Jump to content

www.appround.biz virus


Recommended Posts

I have 2 PC's running Windows 7 64-bit that have been infected with this "www.appround.biz" virus.  Neither PC has had any physical common data sharing other than using the same wi-fi internet connection.  Yesterday both PC's started with their web pages (Google search being common on both) being hijacked by a page stating “There is a new Video Player version. Install new version now for better performance” pop-up message.  I have tried using every available well know (Malwarebytes included) removal application, and some not-so-well-known (YAC), all without success.  Running these apps multiple times in safe mode has made no difference either.  Other symptoms include internet access off and on, slow loading of web pages, if at all, other pop-ups “Flash Player Update” and disabling of native anti-virus programs.  One PC runs AVG Free and the other BitDefender (retail).  I have done extensive research on the net and have come up with very little information of any value.  I understand this is a modern twist to an existing extremely harmful piece of malware and I am desperate to resolve their removal.  Any help would be appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by CRAIG at 15:55:40 on 2014-03-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.27.1033.18.4095.2266 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Pale Moon\palemoon.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\eM Client\MailClient.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\CubicExplorer\CubicExplorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: NameServer = 37.1.193.207 8.8.8.8
TCP: Interfaces\{443C96F5-7096-4052-A821-71AA334CB985} : DHCPNameServer = 37.1.193.207 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
x64-mStart Page = about:blank
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [installerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\w1llh7ta.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt\plugins\NPPDFArchitectPreviewerPlugin.dll
FF - plugin: C:\Program Files (x86)\TheSage\extensions\firefox\plugins\npWCX.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_80.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-2-15 17088]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2014-1-22 133152]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-19 701512]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-12-14 71280]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-20 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-20 15129376]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-22 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-22 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-22 171416]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2014-3-6 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2014-1-20 2725376]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-19 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-20 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2014-2-2 276256]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-3-21 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-20 36680]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-1-22 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-1-22 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-21 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-21 31800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-30 5341536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-21 1255736]
S4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-1-24 9216]
S4 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
S4 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\PROGRA~2\PSPADE~1\PSPad.exe "%1"
.
=============== Created Last 30 ================
.
2014-03-23 17:58:48    110080    ----a-r-    C:\Users\CRAIG\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-03-23 17:58:48    110080    ----a-r-    C:\Users\CRAIG\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-03-23 17:58:48    110080    ----a-r-    C:\Users\CRAIG\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-03-23 17:58:47    --------    d-----w-    C:\sh4ldr
2014-03-23 17:58:47    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-03-23 17:58:07    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-22 11:13:48    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-03-22 11:13:43    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-03-22 11:13:39    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-22 11:12:23    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\SUPERAntiSpyware.com
2014-03-22 11:12:02    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-03-22 11:12:02    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-03-22 11:08:45    --------    d-----w-    C:\Users\CRAIG\Doctor Web
2014-03-22 10:46:03    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\eCyber
2014-03-22 10:45:45    --------    d-----w-    C:\Windows\System32\log
2014-03-22 10:45:28    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\iSafe
2014-03-21 08:04:18    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-03-20 21:08:23    36680    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-20 20:40:36    0    ----a-w-    C:\Windows\System32\nvapi.dll
