Whome

Infected

16 posts in this topic

malwarebytes log

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.12.10

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16466

Ally Laycock :: STORE [limited]

2013-02-06 6:22:43 PM

MBAM-log-2013-02-06 (19-18-10).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 257334

Time elapsed: 43 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Program Files (x86)\Windows Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> No action taken.

C:\Program Files (x86)\Windows Movie Maker\WMM2FILT.dll (Malware.Packer.Gen) -> No action taken.

(end)

DDS logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16453

Run by store at 19:19:10 on 2013-02-06

Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.5733.3517 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\WLANExt.exe

C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhostex.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

C:\Program Files\TOSHIBA\Teco\TecoService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

C:\Program Files\TOSHIBA\Teco\TecoResident.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe

C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\taskeng.exe

C:\windows\notepad.exe

C:\windows\syswow64\wwahost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=hp

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

uDefault_Page_URL = hxxp://toshiba13.msn.com

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

mURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll

BHO: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

TB: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll

TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [browser Infrastructure Helper] C:\Users\store\AppData\Local\Smartbar\Application\SnapDo.exe startup

uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [TPUReg] "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 24.226.1.93 24.226.10.193 24.226.10.194

TCP: Interfaces\{026BCCFD-ACC3-4CEB-A7BB-4811F5F881F8} : DHCPNameServer = 127.0.0.1

TCP: Interfaces\{9651E176-9CEA-4B7E-B02D-EF9B9BD3CC90} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194

TCP: Interfaces\{9651E176-9CEA-4B7E-B02D-EF9B9BD3CC90}\14355535 : DHCPNameServer = 192.168.1.1 24.226.1.94

TCP: Interfaces\{9651E176-9CEA-4B7E-B02D-EF9B9BD3CC90}\25F47454253523437393 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{9651E176-9CEA-4B7E-B02D-EF9B9BD3CC90}\45865635F657273656 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{9651E176-9CEA-4B7E-B02D-EF9B9BD3CC90}\845616C697 : DHCPNameServer = 192.168.2.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -

x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe

x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe

x64-RunOnce: [*WerKernelReporting] C:\windows\System32\WerFault.exe -k -rq

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2012-9-24 131520]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-9-24 499096]

R1 aswnet;avast! AG Firewall Core Driver;C:\windows\System32\Drivers\aswnet.sys [2013-1-24 468144]

R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-1-24 984144]

R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-1-24 370288]

R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-9-24 168608]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 239616]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-1-24 25232]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-1-24 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-24 44808]

R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [2011-10-13 156672]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe [2013-1-23 143928]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]

R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [2009-9-11 14344]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

R2 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2012-8-10 214488]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2012-8-24 291240]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]

R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1402010.016\ccsetx64.sys [2013-1-23 168096]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-11 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20121123.001\IDSviA64.sys [2012-11-23 513184]

R3 LgBttPort;LGE Bluetooth TransPort;C:\windows\System32\Drivers\lgbtpt64.sys [2009-9-29 16384]

R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\windows\System32\Drivers\lgbtbs64.sys [2009-9-29 14848]

R3 LGVMODEM;LGE Virtual Modem;C:\windows\System32\Drivers\lgvmdm64.sys [2009-9-29 17408]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-9-24 252048]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-24 690832]

R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]

R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1402010.016\symds64.sys [2013-1-23 493216]

R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1402010.016\symefa64.sys [2013-1-23 1133216]

R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1402010.016\ironx64.sys [2013-1-23 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1402010.016\symnets.sys [2013-1-23 432800]

R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-7-28 458152]

R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-9-24 57000]

S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\System32\Drivers\lgandbus64.sys [2012-3-2 19456]

S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\System32\Drivers\lganddiag64.sys [2012-3-2 27648]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\System32\Drivers\lgandgps64.sys [2012-3-2 27136]

S3 ANDModem;LGE Android Platform USB Modem;C:\windows\System32\Drivers\lgandmodem64.sys [2012-3-2 34304]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]

S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1402010.016\symelam.sys [2013-1-23 23448]

.

=============== Created Last 30 ================

.

