Jump to content

- - - - -

I believe I am infected with something

  • This topic is locked This topic is locked
5 replies to this topic

#1 TheDoctorIsIn


    New Member

  • Members
  • Pip
  • 3 posts

Posted 19 March 2013 - 06:40 AM


Yesterday I downloaded a free eBook (not from it's original site, that site was down for maintenance) and it came with an "extractor". The eBook is quite big in terms of file size so I didn't think much of the extractor, besides, a lot of big repacks include some form of extraction application. So I ran the thing and it installed something called NCDownloader followed by some other crap. I have MSE installed but it didn't detect anything when I scanned the extractor nor when I ran it.

Paranoid as I am, I uninstalled it and ran a full scan with MSE, it found some adware files that it successfully removed. One of the files were actually for a fix for GTA 4 (drunk cam fix). I figured it was just a false positive due to the nature of the fix but I still removed it and the other file was to allow remote access to my computer, which I instantly removed. After that I ran a full scan with MBAM which found 3 objects (can post the log if requested) which it successfully deleted.

But I still feel a bit paranoid, so I'm currently running another scan with MSE. But I figured that some experts might be able to help me a bit more than just MSE. I have noticed that my PC is running a bit slower (might be because of the current scan with MSE) but some settings have been changed too, my PC went into "Locked" mode, as if I had left it idle for too long but the thing is, I disabled that several months ago. So it should never go into "Locked" mode, yet , for some reason it now does. It also reset my Chrome installation, bookmarks, addons and such were removed.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Ecaz at 11:51:31 on 2013-03-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8178.5565 [GMT 1:00]
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\program files (x86)\teamviewer\version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\System32\svchost.exe -k swprv
============== Pseudo HJT Report ===============
uStart Page = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE
mStart Page = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor Apache Servers.lnk - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer =
TCP: Interfaces\{11C3484C-5D13-46BC-B515-F02915EE27A4} : DHCPNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\browsetosave\sprotector.dll c:\progra~2\websearch\sprotector.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\
user_pref(security.default_personal_cert, Ask Every Time);FF - prefs.js: browser.startup.homepage - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE&l=1&q=
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE&l=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Users\Ecaz\AppData\Local\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ecaz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Ecaz\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
============= SERVICES / DRIVERS ===============
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]
R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-12-6 794272]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-8 3560288]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-18 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-18 676968]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2012-8-17 25600]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-8-17 110592]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-8-17 22528]
R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2012-10-21 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-17 49152]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-2 102368]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-12-6 1147040]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-12-6 1134240]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-18 136896]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-9-17 13368]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-2 203104]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
=============== File Associations ===============
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
=============== Created Last 30 ================
2013-03-19 06:03:14 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18D5A895-5521-4475-96FB-03476ECFA115}\mpengine.dll
2013-03-19 00:03:05 -------- d-----w- C:\ProgramData\SoftSafe
2013-03-19 00:03:05 -------- d-----w- C:\ProgramData\SeaaRchh-NewTTaobb
2013-03-19 00:03:01 -------- d-----w- C:\Program Files (x86)\WebSearch
2013-03-19 00:02:50 -------- d-----w- C:\Program Files (x86)\BrowseToSave
2013-03-19 00:02:43 -------- d-----w- C:\ProgramData\BerroWWse22saavE
2013-03-19 00:02:06 -------- d-----w- C:\ProgramData\InstallMate
2013-03-17 19:50:46 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 10:44:20 -------- d-----w- C:\stuff
2013-03-13 07:41:31 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F09781F9-EB41-455B-9F6D-BE3EB5CCC376}\gapaengine.dll
2013-03-12 17:33:48 -------- d-----w- C:\dayz_mission (1)
2013-03-12 17:31:24 -------- d-----w- C:\pboview
2013-03-12 17:11:01 -------- d-----w- C:\Users\Ecaz\AppData\Local\PboM
2013-03-11 17:23:30 -------- d-----w- C:\Program Files\PBO Manager v.1.4 beta
2013-03-11 01:36:34 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\Toribash
2013-03-08 15:03:53 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\TeamViewer
2013-03-08 14:48:42 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-03-05 22:53:03 -------- d-----w- C:\Users\Ecaz\AppData\Local\Darksiders2
2013-03-05 22:44:31 -------- d-----w- C:\Program Files (x86)\THQ
2013-03-05 19:24:40 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\Litecoin
2013-03-05 19:24:09 -------- d-----w- C:\Program Files (x86)\Litecoin
2013-03-05 18:06:29 -------- d-----w- C:\Program Files (x86)\FTL
2013-03-03 15:32:05 -------- d-----w- C:\Program Files (x86)\Dragonborn
2013-03-03 12:14:21 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-02-28 22:14:39 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\webex
2013-02-28 22:14:18 -------- d-----w- C:\ProgramData\WebEx
2013-02-22 15:10:11 -------- d-----w- C:\python
2013-02-22 15:07:22 -------- d-----w- C:\Users\Ecaz\.idlerc
2013-02-22 15:05:58 -------- d-----w- C:\Python33
2013-02-22 13:16:34 -------- d-----w- C:\wwwroot
2013-02-22 13:01:37 -------- d-----w- C:\php
2013-02-22 12:26:58 -------- d-----w- C:\Program Files (x86)\Apache Software Foundation
2013-02-22 12:00:26 -------- d-----w- C:\Program Files (x86)\JDownloader
2013-02-22 11:06:50 -------- d-----w- C:\inetpub
2013-02-22 11:01:52 -------- d-----w- C:\Program Files (x86)\Helicon
2013-02-22 10:58:03 -------- d-----w- C:\Program Files\Microsoft
2013-02-22 01:54:57 -------- d-----w- C:\Program Files\MySQL
2013-02-22 01:39:54 -------- d-----w- C:\ProgramData\MySQL
2013-02-21 23:34:59 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\DVDVideoSoft
2013-02-21 23:34:59 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2013-02-21 23:34:59 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-02-21 14:22:23 -------- d-----w- C:\Users\Ecaz\AppData\Local\Unity
2013-02-21 13:14:33 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\MySQL
2013-02-21 00:32:01 -------- d-----w- C:\Users\Ecaz\AppData\Local\NuGet
2013-02-21 00:31:55 -------- d-----w- C:\Users\Ecaz\AppData\Roaming\NuGet
2013-02-20 19:47:37 -------- d-----w- C:\Users\Ecaz\AppData\Local\Apple Computer
==================== Find3M ====================
2013-03-17 18:46:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-17 18:46:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-03-17 18:42:45 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-13 17:22:40 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 17:22:40 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-06 23:25:15 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
============= FINISH: 11:53:31.67 ===============

DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/18/2012 17:46:02
System Uptime: 3/19/2013 10:47:19 (1 hours ago)
Motherboard: MSI | | 970A-G46 (MS-7693)
Processor: AMD Phenom™ II X4 965 Processor | CPU 1 | 3400/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 18.147 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.084 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 38.74 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 958.599 GiB free.
==== Disabled Device Manager Items =============
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_76931462&REV_00\4&1047CFC0&0&0020
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_76931462&REV_00\4&1047CFC0&0&0020
==== System Restore Points ===================
RP151: 3/19/2013 05:31:35 - Scheduled Checkpoint
==== Installed Programs ======================
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Adobe Story
Alien Swarm
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apache HTTP Server 2.2.22
Apple Application Support
Apple Software Update
ARMA 2: Operation Arrowhead
Audacity 2.0.2
BankID Security Application
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BF3 Settings Editor
BrowseToSave 1.74
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco WebEx Meetings
Counter-Strike: Global Offensive
Counter-Strike: Source
CPUID HWMonitor 1.20
Curse Client
Darksiders II
DayZ Commander
Diablo II
Effects Suite 64-bit
ESN Sonar
FileZilla Client
FitDay PC version 1.0
Fraps (remove only)
Free YouTube to MP3 Converter version
FTL version 1.03.1
Futuremark SystemInfo
Garry's Mod
GnuWin32: Wget-1.11.4-1
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
Handelsbanken kortläsare
HD Tune Pro 5.00
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Indeo® Software
Java 7 Update 10
Java Auto Updater
Java™ 6 Update 22
JDownloader 0.9
JetBrains PhpStorm 5.0.4
Left 4 Dead 2
Logitech Gaming Software
Logitech Gaming Software 8.35
Magic Bullet Suite 64-bit
Malwarebytes Anti-Malware version
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliType Pro 8.2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server System CLR Types
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Deploy 3.0
Microsoft Web Platform Installer 4.5
Microsoft WebMatrix 2
Microsoft WSE 3.0 Runtime
Mozilla Firefox 18.0.1 (x86 sv-SE)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.4 (x86 sv-SE)
MSI Afterburner 2.2.4
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
MySQL Connector Net 6.5.4
MySQL Connector/ODBC 5.2(w)
MySQL Installer
MySQL Notifier 1.0.3
MySQL Server 5.6
MySQL Workbench 5.2 CE
OpenOffice.org 3.3
PBO Manager v.1.4 beta
PC Tools Performance Toolkit 2.1
PDF Settings CS5
Photo Common
Play withSIX
PremiumSoft Navicat 10.1 for MySQL
PunkBuster Services
Python 3.3.0 (64-bit)
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Rockstar Games Social Club
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Search Assistant WebSearch 1.74
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 6.1
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 8
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Seasons
The Sims™ 3 Supernatural
The Sims™ 3 World Adventures
Trapcode Starglow
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.0.4
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
World of Warcraft
==== Event Viewer Messages From Past Week ========
3/19/2013 10:48:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
3/19/2013 10:48:20, Error: Service Control Manager [7023] - The Web Deployment Agent Service service terminated with the following error: %%-2146233088
3/19/2013 10:48:16, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
3/19/2013 10:46:32, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2013 03:23:37, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/18/2013 21:27:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/18/2013 21:27:01, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2013 12:34:28, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Handelsbanken card reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
3/17/2013 04:06:58, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [616] - Reader monitor 'Handelsbanken card reader 0' received uncaught error code: The requested resource is in use.
3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [612] - Reader insertion monitor error retry threshold reached: The requested resource is in use.
3/12/2013 07:57:50, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Handelsbanken card reader 0' rejected IOCTL POWER: The device does not recognize the command. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 00 00 00 00
==== End Of File ===========================

