Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91702 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Get virus message for each download [Closed]


  • This topic is locked This topic is locked
24 replies to this topic

#1 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 29 March 2014 - 02:20 PM

I have a Windows Vista computer.  I want to download a file from the internet  but each time I try from different website I get the message that the file has a virus; and I cannot continue downloading that file.  I even tried to download a driver from HP which I knew didn't have a virus and it told that file had a virus.  I reset all the settings back to the original default setting.  Still it won't allow me to download a file


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 31 March 2014 - 02:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 

Download the following files and store them on a usb flash drive. Use it to scan the infected computer.
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 

#3 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 31 March 2014 - 06:55 AM

I started the FRST download and got the msg at the bottom of my screen: "FRST.exe contained a virus and was deleted."  so I have now stopped as you asked and responded.  Not sure how to continue.



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 31 March 2014 - 07:16 AM

Do you have another computer nearby?


Proud Member of UNITE & TB
 

#5 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 10:10 AM

Yes, I have a Win7 laptop nearby. 



#6 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 10:11 AM

I have a Window 7 laptop nearby.



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 01 April 2014 - 10:15 AM

Then download FRST and TDSS-Killer there, copy it to a flash drive, plug it into the infected computer and scan it.


Proud Member of UNITE & TB
 

#8 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 10:43 AM

This is the logfile from the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Dick_2 (administrator) on ANDY on 01-04-2014 12:34:05
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Program Files\DnsBasic\dnsessential.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
() C:\Program Files\DnsBasic\dnsessential.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [536576 2011-04-15] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1714743364-3790143220-1030919429-1001\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-1714743364-3790143220-1030919429-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-22] (Google Inc.)
HKU\S-1-5-21-1714743364-3790143220-1030919429-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....ds={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2013-11-12 09:26:44&v=17.1.3.1&pid=safeguard&sg=40&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://scottrade.we...br/ieatgpc1.cab
DPF: {F47F551C-6148-402C-9B44-BE20519895C9} http://belgradelakes.../JpegInstV4.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll [223232] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dick_2\AppData\Roaming\Mozilla\Firefox\Profiles\d5b5bnsk.default-1367062266348
FF user.js: detected! => C:\Users\Dick_2\AppData\Roaming\Mozilla\Firefox\Profiles\d5b5bnsk.default-1367062266348\user.js
FF Homepage: hxxp://mysearch.avg.com?cid={948FF8E4-07BA-4026-944F-546424ADF980}&mid=536fb440686947d0998ad15097a2511e-0951a8a491ca8ca4ab6caa42233f46974a65e890&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-11-12 09:26:44&v=17.0.1.12&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: DnsBasic - C:\Program Files\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\Dick\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\Dick\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-02-11]
FF HKCU\...\FIREFOX\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Dick_2\AppData\Local\GreatArcadeHits\gahff.xpi
FF Extension: No Name - C:\Users\Dick_2\AppData\Local\GreatArcadeHits\gahff.xpi [2013-08-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.c...jwhWCpJMemSUzaQ", "
CHR Plugin: (Shockwave Flash) - C:\Users\Dick_2\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-19]
CHR Extension: (Google Search) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-19]
CHR Extension: (Vafmusic) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki [2013-04-28]
CHR Extension: (Google Wallet) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-10-27]
CHR Extension: (Gmail) - C:\Users\Dick_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-19]
CHR HKLM\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\Dick\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
CHR HKLM\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Dick_2\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-04-13]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Dick_2\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-04-13]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 DnsBasic Service; C:\Program Files\DnsBasic\dnsessential.exe [23552 2013-12-19] ()
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] ()
S2 *etadpug;  <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-20] (AVG Technologies)
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R2 mrtRate; C:\Windows\system32\Drivers\mrtRate.sys [34712 2000-05-31] (Marimba, Inc.)
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [52384 2004-03-25] (MCCI)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-01 12:34 - 2014-04-01 12:34 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-04-01 12:34 - 2014-04-01 12:34 - 00000000 ____D () C:\FRST
2014-04-01 12:33 - 2006-11-02 06:33 - 00706396 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 12:31 - 2013-12-22 23:25 - 00000278 _____ () C:\Windows\Tasks\RegistryBooster Startup.job
2014-04-01 12:30 - 2012-02-22 09:47 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 12:27 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 12:27 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:27 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:25 - 2006-11-02 09:01 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 09:00 - 2013-12-22 23:25 - 00000284 _____ () C:\Windows\Tasks\RegistryBooster Maintenance.job
2014-03-31 08:46 - 2012-04-06 06:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 08:44 - 2013-10-27 13:31 - 00000276 _____ () C:\Windows\Tasks\GreatArcadeHits.job
2014-03-31 08:44 - 2012-02-22 09:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 11:53 - 2013-12-23 23:45 - 00000077 _____ () C:\Users\Dick_2\Desktop\DelIndex.BAT
2014-03-18 14:46 - 2012-04-06 06:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-18 14:46 - 2012-02-20 09:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-18 14:29 - 2013-04-16 06:55 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-07 23:10 - 2012-03-11 15:55 - 00000000 ____D () C:\Users\Dick_2
ZeroAccess:
C:\Program Files\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Dick\fbchathistory.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2014-04-01 12:36