2013-02-02 03:21:52 -------- d-----w- C:\Program Files\CCleaner

2013-02-01 21:38:26 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin

2013-01-25 21:36:53 -------- d-----w- C:\Users\store\AppData\Local\LG Electronics

2013-01-25 21:34:34 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-01-25 21:32:22 -------- d-----w- C:\Program Files (x86)\LG Electronics

2013-01-24 16:03:27 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-01-24 16:03:19 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-01-24 16:03:19 468144 ----a-w- C:\windows\System32\drivers\aswnet.sys

2013-01-24 16:03:15 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-01-24 16:02:42 41224 ----a-w- C:\windows\avastSS.scr

2013-01-24 16:02:20 -------- d-----w- C:\ProgramData\AVAST Software

2013-01-24 16:02:20 -------- d-----w- C:\Program Files\AVAST Software

2013-01-24 14:11:49 -------- d-----w- C:\Users\store\AppData\Local\HP

2013-01-23 11:56:46 493216 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\symds64.sys

2013-01-23 11:56:46 432800 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\symnets.sys

2013-01-23 11:56:46 37496 ----a-r- C:\windows\System32\drivers\NISx64\1402010.016\srtspx64.sys

2013-01-23 11:56:46 23448 ----a-r- C:\windows\System32\drivers\NISx64\1402010.016\symelam.sys

2013-01-23 11:56:46 1133216 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\symefa64.sys

2013-01-23 11:56:45 776864 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\srtsp64.sys

2013-01-23 11:56:45 224416 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\ironx64.sys

2013-01-23 11:56:45 168096 ----a-w- C:\windows\System32\drivers\NISx64\1402010.016\ccsetx64.sys

2013-01-23 11:56:28 -------- d-----w- C:\windows\System32\drivers\NISx64\1402010.016

2013-01-13 16:02:27 -------- d-----w- C:\Program Files\DivX

2013-01-13 16:02:21 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2013-01-13 16:02:09 -------- d-----w- C:\Users\store\AppData\Roaming\Uniblue

2013-01-13 16:02:03 -------- d-----w- C:\Program Files (x86)\Uniblue

2013-01-13 16:01:46 -------- d-----w- C:\Program Files (x86)\DivX

2013-01-13 16:01:24 -------- d-----w- C:\ProgramData\DivX

2013-01-13 01:47:10 -------- d-----w- C:\Users\store\AppData\Roaming\Malwarebytes

2013-01-13 01:44:58 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-13 01:44:54 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-13 01:44:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-13 01:44:38 -------- d-----w- C:\Users\store\AppData\Local\Programs

2013-01-12 04:50:08 -------- d-----w- C:\ProgramData\AVS4YOU

2013-01-12 04:42:49 11137024 ----a-w- C:\windows\SysWow64\libmfxsw32.dll

2013-01-12 04:42:39 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2013-01-12 04:40:08 24576 ----a-w- C:\windows\SysWow64\msxml3a.dll

2013-01-12 04:40:08 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2013-01-12 04:33:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-12 02:40:59 2302464 ----a-w- C:\windows\System32\authui.dll

2013-01-09 04:35:21 86016 ----a-w- C:\windows\System32\ncryptsslp.dll

2013-01-09 04:35:21 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll

2013-01-09 04:34:51 2361344 ----a-w- C:\windows\System32\msxml6.dll

2013-01-09 04:34:51 1836032 ----a-w- C:\windows\System32\msxml3.dll

2013-01-09 04:34:50 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll

2013-01-09 04:34:50 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll

2013-01-09 04:34:50 2048 ----a-w- C:\windows\System32\msxml6r.dll

2013-01-09 04:34:50 2048 ----a-w- C:\windows\System32\msxml3r.dll

2013-01-09 04:34:50 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-09 04:34:50 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll

.

==================== Find3M ====================

.

2012-12-18 23:32:58 80728 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-18 23:32:58 695640 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 08:28:20 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 08:20:01 35328 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-16 08:08:33 362496 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 07:57:09 300032 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-06 04:23:00 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll

2012-12-06 04:22:59 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll

2012-12-04 04:21:42 368640 ----a-w- C:\windows\System32\sppwinob.dll

2012-12-04 03:59:08 4055552 ----a-w- C:\windows\System32\win32k.sys

2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll

2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll

2012-11-28 04:21:17 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2012-11-28 04:20:59 53760 ----a-w- C:\windows\System32\UXInit.dll

2012-11-27 07:00:32 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys

2012-11-27 07:00:29 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys

2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe

2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe

2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe

2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll

2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll

2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll

2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll

2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll

2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll

2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe

2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll

2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe

2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll

2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll

2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL

2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL

2012-11-27 03:57:32 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys

2012-11-27 03:56:29 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys

2012-11-27 03:55:44 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys

2012-11-20 08:00:23 6971624 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-11-20 05:24:19 1164800 ----a-w- C:\windows\SysWow64\Display.dll