2014-03-20 19:52:53    175528    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-03-20 19:52:04    --------    d-----w-    C:\Program Files (x86)\ESET
2014-03-19 18:23:42    --------    d-----w-    C:\Users\CRAIG\AppData\Local\3cf8b203-1d1e-43c5-6c12-25821154840d
2014-03-19 16:14:23    --------    d-----w-    C:\Program Files (x86)\PCData
2014-03-19 16:13:46    --------    d-----w-    C:\Users\CRAIG\AppData\Local\69d8bf8a-c846-4127-7679-476e3d5abc1e
2014-03-19 16:07:51    --------    d-----w-    C:\Program Files (x86)\Pale Moon
2014-03-19 15:22:57    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\AVG2014
2014-03-19 15:21:49    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\TuneUp Software
2014-03-19 15:20:34    --------    d--h--w-    C:\$AVG
2014-03-19 15:20:33    --------    d-----w-    C:\ProgramData\AVG2014
2014-03-19 15:19:58    --------    d-----w-    C:\Program Files (x86)\AVG
2014-03-19 15:18:00    --------    d-----w-    C:\Users\CRAIG\AppData\Local\MFAData
2014-03-19 15:18:00    --------    d-----w-    C:\Users\CRAIG\AppData\Local\Avg2014
2014-03-19 15:18:00    --------    d-----w-    C:\ProgramData\MFAData
2014-03-19 14:40:15    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-19 14:04:46    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B298E215-5C09-48BD-A5F2-73C87D54E01C}\mpengine.dll
2014-03-19 11:52:42    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\Malwarebytes
2014-03-19 11:52:34    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-19 11:52:32    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 17:35:13    --------    d-----w-    C:\Users\CRAIG\.thumbnails
2014-03-17 17:33:02    --------    d-----w-    C:\Users\CRAIG\AppData\Local\fontconfig
2014-03-17 17:33:00    --------    d-----w-    C:\Users\CRAIG\AppData\Local\gegl-0.2
2014-03-17 17:33:00    --------    d-----w-    C:\Users\CRAIG\.gimp-2.8
2014-03-17 17:32:01    --------    d-----w-    C:\Program Files\GIMP 2
2014-03-17 17:19:51    --------    d-----w-    C:\Program Files (x86)\Free Photo Frame Editor
2014-03-17 17:09:55    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\PhotoScape
2014-03-17 17:09:45    --------    d-----w-    C:\Program Files (x86)\PhotoScape
2014-03-17 15:47:10    --------    d-----w-    C:\Program Files (x86)\Photo Frame Genius
2014-03-17 15:18:27    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\Big Eagle Software
2014-03-12 03:26:52    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 03:26:52    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 03:26:52    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 03:26:52    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 20:20:44    --------    d-----w-    C:\ProgramData\SoftPerfect
2014-03-11 20:20:44    --------    d-----w-    C:\Program Files\NetWorx
2014-03-11 20:03:26    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\NCH Software
2014-03-11 20:03:23    --------    d-----w-    C:\Program Files (x86)\NCH Software
2014-03-10 20:32:06    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\Mp3tag
2014-03-10 19:03:41    --------    d-----w-    C:\Program Files (x86)\Audacity
2014-03-10 05:27:01    224016    ----a-w-    C:\Windows\SysWow64\tabctl32.ocx
2014-03-10 05:27:01    151552    ----a-w-    C:\Windows\SysWow64\zip32.dll
2014-03-10 05:27:01    --------    d-----w-    C:\Program Files (x86)\MagicBerry for Blackberry
2014-03-09 12:00:40    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\BID
2014-03-09 12:00:38    --------    d-----w-    C:\Program Files (x86)\Bulk Image Downloader
2014-03-08 10:45:19    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\TheSage
2014-03-08 10:44:57    --------    d-----w-    C:\Program Files (x86)\TheSage
2014-03-06 13:11:10    471040    ----a-w-    C:\Windows\ssndii.exe
2014-03-06 13:11:09    --------    d-----w-    C:\Windows\Samsung
2014-03-06 13:06:43    53816    ------w-    C:\Windows\System32\drivers\DGIVECP.SYS
2014-03-06 13:06:43    11576    ------w-    C:\Windows\System32\drivers\SSPORT.SYS
2014-03-06 13:06:41    --------    d-----w-    C:\Program Files (x86)\SAMSUNG
2014-03-06 13:06:22    27648    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\SUGS2pc.dll
2014-03-06 12:27:51    --------    d-----w-    C:\Program Files\VueScan
2014-03-06 09:34:59    --------    d--h--w-    C:\CanoScan
2014-03-03 16:35:35    24    --sha-w-    C:\Users\CRAIG\AppData\Roaming\1D959CA221C7573.sys
2014-03-03 16:35:09    --------    d-----w-    C:\Program Files (x86)\jv16 PowerTools 2014
2014-03-03 13:57:11    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-02-25 17:20:05    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\SomePDF
2014-02-25 17:20:02    --------    d-----w-    C:\Program Files (x86)\SomePDF
2014-02-25 16:06:58    --------    d-----w-    C:\Users\CRAIG\AppData\Roaming\ObviousIdea
2014-02-25 16:06:37    --------    d-----w-    C:\Users\CRAIG\AppData\Local\ObviousIdea
2014-02-25 16:06:22    --------    d-----w-    C:\Program Files (x86)\ObviousIdea
2014-02-25 15:57:48    --------    d-----w-    C:\Program Files (x86)\Image Resizer
2014-02-23 08:30:32    --------    d-----w-    C:\Program Files (x86)\Labeljoy 5
