-    c:\programdata\Plugins
2014-01-09 19:33:04    --------    d-----w-    c:\programdata\BlazeVideo
2014-01-09 19:33:03    14    ----a-w-    c:\windows\system32\systeminfo.dll
2014-01-09 19:32:56    --------    d-----w-    c:\program files\BlazeVideo
2014-01-09 19:31:37    --------    d-----w-    c:\program files\RC_Bridge
2014-01-09 19:31:21    20992    ----a-w-    c:\windows\system32\drivers\AuviUADFilter.sys
2014-01-09 19:31:21    1793664    ----a-w-    c:\windows\system32\drivers\AuviUATV.sys
2014-01-09 19:31:21    1787648    ----a-w-    c:\windows\system32\drivers\AuviUDTV.sys
2014-01-06 19:23:36    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
.
==================== Find3M  ====================
.
2014-01-23 00:21:13    29    ----a-w-    c:\windows\system32\TempWmicBatchFile.bat
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-19 03:10:01    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-11 18:21:05    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:21:05    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-12 02:07:29    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-10-31 19:40:22    19456    ----a-w-    c:\windows\system32\drivers\FlyUsb.sys
2013-10-30 02:19:52    301568    ----a-w-    c:\windows\system32\msieftp.dll
2009-09-27 14:39:26    369152    --sh--w-    c:\windows\system32\avisynth.dll
2005-07-14 17:31:20    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2004-02-22 15:11:08    719872    --sh--w-    c:\windows\system32\devil.dll
2004-01-25 05:00:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2004-01-25 05:00:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
.
============= FINISH: 18:24:38.79 ===============
 

 

%%%%Attach.txt%%%%

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2012 5:08:03 PM
System Uptime: 1/22/2014 6:21:05 PM (0 hours ago)
.
Motherboard: MSI |  | P67A-G43 (MS-7673)
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3292/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 49.58 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 1863 GiB total, 1056.075 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 194.455 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5005GS Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\5&78811C5&0&0000E4
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5005GS Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\5&78811C5&0&0000E4
Service: athr
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP291: 1/9/2014 1:31:21 PM - Device Driver Package Install: Microtune International Ltd. Sound, video and game controllers
RP292: 1/9/2014 4:09:21 PM - Windows Update
RP293: 1/12/2014 4:01:10 PM - Windows Update
RP294: 1/12/2014 7:13:56 PM - Windows Backup
RP295: 1/15/2014 7:33:28 AM - Installed Java 7 Update 51
RP296: 1/15/2014 3:53:12 PM - Windows Backup
RP297: 1/16/2014 3:00:27 AM - Windows Update
RP298: 1/19/2014 6:50:15 AM - Windows Update
RP299: 1/19/2014 8:53:23 PM - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Software Update
Avidemux 2.6 (32-bit)
BlazeDTV 6.0
Brother MFL-Pro Suite MFC-7860DW
calibre
Catalina Savings Printer
Coupon Printer for Windows
COWON Auto Capsule
CrashPlan
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
f.lux
ffdshow v1.2.4494 [2012-11-28]
FileZilla Client 3.6.0.2
Freemake Video Converter version 4.0.4
GIMP 2.8.0
Google Chrome
Google SketchUp 8
Google Update Helper
Google+ Auto Backup
HandBrake 0.9.9.1
Inkscape 0.48.2
Java 7 Update 51
Java Auto Updater
Java 6 Update 37
K-Lite Codec Pack 9.1.0 (Full)
KVIrc
LeapFrog Connect
LeapFrog Tag Junior Plugin
LibreOffice 3.5
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.8 (x86 en-US)
MP4Joiner v2.1.1
MythTV (remove only)
Notepad++
PDF Architect
PDF Split And Merge Basic
PDFCreator
Picasa 3
PlayReady PC Runtime x86
Python 2.7.3
QuickPar 0.9
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 5.10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
VLC media player 2.1.2
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
WinSCP 4.3.9
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Catalina Savings Printer

Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Just FYI, as of my last post:

  • I had uninstalled: SABnzbd & Couchpotato
  • I subsequently reran a Malwarebytes Full Scan, generating a log file attached below (MBAM Log #1)
  • Prompted by the updater, I allowed Adobe Flash to update in its usual way (I hope that's okay?)
  • Then I followed your instructions, generating:
  • JRT.txt
  • AdwCleaner[s0].txt
  • MBAM Log #2

So, I am attaching 4 logs instead of 3. 

 

%%%%MBAM Log #1%%%%

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Ed :: I5 [administrator]

Protection: Disabled

1/22/2014 2:57:51 PM
mbam-log-2014-01-22 (14-57-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1047096
Time elapsed: 2 hour(s), 22 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\runonce|tqczn (Trojan.Agent.VBS) -> Data: C:\Users\Ed\AppData\Local\Temp\tqczn\27690.vbs -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ed\AppData\Local\Temp\tqczn\27690.vbs (Trojan.Agent.VBS) -> Quarantined and deleted successfully.

(end)
 

 

%%%%JRT.txt%%%%

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x86
Ran by Ed on Thu 01/23/2014 at  6:49:13.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ed\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Ed\appdata\local\downloadterms"



~~~ FireFox

Successfully deleted: [File] C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\rtza75lb.default\user.js
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net"
Emptied folder: C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\rtza75lb.default\minidumps [67 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at  6:50:12.23
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

%%%%AdwCleaner[s0].txt%%%%

# AdwCleaner v3.017 - Report created 23/01/2014 at 06:55:20
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ed - I5
# Running from : C:\Users\Ed\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\rtza75lb.default\prefs.js ]


[ File : C:\Users\Projector\AppData\Roaming\Mozilla\Firefox\Profiles\xsf7j72z.default\prefs.js ]


[ File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\yo1rchkx.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Projector\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1920 octets] - [23/01/2014 06:52:37]
AdwCleaner[s0].txt - [1855 octets] - [23/01/2014 06:55:20]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1915 octets] ##########
 

 

%%%%MBAM Log #2%%%%

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.23.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Ed :: I5 [administrator]

Protection: Enabled

1/23/2014 6:59:40 AM
mbam-log-2014-01-23 (06-59-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281632
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Yes, please change all of your passwords.

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.