==================== End Of Log ===================



#9 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 10:53 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Dick_2 at 2014-04-01 12:34:52
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2904 - AVG Technologies)
AVG 2013 (Version: 13.0.2793 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2805 - AVG Technologies) Hidden
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.1.0 - Belarc Inc.)
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)
CP2101 USB to UART Bridge Controller (HKLM\...\SLABCOMM) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.20 - BVRP Software, Inc)
DnsBasic 1.0 build 123 (HKLM\...\DnsBasic) (Version: - )
FXCM MetaTrader 4 (HKLM\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Gimp 2.6.2 Debug (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
Helper 7.6.4 (HKLM\...\Helper_is1) (Version: 7.6.4 - Netsmart Technologies)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 20.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 20.0.1 (x86 en-US)) (Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 20.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Quicken 2001 Basic (HKLM\...\Quicken 2001 Basic) (Version: - )
Registry Patrol (HKLM\...\Registry Patrol) (Version: - )
RegistryBooster (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1) (Version: 6.1.2.1 - Uniblue Systems Limited)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung ML-2510 Series (HKLM\...\Samsung ML-2510 Series) (Version: - Samsung Electronics CO.,LTD)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
SkyCaddie Desktop (HKLM\...\SkyCaddieDesktop) (Version: - SkyHawke Technologies)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Restore Points ============
3-12-2013 03:25:10 Uniblue RegistryBooster installation
23-12-2013 19:52:56 Scheduled Checkpoint
25-12-2013 15:01:59 Scheduled Checkpoint
01-01-2014 23:21:02 Scheduled Checkpoint
26-01-2014 05:25:01 Scheduled Checkpoint
27-01-2014 15:14:35 Scheduled Checkpoint
28-01-2014 21:10:25 Scheduled Checkpoint
30-01-2014 00:07:35 Scheduled Checkpoint
07-02-2014 13:34:29 Scheduled Checkpoint
18-02-2014 13:08:05 Scheduled Checkpoint
04-03-2014 15:12:39 Scheduled Checkpoint
07-03-2014 22:46:00 Scheduled Checkpoint
08-03-2014 18:52:34 Scheduled Checkpoint
18-03-2014 18:54:35 Scheduled Checkpoint
29-03-2014 17:18:03 Scheduled Checkpoint
29-03-2014 19:38:48 System Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03AAC89D-DD7D-4E6E-A97E-0AE0D93446AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
Task: {076D2C3D-B319-499F-8921-BEE80C7C75A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {118877E1-304C-41CB-9777-5AA95BE89856} - System32\Tasks\RegistryBooster Startup => C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe [2013-11-11] (Uniblue Systems Limited)
Task: {14BAA288-46AF-4D80-9803-B96F0F423C2A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26226EB7-C5B9-4535-8CF9-77388CBDC418} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {273462BF-798E-41ED-A984-7829A4E1C88A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4016595B-22E6-4527-87D0-047FE4B9DAB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {59AAA6F9-2690-42A1-8974-BF6514BFE7C7} - System32\Tasks\RegistryBooster Maintenance => C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe [2013-11-11] (Uniblue Systems Limited)
Task: {5D895283-2BBD-4D0B-A31B-8D1F3F4F6D20} - System32\Tasks\Test TimeTrigger => C:\Users\Dick_2\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {818A4C9A-B7CA-4A7A-8FA3-9D8161D3491E} - System32\Tasks\GreatArcadeHits => C:\Users\Dick_2\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2013-08-14] () <==== ATTENTION
Task: {95C2691C-0B64-47ED-AFAD-E296F356B176} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2012-03-26] ()
Task: {97D139C3-9D74-4094-97FF-B259FE56D739} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dick_2 => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {B9468DC7-40A6-4BAC-8C0E-180847C67384} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-01-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\Dick_2\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegistryBooster Maintenance.job => C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
Task: C:\Windows\Tasks\RegistryBooster Startup.job => C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

==================== Loaded Modules (whitelisted) =============

2012-01-10 15:54 - 2007-01-03 12:02 - 00022723 _____ () C:\Windows\System32\sugo3l3.dll
2013-12-20 08:20 - 2013-12-19 15:31 - 00023552 _____ () C:\Program Files\DnsBasic\dnsessential.exe
2013-12-20 08:20 - 2013-12-20 08:20 - 02310144 _____ () C:\Program Files\DnsBasic\dnsbasic.dll
2006-11-05 11:28 - 2006-11-05 11:28 - 04587520 ____N () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2010-02-11 01:30 - 2007-06-27 02:51 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-01-10 15:54 - 2011-04-15 12:08 - 00536576 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 00:23:51 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/31/2014 08:50:53 AM) (Source: Application Error) (User: )
Description: Faulting application Corel Snapfire.exe, version 1.0.0.1, time stamp 0x4508743f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc00000fd, fault offset 0x0004a152,
process id 0x1584, application start time 0xCorel Snapfire.exe0.