2014-02-23 08:29:19    --------    d-----w-    C:\Users\CRAIG\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
2014-02-22 15:12:16    --------    d-----w-    C:\Users\CRAIG\AppData\Local\Remove_Empty_Directories
2014-02-22 15:11:44    --------    d-----w-    C:\Program Files (x86)\Remove Empty Directories
.
==================== Find3M  ====================
.
2014-03-03 14:34:13    1542    ----a-w-    C:\ProgramData\IDMGrHelp.exe.tmp
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-19 05:30:54    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-19 05:30:54    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-13 17:47:55    236912    ----a-w-    C:\ProgramData\1392313552.bdinstall.bin
2014-02-13 11:48:04    74512    ----a-w-    C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-02-13 11:48:04    74512    ----a-w-    C:\Windows\System32\bdsandboxuiskin32.dll
2014-02-13 11:45:46    84848    ----a-w-    C:\Windows\System32\bdsandboxuiskin.dll
2014-02-13 11:44:12    34384    ----a-w-    C:\Windows\System32\bdsandboxuh.dll
2014-02-13 11:13:02    2002094    ----a-w-    C:\ProgramData\1392289609.bdinstall.bin
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-05 17:24:59    114    ----a-w-    C:\Windows\Printdir.bat
2014-02-04 13:54:15    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-02 11:26:03    276256    ----a-w-    C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys
2014-02-01 20:56:54    22    ----a-w-    C:\Windows\SysWow64\winStudio.bin
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-22 06:52:12    708168    ----a-w-    C:\Windows\System32\WinUSBCoInstaller.dll
2014-01-22 06:52:12    1490656    ----a-w-    C:\Windows\System32\WdfCoInstaller01007.dll
2014-01-22 06:52:10    206080    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 06:52:10    108800    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2014-01-20 23:37:34    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-20 21:28:27    419840    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-01-20 21:28:27    111616    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-01-20 21:28:26    413696    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-01-20 21:28:26    102400    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-01-18 15:12:06    283840    ----a-w-    C:\Windows\System32\StartMenuHelper64.dll
2014-01-18 15:12:00    243904    ----a-w-    C:\Windows\SysWow64\StartMenuHelper32.dll
2014-01-16 12:42:36    69632    ----a-w-    C:\nporbit.dll
2014-01-09 08:37:32    147456    ----a-w-    C:\Windows\SysWow64\bzpdfc.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 15:56:38.04 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 20 Jan 2014 17:33:30
System Uptime: 24 Mar 2014 10:16:37 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5K-V
Processor: Intel® Core2 Quad CPU    Q6600  @ 2.40GHz | LGA775 | 1580/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 52.126 GiB free.
D: is FIXED (NTFS) - 1763 GiB total, 820.758 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 9.388 GiB free.
F: is FIXED (NTFS) - 640 GiB total, 154.466 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 140.37 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_125B&DEV_1400&SUBSYS_00000000&REV_03\4&1542FBD&0&10F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_125B&DEV_1400&SUBSYS_00000000&REV_03\4&1542FBD&0&10F0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: iSafeNetFilter
Device ID: ROOT\LEGACY_ISAFENETFILTER\0000
Manufacturer:
Name: iSafeNetFilter
PNP Device ID: ROOT\LEGACY_ISAFENETFILTER\0000
Service: iSafeNetFilter
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
47 folders version 1.9
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
AlFileSearch 1.1
Ant Renamer
AnyDVD
Apple Application Support
Ashampoo Office 2012
ASUS Xonar DG Audio Driver
Audacity 2.0.5
Auslogics Duplicate File Finder
AVG 2014
Batch File Rename (Remove only)
BeCyIconGrabber
BitTorrent
Bulk Image Downloader v4.21.0.0
Bulk Mailer
Bullzip PDF Printer 10.2.0.2141
Canon iP2700 series Printer Driver
CCleaner
CDBurnerXP
Classic Shell
CloneDVD2
CodeStuff Starter
Corel PaintShop Pro X6
COWON Media Center - jetAudio Plus VX
D3DX10
Daum PotPlayer 1.5.45955 x64 Edition
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Defraggler
DVDFab 9.1.1.5 (07/12/2013)
Easy CD-DA Extractor 12
Easy CD-DA Extractor 16
Effective File Search 6.8.1
eM Client
ESET Online Scanner v3
Everything 1.3.3.658 (x64)
ExtremeCopy
FileHippo.com Update Checker
FileLocator Pro x64
FileSeek 3.1
flpro_2031 7.0.2031
Foxmail
Freemake Video Downloader
GeForce Experience NvStream Client Components
Glary Utilities 4.3
Google Chrome
GPL Ghostscript Lite 9.10.16
GPSoftware Directory Opus
HandBrake 0.9.9.1
HD Tune Pro 5.50
Helium Audio Converter (build 365)
ICA
IconCool Manager v6
IconCool Studio 7 Pro
Image Resizer Powertoy Clone for Windows (64 bit)
ImgBurn
IPM_PSP_COM
IPM_PSP_COM64
Java 7 Update 51 (64-bit)
JMicron JMB36X Driver
Junk Mail filter update
jv16 PowerTools 2014
Karen's Directory Printer
Labeljoy 5
Light Image Resizer 4.5.7.0
Magic DVD Ripper V8.1.0
MagicBerry for Blackberry version 3.5
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
MediaInfo 0.7.67
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MiniTool Partition Wizard Server Edition 8.1.1