2012-11-20 05:24:17 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll

2012-11-20 05:17:23 1184256 ----a-w- C:\windows\System32\Display.dll

2012-11-20 05:17:20 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll

2012-11-20 05:02:46 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL

2012-11-20 04:59:26 7168 ----a-w- C:\windows\System32\KBDKURD.DLL

2012-11-20 04:56:27 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys

2012-11-20 04:56:11 83456 ----a-w- C:\windows\System32\drivers\hidclass.sys

2012-11-20 04:54:31 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys

2012-11-15 06:08:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-15 06:06:34 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl

2012-11-13 04:20:30 1120768 ----a-w- C:\windows\System32\msctf.dll

2012-11-13 04:19:23 890880 ----a-w- C:\windows\SysWow64\msctf.dll

2012-11-10 04:23:25 132608 ----a-w- C:\windows\SysWow64\poqexec.exe

2012-11-10 04:23:18 148480 ----a-w- C:\windows\System32\poqexec.exe

2012-11-10 04:22:40 122880 ----a-w- C:\windows\System32\VmHostAI.dll

2012-11-10 04:22:35 144384 ----a-w- C:\windows\System32\tssdisai.dll

2012-11-10 04:22:14 126976 ----a-w- C:\windows\System32\RDWebAI.dll

2012-11-10 04:20:20 135680 ----a-w- C:\windows\System32\appserverai.dll

2012-11-09 04:49:51 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:03:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll

.

============= FINISH: 19:20:45.90 ===============

and

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 11/10/2012 3:32:18 PM

System Uptime: 2/6/2013 5:47:06 PM (2 hours ago)

.

Motherboard: AMD | | PLCBX8

Processor: AMD E1-1200 APU with Radeon HD Graphics | Socket FT1 | 1400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 406.636 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP11: 1/18/2013 6:38:31 PM - Scheduled Checkpoint

RP12: 1/24/2013 10:21:12 AM - Removed Splashtop Streamer

RP14: 1/25/2013 4:33:07 PM - Install LG UNITED Drivers

RP15: 2/2/2013 1:12:37 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

AVS Screen Capture version 2.0.2

AVS Update Manager 1.0

AVS Video Editor 6

AVS Video Recorder 2.5

AVS4YOU Software Navigator 1.4

Bejeweled 3

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

DivX Setup

Evernote v. 4.5.7

Google Chrome

Google Update Helper

Intel AppUp(SM) center

iTunes

LG Bluetooth Drivers

LG PC Suite IV

LG United Mobile Drivers

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Office

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 Parser and SDK

Norton Internet Security

Norton Online Backup

Norton Online Backup ARA

Plants vs. Zombies - Game of the Year

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Snap.Do

Splashtop Remote Client

Synaptics Pointing Device Driver

TOSHIBA Audio Enhancement

TOSHIBA Desktop Assist

TOSHIBA eco Utility

TOSHIBA Function Key

TOSHIBA HDD Accelerator

Toshiba Password Utility

TOSHIBA PC Health Monitor

TOSHIBA Recovery Media Creator

TOSHIBA Service Station

TOSHIBA System Driver

TOSHIBA System Settings

TOSHIBA VIDEO PLAYER

Uniblue DriverScanner

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.6195

VisualBee for Microsoft PowerPoint

VisualBee V.1 Toolbar

Wajam

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Movie Maker 6.1

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

2/4/2013 8:54:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.

2/4/2013 8:53:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service.

2/2/2013 12:46:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\windows\syswow64\wwahost.exe" -ServerName:App.wwa

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Report

RogueKiller V8.4.4 _x64_ [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : store [Admin rights]

Mode : Scan -- Date : 02/06/2013 20:43:46

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Users\store\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3630133523-2885219667-477785481-1001[...]\Run : Browser Infrastructure Helper (C:\Users\store\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND

[TASK][sUSP PATH] VisualBeeRecovery : C:\Users\store\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_S_02062013_02d2043.txt >>

RKreport[1]_S_02062013_02d2017.txt ; RKreport[2]_S_02062013_02d2040.txt ; RKreport[3]_S_02062013_02d2043.txt

Share this post


Link to post
Share on other sites

Did you actually have MB delete these? (shows "No Action Taken")

Files Detected: 2

C:\Program Files (x86)\Windows Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> No action taken.

C:\Program Files (x86)\Windows Movie Maker\WMM2FILT.dll (Malware.Packer.Gen) -> No action taken.

------------------------------------

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

You have Norton, avast and Defender on the system.

You only need one anti-virus program running on the system, more than that only causes conflicts.

Pick one, disable Defender and uninstall the other.