Error: (03/29/2014 04:04:59 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/29/2014 03:40:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013.

Error: (03/29/2014 03:40:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013]

Error: (03/29/2014 03:40:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013.

Error: (03/29/2014 03:40:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013]

Error: (03/29/2014 03:38:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/29/2014 01:18:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/18/2014 02:54:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


System errors:
=============
Error: (04/01/2014 00:29:37 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog3758161939 (0xE0010013)

Error: (04/01/2014 00:29:37 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (04/01/2014 00:29:37 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver

Error: (04/01/2014 00:29:37 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (04/01/2014 00:29:37 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (04/01/2014 00:28:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/01/2014 00:25:21 PM) (Source: Service Control Manager) (User: )
Description: 30000AudioEndpointBuilder

Error: (04/01/2014 00:24:51 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (04/01/2014 00:24:21 PM) (Source: Service Control Manager) (User: )
Description: 30000LanmanWorkstation

Error: (04/01/2014 00:23:51 PM) (Source: Service Control Manager) (User: )
Description: 30000IPBusEnum


Microsoft Office Sessions:
=========================
Error: (04/01/2014 00:23:51 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/31/2014 08:50:53 AM) (Source: Application Error)(User: )
Description: Corel Snapfire.exe1.0.0.14508743fntdll.dll6.0.6002.185414ec3e3d5c00000fd0004a152158401cf4cdfd8907ec0

Error: (03/29/2014 04:04:59 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/29/2014 03:40:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070013

Error: (03/29/2014 03:40:28 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013

Error: (03/29/2014 03:40:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070013

Error: (03/29/2014 03:40:28 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013

Error: (03/29/2014 03:38:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/29/2014 01:18:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/18/2014 02:54:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


CodeIntegrity Errors:
===================================
Date: 2014-04-01 12:34:37.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 12:34:37.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 12:34:37.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 12:34:37.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.809
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.700
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.466
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-20 08:30:44.232
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

#10 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 11:00 AM

The two scan above are from the FRST program. The 2nd program (TDSS-Killer) is on my flash drive. I click on it and get a file called TDSSKiller. It is an application vs. exe. It's compressed size is 4017KB. Clicking on the application doesn't do anything. So I must be missing something or doing something wrong. Not sure how to proceed.

    Advertisements

Register to Remove


#11 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 11:08 AM

Perhaps I should be more clear. When I double click on TDSSKiller I get another screen that says I can (1) Extract; (2) Run or (3) Cancel. I choose RUN, nothing happens. When i choose Extract it seems to be doing some extracting. When finished with extracting I see the extracted file, click on that file and nothing happens. The file doesn't take me anywhere. I'm still at the same place in the Explore/Removable Disk E:/ file area. That's what I meant when I said above that clicking on the application doesn't do anything.

#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 01 April 2014 - 12:57 PM

Uh oh - no need to try again with TDSS-Killer. You have a very nasty malware on the system. Let´s try to get rid of it:

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

GreatArcadeHits
DnsBasic 1.0 build 123
 


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 

#13 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 01 April 2014 - 09:12 PM

Having another problem. I downloaded fixit.txt on the Flash Drive from my nearby laptop. Then transferred the program from the Flash Drive (Drive F:/) to MY DOWNLOADS which is exactly where FRST.exe is located. I then click FRST and the screen opens with the choices SCAN, SEARCH or FIX. I click FIX and the next screen says "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located." I have both files in MY DOWNLOADS. What am I doing wrong?

#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 02 April 2014 - 03:17 AM

Is your file exactly named "fixlist.txt"?

If not, please correct that. If yes, transfer both files to the root of your flash drive and run the fix again.


Proud Member of UNITE & TB
 

#15 dconant1

dconant1

    Authentic Member

  • Authentic Member
  • PipPip
  • 244 posts

Posted 02 April 2014 - 05:47 AM

Yes, the file is named fixlist.txt. I still cannot get past the "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located" message. I have moved both FRST and fixlist.txt to the MYDOWNLOADS folder in the flash drive. I don't know what you are referring to when you say ROOT of the flash drive. When both files were originally downloaded on my Win7 laptop they were put in the flash drive. I don't know whether they went into the ROOT because I don't know how to identify the ROOT.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users