Miroirs
MozBackup 1.5.1
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MultiCommander
n2ncopy 0.19.0.0
NetWorx 5.2.1
NFOPad 1.68
Notepad++
NVIDIA 3D Vision Controller Driver 326.01
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Opera 12.16
Orbit Downloader
Pale Moon 24.4.1 (x86 en-US)
PDF-Viewer
PDF-XChange 2012 Pro
PDF Architect
PDF24 Creator 6.3.0
PDFCreator
Perfect Uninstaller v6.3.3.9
PFPortChecker 1.0.39
Photo Common
Privatefirewall 7.0
PSPad editor
PSPPContent
PSPPHelp
PSPPro64
Q-Dir
qBittorrent 3.1.5
Registrar Registry Manager 7.52
Registrar Registry Manager 7.60
Remove Empty Directories version 2.2
Revo Uninstaller Pro 3.0.7
Samsung ML-2010 Series
Samsung ML-2010 Series SmartPanel
Screenshot Captor 4.8
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Setup
SHIELD Streaming
Skype™ 6.13
SoftCafe MenuPro 10
Software Update 2.1.0.186
Some PDF Images Extract 2.0
Spybot - Search & Destroy
SpyHunter
SUPERAntiSpyware
TeamViewer 9
TeraCopy 2.3
TextCrawler 2.2
TheSage
Total Commander 64-bit (Remove or Repair)
UltraExplorer 2.0.3.1
UltraFileSearch
UltraSearch V1.8.1 (64 bit)
Universal Document Converter Server Edition
Unknown Device Identifier 8.01
Unlocker 1.9.2
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Volutive 1
VueScan x64
Vuze
WavePad Sound Editor
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.10 beta 1 (32-bit)
WinRAR 4.10 beta 1 (64-bit)
WinX DVD Copy Pro 3.5.0
WinX DVD Ripper Platinum 7.3.5
WinZip 17.5
XnView 2.13
xplorer² professional 64 bit
XYplorer 12.30
.
==== Event Viewer Messages From Past Week ========
.
24 Mar 2014 07:36:38, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
24 Mar 2014 07:34:36, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  iSafeNetFilter
24 Mar 2014 07:34:03, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
23 Mar 2014 15:45:48, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR5.
22 Mar 2014 21:30:24, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
22 Mar 2014 21:30:24, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
22 Mar 2014 21:21:08, Error: Service Control Manager [7031]  - The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22 Mar 2014 21:20:54, Error: Service Control Manager [7031]  - The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22 Mar 2014 21:20:46, Error: Service Control Manager [7034]  - The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
22 Mar 2014 21:20:39, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
22 Mar 2014 21:13:42, Error: AtcL001 [194]  -
22 Mar 2014 21:07:31, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 21:01:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22 Mar 2014 19:52:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22 Mar 2014 19:52:49, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22 Mar 2014 19:52:49, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22 Mar 2014 19:52:49, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
22 Mar 2014 19:52:48, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22 Mar 2014 19:52:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22 Mar 2014 19:52:30, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache ElbyCDIO iSafeNetFilter NetBIOS NetBT nsiproxy Psched pwipf6 rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The LPD Service service depends on the Spooler service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:52:30, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
22 Mar 2014 19:50:39, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 18:32:25, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
22 Mar 2014 18:32:04, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 discache ElbyCDIO iSafeNetFilter SASDIFSV SASKUTIL spldr Wanarpv6
22 Mar 2014 13:33:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
22 Mar 2014 13:33:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
22 Mar 2014 13:23:24, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 discache ElbyCDIO SASDIFSV SASKUTIL spldr Wanarpv6
21 Mar 2014 17:29:23, Error: Service Control Manager [7034]  - The HitmanPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).
21 Mar 2014 09:21:01, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 discache ElbyCDIO spldr Wanarpv6
20 Mar 2014 12:03:36, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
19 Mar 2014 19:07:00, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.
19 Mar 2014 19:07:00, Error: Service Control Manager [7000]  - The Protect Monitor service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
19 Mar 2014 17:34:27, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FreemakeVideoCapture service to connect.
19 Mar 2014 17:34:27, Error: Service Control Manager [7000]  - The FreemakeVideoCapture service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
19 Mar 2014 17:05:36, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched pwipf6 rdbss spldr tdx Wanarpv6 WfpLwf
19 Mar 2014 14:34:09, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
19 Mar 2014 14:20:00, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache ElbyCDIO spldr Wanarpv6
19 Mar 2014 14:19:40, Error: volmgr [46]  - Crash dump initialization failed!
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
CRAIG :: CRAIG-64 [administrator]