#2 TheDoctorIsIn


    New Member

  • Members
  • Pip
  • 3 posts

Posted 19 March 2013 - 02:13 PM

Since this is a rather "delicate" matter I didn't want to wait forever, so I ran AdwCleaner and RogueKiller.
Here is the AdwCleaner log

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 18:59:28
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Ecaz - ECAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Ecaz\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\extensions\staged

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websearch\sprotector.dll
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=EN&cc=SE --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (sv-SE)

File : C:\Users\Ecaz\AppData\Roaming\Mozilla\Firefox\Profiles\rglmwhst.default\prefs.js

Deleted : user_pref("security.default_personal_cert", "Ask Every Time");user_pref("browser.startup.homepage", [...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3[...]
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/19&hid=3859802714&lg=E[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ecaz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [3435 octets] - [19/03/2013 18:53:59]
AdwCleaner[R2].txt - [3495 octets] - [19/03/2013 18:54:25]
AdwCleaner[R3].txt - [3614 octets] - [19/03/2013 18:59:16]
AdwCleaner[S1].txt - [299 octets] - [19/03/2013 18:54:32]
AdwCleaner[S2].txt - [3526 octets] - [19/03/2013 18:59:28]

########## EOF - C:\AdwCleaner[S2].txt - [3586 octets] ##########

I can post my previous MBAM log and the RogueKiller log if requested.

The thing is, before I ran AdwCleaner none of my browsers worked. I kept getting "No data received" in Chrome, and the equivalent in IE and FF. I'm currently using my phone, USB tethering. And now, after I ran AdwCleaner and restarted it telling me that I have a connection to a network but not to Internet. It's possible that Internet just isn't working right now, my ISP doesn't have 24/7 support so I can't really find out, other than waiting.

#3 Tomk1


    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 20 March 2013 - 01:04 AM

Hi TheDoctorIsIn,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
If you don't have internet access, you may have to download on a good computer and transfer the program to the one we are working on.

Let's try this:

Download ComboFix:


* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Posted Image

#4 TheDoctorIsIn


    New Member

  • Members
  • Pip
  • 3 posts

Posted 23 March 2013 - 01:22 PM


Sorry for not getting back to you sooner, but I ended up formatting my HDD and doing a clean, fresh install of Windows. All is well now.

#5 Tomk1


    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 25 March 2013 - 06:16 PM

Thanks for letting me know.

Good luck and be well.
Posted Image

#6 LDTate


    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 26 March 2013 - 08:12 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users