Jump to content

VuuPC installer popup


Recommended Posts

Hello

 

I am currently constantly receiving a popup randomly every about 20-30 minutes about a VuuPC installer which also states "Windows version installer". I also saw this TMP file on my desktop which states "Continue VuuPC installation" and, despite deleting this file (i make sure to open file location) it will re-create itself.

 

This is annoying as while i'm playing a game or watching a video, I receive this popup.

 

I have looked into my control panel for VuuPC but it is not there, I've also searched my computer for a folder or file relating to this and found nothing. I've also done several scans with Malware (seems to find another PUP final when I scan it after 2 hours, which I delete).

 

Please help  :)

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Then......

Download DDS from one of the links below and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs: DDS.txt and Attach.txt

Save both reports to your desktop

Please Copy & Paste the contents of the following logs in your next reply

You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Sorry about the late reply

 

MALWAREBYTES THREAT SCAN

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 22/04/2014

Scan Time: 3:44:23 PM

Logfile: Threat scan.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.22.01

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jethro

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 264128

Time Elapsed: 15 min, 4 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [4019f23b0f6cb77f54b99faeeb17e61a], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 6

PUP.Optional.InstallCore.A, C:\Users\Jethro\AppData\Local\Temp\ICReinstall_nsrA0DA.tmp, , [cd8c42ebc9b28aac13563e2e19e8d32d], 

PUP.Optional.InstallCore.A, C:\Users\Jethro\AppData\Local\Temp\nsrA0DA.tmp, , [6cedf7369dde8ea84e1badbf55acaa56], 

PUP.Optional.Conduit.A, C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\searchplugins\conduit-search.xml, , [223751dc87f45fd7e310cda721e11ee2], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [2b2e1617c7b44ee85a828beed72b7f81], 

PUP.Optional.Conduit.A, C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP414875DD-9C50-4A85-A440-FD82BBF9293F&SSPV=");), ,[2e2b1419304b5fd7096e005537cd4fb1]

PUP.Optional.Conduit.A, C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP414875DD-9C50-4A85-A440-FD82BBF9293F");), ,[e17826071e5df93d367bbd98d72d1be5]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

DDS ATTACH.TXT

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 31/08/2012 8:16:07 AM

System Uptime: 22/04/2014 3:45:51 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | H77-D3H-MVP

Processor: Intel® Core i5-3470 CPU @ 3.20GHz | Intel® Core i5-3470 CPU @ 3.20GHz | 3601/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 489.721 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP269: 20/04/2014 7:00:05 PM - Windows Backup

RP270: 21/04/2014 12:30:22 PM - Installed Razer Synapse 2.0.

RP271: 21/04/2014 12:38:05 PM - Razer Drivers Install

RP272: 21/04/2014 2:34:40 PM - Installed SpyHunter

RP273: 21/04/2014 3:07:42 PM - Removed SpyHunter

RP274: 21/04/2014 8:35:27 PM - Installed DirectX

RP275: 22/04/2014 3:24:52 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Creative Cloud

Adobe Flash Player 12 ActiveX

Adobe Flash Player 13 Plugin

Adobe Photoshop CC

Adobe Reader XI (11.0.06)

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 2.0.5

avast! Free Antivirus

Battle.net

Battlefield 3™

Battlefield 4™

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Counter-Strike: Global Offensive

Counter-Strike: Source

Counter-Strike: Source Beta

Curse Client

D3DX10

DayZ

DayZ Commander

dBpoweramp Music Converter

Dota 2

ESN Sonar

Etron USB3.0 Host Controller

Forge

Fraps (remove only)

Garry's Mod

GoldWave v5.69

Google Chrome

Hearthstone

HydraVision

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

League of Legends

Left 4 Dead 2

Malwarebytes Anti-Malware version 2.0.1.1004

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

Mirror's Edge

MotioninJoy Gamepad tool 0.7.0000

Movie Maker

Mozilla Firefox 26.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT110

MSVCRT110_amd64

Mumble 1.2.4

NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst

NVIDIA PhysX v8.10.17

ON_OFF Charge B11.1102.1

Open Broadcaster Software

Origin

osu!

Pando Media Booster

PDF Settings CC

Photo Common

Photo Gallery

PlanetSide 2

Platform

PunkBuster Services

Razer Core

Razer Synapse 2.0

REALTEK Wireless LAN Driver and Utility

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 

Skype Click to Call

Skype™ 6.11

Spotify

Steam

Team Fortress 2

TeamSpeak 3 Client

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VIA Platform Device Manager

VO Package

webporpoise

Windows Driver Package - 2Wire (2WIREPCP) Net  (03/22/2007 2.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 5.00 (64-bit)

World of Warcraft

World of Warcraft Public Test

XSplit Broadcaster

.