Protection: Enabled

24 Mar 2014 17:37:13
mbam-log-2014-03-24 (17-37-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223178
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : CRAIG [Admin rights]
Mode : Scan -- Date : 03/24/2014 17:53:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] eM Client Database Backup : C:\Program Files (x86)\eM Client\DbBackup.exe - -backup -databasedir "C:\Users\CRAIG\AppData\Roaming\eM Client" -backupdir "D:\1 --- BACKUPS\04 -- BUP -- Mail\00 -- eM Client\01 -- BACKUP - 05" -preserve 1  -instanceString "eM_Client_C__Users_CRAIG_AppData_Roaming_eM_Client_" -silence [7][-][-][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\HUSTLER\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] ebaf7e5c43ba9aabf95348c435eca2f1
[bSP] 603c8bb625f34e8a9ca07973f8b2cf84 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] ae3ca713ad93cc4e418336aff058c70b
[bSP] 2648704fb751aeda95dda8d0de807a78 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102594 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210114136 | Size: 1805131 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3750528AS ATA Device +++++
--- User ---
[MBR] 489a13e290fc2887437f2d3caa154f03
[bSP] d2c17623ec25ec3f7e4abaa5129c628e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 655401 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03242014_175313.txt >>

 

Link to post
Share on other sites

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last...............

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Completed AdwCleaner scan, rebooted, no internet access although the networking icon showed full access, rebooted again and access restored.

 

I did not remove Orbit download manager as I have been using it for 10 years without problems.

 

# AdwCleaner v3.022 - Report created 24/03/2014 at 19:54:10
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CRAIG - CRAIG-64
# Running from : D:\2 --- DOWNLOADS\APPS -- Anti-Malware\AdwCleaner -- FREE\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : iSafeNetFilter

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Users\CRAIG\AppData\Roaming\eCyber
Folder Deleted : C:\Users\CRAIG\AppData\Roaming\iSafe

***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
[x] Not Deleted : HKCU\Software\AVG Secure Search
[x] Not Deleted : HKCU\Software\Orbit
[x] Not Deleted : HKLM\Software\AVG Secure Search
[x] Not Deleted : HKLM\Software\Orbit
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
[x] Not Deleted : [x64] HKCU\Software\Orbit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\w1llh7ta.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5916 octets] - [13/02/2014 09:47:20]
AdwCleaner[R1].txt - [8679 octets] - [19/03/2014 13:34:24]
AdwCleaner[R2].txt - [2118 octets] - [19/03/2014 20:22:32]
AdwCleaner[R3].txt - [2171 octets] - [24/03/2014 19:50:29]
AdwCleaner[s0].txt - [6017 octets] - [13/02/2014 09:54:39]
AdwCleaner[s1].txt - [8591 octets] - [19/03/2014 13:36:21]
AdwCleaner[s2].txt - [2171 octets] - [24/03/2014 19:54:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2231 octets] ##########

# AdwCleaner v3.022 - Report created 24/03/2014 at 19:54:10
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CRAIG - CRAIG-64
# Running from : D:\2 --- DOWNLOADS\APPS -- Anti-Malware\AdwCleaner -- FREE\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : iSafeNetFilter

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Users\CRAIG\AppData\Roaming\eCyber
Folder Deleted : C:\Users\CRAIG\AppData\Roaming\iSafe