==== Event Viewer Messages From Past Week ========

.

17/04/2014 11:37:37 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

17/04/2014 11:37:37 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================


 

 

DDS DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.45.2

Run by Jethro at 15:51:35 on 2014-04-22

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8154.5756 [GMT 10:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Users\Jethro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe

C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Users\Jethro\AppData\Roaming\VOPackage\VOsrv.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Users\Jethro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Users\Jethro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jethro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Jethro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Jethro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "C:\Users\Jethro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [spotify] "C:\Users\Jethro\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

StartupFolder: C:\Users\Jethro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{41AA1BC6-11AC-4077-81CC-4230E77E3E01} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{41AA1BC6-11AC-4077-81CC-4230E77E3E01}\34F6D6E6F6274786D235563657275646 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{41AA1BC6-11AC-4077-81CC-4230E77E3E01}\4456E636275646F627D27657563747 : DHCPNameServer = 10.0.0.138 192.168.33.1

TCP: Interfaces\{6698946D-CB3F-414F-B7F3-40EA586D1DF0} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{6698946D-CB3F-414F-B7F3-40EA586D1DF0}\4456E636275646F627 : DHCPNameServer = 10.0.0.138 192.168.1.1

TCP: Interfaces\{6EA4DF25-097A-4C7E-AEA6-CE8372030087} : DHCPNameServer = 10.0.0.138

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\

FF - prefs.js: browser.search.selectedEngine - Conduit Search

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Jethro\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: C:\Users\Jethro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll

.

---- FIREFOX POLICIES ----

.

.

user_pref(extensions.autoDisableScopes,14);

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-15 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-15 207904]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-31 16152]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-8-31 21616]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-31 1038072]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-31 421704]

R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-4-21 74432]

R1 wStLibG64;wStLibG64;C:\Windows\System32\drivers\wStLibG64.sys [2014-4-21 61120]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-30 239616]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-31 78648]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-11 50344]

R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]

R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-31 161560]

R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-8-31 36864]

R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-11 32960]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-31 363800]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-8-31 27760]

R2 vosr;Service Component of VO;C:\Users\Jethro\AppData\Roaming\VOPackage\VOsrv.exe [2014-4-15 355328]

R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-21 80184]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-25 94208]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-1-21 108960]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-31 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-31 787736]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-8-31 104560]

R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-4-21 129472]

R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-8-31 2184816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-21 49152]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-3-3 121416]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-17 19456]

S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2011-5-10 1038440]

S3 rtlss;Service for enabling selective suspend to RTL device;C:\Windows\System32\drivers\rtlss.sys [2012-8-31 27240]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-15 56832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-1 1255736]

.

=============== Created Last 30 ================

.

2014-04-22 05:44:02 -------- d-----w- C:\Malware folder

2014-04-22 05:27:22 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-22 05:27:12 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-22 05:27:12 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-22 05:27:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-22 05:25:32 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3D5EC1B-FF96-4EA7-BD9F-3C38A4BA1583}\mpengine.dll

2014-04-21 07:00:56 -------- d-----w- C:\Program Files (x86)\AnyProtectEx

2014-04-21 04:35:42 -------- d-----w- C:\Program Files\Enigma Software Group

2014-04-21 04:34:42 61120 ----a-w- C:\Windows\System32\drivers\wStLibG64.sys

2014-04-21 04:34:31 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-04-21 04:08:37 -------- d-----w- C:\Users\Jethro\AppData\Roaming\ParetoLogic

2014-04-21 04:08:37 -------- d-----w- C:\Users\Jethro\AppData\Roaming\DriverCure

2014-04-21 04:08:21 -------- d-----w- C:\ProgramData\ParetoLogic

2014-04-21 03:05:02 1097384 ----a-w- C:\Users\Jethro\AppData\Local\nsxC424.tmp

2014-04-21 03:04:51 -------- d-----w- C:\Users\Jethro\AppData\Roaming\VOPackage

2014-04-21 03:03:29 -------- d-----w- C:\Users\Jethro\AppData\Local\DM

2014-04-21 02:38:15 74432 ----a-w- C:\Windows\System32\drivers\RzFilter.sys

2014-04-21 02:38:14 129472 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys

2014-04-21 02:37:57 -------- d-----w- C:\Windows\Razer Core

2014-04-21 02:31:19 -------- d-----w- C:\Users\Jethro\AppData\Local\Razer

2014-04-16 14:49:05 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-04-16 14:49:02 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2014-04-16 14:48:56 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2014-04-16 14:48:56 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2014-04-16 14:48:55 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2014-04-16 14:48:55 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2014-04-16 00:01:55 6574592 ----a-w- C:\Windows\System32\mstscax.dll

2014-04-16 00:01:55 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

2014-04-15 10:15:20 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-04-15 10:15:20 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-03-24 06:29:54 -------- d-----w- C:\Windows\en

2014-03-24 06:29:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2014-03-24 06:24:53 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c2cecb761cf472904\DSETUP.dll

2014-03-24 06:24:53 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c2cecb761cf472904\DXSETUP.exe

2014-03-24 06:24:53 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c2cecb761cf472904\dsetup32.dll

2014-03-24 06:24:49 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c10b910b1cf472903\DSETUP.dll

2014-03-24 06:24:49 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c10b910b1cf472903\DXSETUP.exe

2014-03-24 06:24:49 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c10b910b1cf472903\dsetup32.dll

2014-03-24 06:24:47 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bff9cee81cf472902\DSETUP.dll

2014-03-24 06:24:47 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bff9cee81cf472902\DXSETUP.exe

2014-03-24 06:24:47 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bff9cee81cf472902\dsetup32.dll

2014-03-24 06:24:36 -------- d-----w- C:\Users\Jethro\AppData\Local\Windows Live

2014-03-24 06:23:55 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2014-03-23 10:09:31 -------- d-----w- C:\CSGO lol

.

==================== Find3M  ====================

.

2014-04-14 00:30:20 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-14 00:30:20 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-04-02 23:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-03-30 23:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll

2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll

2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll

2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe

2014-03-03 11:21:56 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys

2014-02-11 01:18:13 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys

2014-02-11 01:18:13 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-02-11 01:18:13 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-02-11 01:18:12 43152 ----a-w- C:\Windows\avastSS.scr

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys

2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll

2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-01-26 23:44:53 7261768 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH: 15:52:42.70 ===============

 

 

ROGUEKILLER

 


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jethro [Admin rights]

Mode : Scan -- Date : 04/22/2014 15:58:35

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] VOsrv.exe -- C:\Users\Jethro\AppData\Roaming\VOPackage\VOsrv.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-1CH162 ATA Device +++++

--- User ---

[MBR] 684636991624066429c5d4147aabfc45

[bSP] f5aa402834ddaac0f035aa3c2ab1610b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_04222014_155835.txt >>

 

 

 

Just a note, the malware scan required me to restart my computer to finish the cleanup process. Don't know if I was meant to do the rest of your notes first and then restart or if it was ok to restart it but I did restart it before doing the rest of what you told me to do. Not really that tech savy but I just copy pasted all the logs from the programs you told me ot use, so I don't know if it's in "code".

 

Thanks for all your help!

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ---------------------------------

    Please disable Windows Defender, you have AVAST running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

    How to Disable Defender

    Dangers of running 2 anti-virus programs

    -----------------------------

    Run RogueKiller again and click Scan
    When the scan completes > click on the Processes tab
    Put a check next to all of these and uncheck the rest: (if found)

    [sUSP PATH] VOsrv.exe -- C:\Users\Jethro\AppData\Roaming\VOPackage\VOsrv.exe [-] -> KILLED [TermProc]

    Now click Delete on the right hand column under Options

    Delete this folder if found:
    C:\Users\Jethro\AppData\Roaming\VOPackage

    You may have to enable hidden file to s it:
    http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

    -------------

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
    (use correct version for your system.....Which system am I using?)
    FRST <----for 32 bit systems
    FRST64 <----for 64 bit systems
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure the Addition Box is checked.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    If the logs are large, you can attach them:

    To attach a log:

    Bottom right corner of this page.
    reply1.jpg

    New window that comes up.
    replyer1.jpg

    MrC
     
Link to post
Share on other sites

AdwCleaner(R0)

 

I just posted this to make sure I wasn't deleting anything that I should keep. I hit clean on all of them though (nothing seemed to be needed, I don't know about the files with numbers as their name though)

 

Also, my AVAST gave me a Threat Detected warning message when I downloaded Adw. Since you're the expert I just ignored this. Just wanted to let you know in case this was not meant to happen. Just tell me if it's all good  :P

 

 