***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
[x] Not Deleted : HKCU\Software\AVG Secure Search
[x] Not Deleted : HKCU\Software\Orbit
[x] Not Deleted : HKLM\Software\AVG Secure Search
[x] Not Deleted : HKLM\Software\Orbit
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
[x] Not Deleted : [x64] HKCU\Software\Orbit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\w1llh7ta.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5916 octets] - [13/02/2014 09:47:20]
AdwCleaner[R1].txt - [8679 octets] - [19/03/2014 13:34:24]
AdwCleaner[R2].txt - [2118 octets] - [19/03/2014 20:22:32]
AdwCleaner[R3].txt - [2171 octets] - [24/03/2014 19:50:29]
AdwCleaner[s0].txt - [6017 octets] - [13/02/2014 09:54:39]
AdwCleaner[s1].txt - [8591 octets] - [19/03/2014 13:36:21]
AdwCleaner[s2].txt - [2171 octets] - [24/03/2014 19:54:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2231 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by CRAIG on 24 Mar 2014 at 20:14:03.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"



~~~ FireFox

Emptied folder: C:\Users\CRAIG\AppData\Roaming\mozilla\firefox\profiles\w1llh7ta.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24 Mar 2014 at 20:26:12.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
CRAIG :: CRAIG-64 [administrator]

Protection: Enabled

24 Mar 2014 20:28:32
mbam-log-2014-03-24 (20-28-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223163
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

I am still getting a windows notification every 10 minutes or so on the icon bar stating:

 

Malwarebytes Anti-Malware

Succesfully blocked access to a potentially malicious website:

37.1.193.207

 

Type: outgoing

Port: 64087, Process: svchost.exe

 

I have also noticed one just after bootup blocking some AVG file from accessing the net.  Maybe a AVG security update?

 

I use AVG free

Link to post
Share on other sites

You can re-install your orbitdownloader.

Now we have to run some different scans because of the IP blocking:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Kaspersky TDSSKiller scan done, no objects found, logs attached.  Notification windows popping up fast and furious now.  I notice that activity on my USB drives continues to occur after I have moved the log files onto them (I'm using 2 pc's for this process: the Windows 7 64-bit that is infected and following your instructions on my XP Pro laptop, hence copying the logs files over.  I know it is risky but what else can I do under the circumstances...  I need to get some shuteye now so I will continue with the next step in 10 hours if that is ok.  I really really appreciate your support but I am becoming quite concerned with the severity of this damned bug!  Btw, I use Pale Moon browser on all my PC's now - I dont trust the others, especially Google Chrome. Cheers for later.

TDSSKiller.3.0.0.26_24.03.2014_22.28.46_log.txt

TDSSKiller.3.0.0.25_19.03.2014_20.04.31_log.txt

TDSSKiller.3.0.0.26_24.03.2014_22.25.18_log.txt

Link to post
Share on other sites

Yes, I have one already from yesterday and one I have just taken after boot to desktop.  Does Malwarebytes do this type of notification or is this malware at work?  I have never seen it before.  What exactly do you think we are dealing with here, MrC?  We have tried many solutions and nothing has changed.  This is the most resiliant bug I have ever had to deal with.  Btw, bootup takes ages now...  Screenshots attached

post-159108-0-76306200-1395765094_thumb.

post-159108-0-54708700-1395765097_thumb.

Link to post
Share on other sites

The pop-up from Privatefirewall is from your firewall that you have installed on the system.

You did install it?? Correct???

The pop-up from Malwarebytes is OK, it indicates that Malwarebytes is doing its job.

When does it happen?? Is a browser open when this happens and which ones.

MrC

Link to post
Share on other sites

The Firewall splash screen is no problem, that I installed and it is working normally.  The Malwarebytes notification popup is the one I am concerned about: if you say that it is operating correctly then I am ok.  Its just that I have never seen that popup on previous versions of Malwarebytes.  The notifications occur throughout the session but it states "Succesfully blocked access to a potentially malicious website" each time and provides an IP address.  Surely this is overkill or is my PC trying to access one malicious website after another, including the website accessed by AVGui.exe?  I just did a Microsoft Windows 7 Update and it tried to block that site as well...  Is this normal Malwarebytes behaviour?

 

Awaiting further instructions, MrC

Link to post
Share on other sites

No browser was open, I did a Windows Update from the start button.  The notification popup was exactly like on the last screenshots I sent you

It didn't block Windows Update which use Internet Explorer just that the ip pop-up occurred. Correct?

 

--------------------------------------------------

 

Here's what I suggest you do: (the scan can take a while to complete!!)

Please run a free online scan with the ESET Online Scanner (it may take a while to run) Looks like it's already on your system just needs to be update.

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.