# AdwCleaner v3.201 - Report created 23/04/2014 at 15:49:02
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jethro - JETHRO-PC
# Running from : C:\Users\Jethro\Downloads\adwcleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : wStLibG64
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Jethro\AppData\Roaming\aps.scan.quick.results
File Found : C:\Users\Jethro\AppData\Roaming\aps.scan.results
File Found : C:\Users\Jethro\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Found : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\user.js
File Found : C:\Users\Jethro\Desktop\Continue VuuPC Installation.lnk
File Found : C:\Windows\System32\Tasks\QtraxPlayer
Folder Found C:\Program Files (x86)\AnyProtectEx
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Jethro\AppData\Local\apn
Folder Found C:\Users\Jethro\AppData\Local\SearchProtect
Folder Found C:\Users\Jethro\AppData\LocalLow\Conduit
Folder Found C:\Users\Jethro\AppData\Roaming\BitLord
Folder Found C:\Users\Jethro\AppData\Roaming\DriverCure
Folder Found C:\Users\Jethro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found C:\Users\Jethro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found C:\Users\Jethro\AppData\Roaming\ParetoLogic
Folder Found C:\Users\Jethro\Documents\BitLord
Folder Found C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\qtrax
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\qtrax
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
 
-\\ Google Chrome v
 
[ File : C:\Users\Jethro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : ahilkiibpgjnonbhdfkkgjddddmapala
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [5255 octets] - [23/04/2014 15:49:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5315 octets] ##########
 
 
AdwCleaner(S0)
 
 
# AdwCleaner v3.201 - Report created 23/04/2014 at 16:01:01
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jethro - JETHRO-PC
# Running from : C:\Users\Jethro\Downloads\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : wStLibG64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Jethro\AppData\Local\apn
Folder Deleted : C:\Users\Jethro\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Jethro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jethro\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Jethro\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Jethro\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Jethro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Jethro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Jethro\Documents\BitLord
File Deleted : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Deleted : C:\Users\Jethro\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Jethro\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Jethro\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Jethro\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\user.js
File Deleted : C:\Windows\System32\Tasks\QtraxPlayer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\qtrax
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
 
-\\ Google Chrome v
 
[ File : C:\Users\Jethro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : ahilkiibpgjnonbhdfkkgjddddmapala
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [5443 octets] - [23/04/2014 15:49:02]
AdwCleaner[s0].txt - [5314 octets] - [23/04/2014 16:01:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5374 octets] ##########
 
 
 

I attached the FRST file as well as I thought it looked large enough to have to be attached.

 

Also on another note, some of the programs you told me to install automatically installed to a folder and not to the desktop. I did not see any options available for me to save it to the desktop, they automatically went into a folder.

Addition.txt

FRST.txt

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Next:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Last:

Update and run a Threat scan with Malwarebytes.

Let me know how it is, MrC

Link to post
Share on other sites

FRST Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014

Ran by Jethro at 2014-04-23 21:38:31 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {273AC5C5-F8DF-4545-8DA5-33D50F79891B} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_AU&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^AU&apn_uid=07c500e6-8bec-4f25-bb5d-1197acd0bc9f&apn_sauid=94463F1B-FBE5-4232-9120-B9FCE4C39FDF
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: webporpoise - C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\Extensions\{572f484b-455f-44b0-9d6a-da3ad2071365}.xpi [2014-04-17]
S2 vosr; C:\Users\Jethro\AppData\Roaming\VOPackage\VOsrv.exe [X]
C:\Users\Jethro\AppData\Roaming\VOPackage
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{273AC5C5-F8DF-4545-8DA5-33D50F79891B} => Key deleted successfully.
HKCR\CLSID\{273AC5C5-F8DF-4545-8DA5-33D50F79891B} => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key deleted successfully.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key deleted successfully.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Jethro\AppData\Roaming\Mozilla\Firefox\Profiles\l3lh8i37.default\Extensions\{572f484b-455f-44b0-9d6a-da3ad2071365}.xpi => Moved successfully.
vosr => Service deleted successfully.
"C:\Users\Jethro\AppData\Roaming\VOPackage" => File/Directory not found.
 
==== End of Fixlog ====
 
 
 
Malwarebytes threat scan
 
 
0 infected objects were found.
Link to post
Share on other sites

OK...............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

I tried using both of your links for SecurityCheck and none would work. I also tried to just google search the website and open it that way but that didn't work either (my internet connection is perfectly fine and can open any other website at the moment so it's not that)

Link to post
Share on other sites

Security Check

 

 

 Results of screen317's Security Check version 0.99.82  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Flash Player 13.0.0.182  

 Adobe Reader XI  

 Mozilla Firefox (26.0) 

 Google Chrome 33.0.1750.154  

 Google Chrome 34.0.1847.116  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 45 <----please update, should be Update 55

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.