------------------------

I strongly suggest you uninstall Wajam from your add/remove programs:

http://www.systemloo...am_bho_dll.html

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

----------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Users\store\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3630133523-2885219667-477785481-1001[...]\Run : Browser Infrastructure Helper (C:\Users\store\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND

Now click Delete on the right hand column under Options

----------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Share this post


Link to post
Share on other sites
Did you actually have MB delete these? (shows "No Action Taken")

Quote

Files Detected: 2

C:\Program Files (x86)\Windows Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> No action taken.

C:\Program Files (x86)\Windows Movie Maker\WMM2FILT.dll (Malware.Packer.Gen) -> No action taken.

No, from what I have read they are false positives, if I am wrong I will run it again and delete them.

You have Norton, avast and Defender on the system.

You only need one anti-virus program running on the system, more than that only causes conflicts.

Pick one, disable Defender and uninstall the other.

I have deleted Norton but avast will not start.

I strongly suggest you uninstall Wajam from your add/remove programs:

http://www.systemloo...am_bho_dll.html

Done

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

Done

Adwcleaner log:

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 22:20:09

# Updated 05/02/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : store - STORE

# Boot Mode : Normal

# Running from : C:\Users\Ally Laycock\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : \END

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\VisualBee_V.1

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Ally Laycock\AppData\LocalLow\Conduit

Folder Found : C:\Users\Ally Laycock\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Ally Laycock\AppData\LocalLow\VisualBee_V.1

Folder Found : C:\Users\store\AppData\Local\Conduit

Folder Found : C:\Users\store\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Folder Found : C:\Users\store\AppData\Local\Smartbar

Folder Found : C:\Users\store\AppData\LocalLow\Conduit

Folder Found : C:\Users\store\AppData\LocalLow\VisualBee_V.1

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\VisualBee_V.1

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Found : HKCU\Software\SmartBar

Key Found : HKCU\Software\SmartbarBackup

Key Found : HKCU\Software\SmartbarLog

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3268494

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}

Key Found : HKLM\Software\VisualBee_V.1

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6CFC1E4-6257-4912-A035-5973F28D8A87}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADCA4F64-0ACD-4554-8C2C-08CD6A6D0326}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-3630133523-2885219667-477785481-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=hp

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms}

-\\ Google Chrome v24.0.1312.57

File : C:\Users\store\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Ally Laycock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6290 octets] - [06/02/2013 22:20:09]

########## EOF - \AdwCleaner[R1].txt - [6350 octets] ##########

Share this post


Link to post
Share on other sites

I think they are too.

You might want to upload them to VirusTotal for a free scan, let me know the results. (just copy back the url)

http://www.virustotal.com/

------------------------------------

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC (be back in the am)

Share this post


Link to post
Share on other sites

Got avast running again.

here is log after deletion and reboot:

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 22:46:09

# Updated 05/02/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : store - STORE

# Boot Mode : Normal

# Running from : C:\Users\Ally Laycock\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess

File Deleted : \END

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\VisualBee_V.1

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Ally Laycock\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ally Laycock\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Ally Laycock\AppData\LocalLow\VisualBee_V.1

Folder Deleted : C:\Users\store\AppData\Local\Conduit

Folder Deleted : C:\Users\store\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Folder Deleted : C:\Users\store\AppData\Local\Smartbar

Folder Deleted : C:\Users\store\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\store\AppData\LocalLow\VisualBee_V.1

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\SmartbarBackup

Key Deleted : HKCU\Software\SmartbarLog

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}

Key Deleted : HKLM\Software\VisualBee_V.1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6CFC1E4-6257-4912-A035-5973F28D8A87}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADCA4F64-0ACD-4554-8C2C-08CD6A6D0326}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=hp --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CA&userid=3268f26f-72e0-4baa-a64a-d33186fa3033&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\store\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Ally Laycock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6405 octets] - [06/02/2013 22:20:09]

AdwCleaner[R2].txt - [6465 octets] - [06/02/2013 22:45:37]

AdwCleaner[s1].txt - [6556 octets] - [06/02/2013 22:46:09]

########## EOF - \AdwCleaner[s1].txt - [6616 octets] ##########

Share this post


Link to post
Share on other sites

SHA256: 5060b9ac7d55e9e6ac08d938a33561307a3daa65a7680382c899411a3b765d2f File name: WMM2FILT.DLL Detection ratio: 2 / 46 Analysis date: 2013-02-07 03:53:13 UTC ( 0 minutes ago )

and

SHA256: 1b4c8b3ce000abaf4d355f341ea64fb02f9a26f4c8044698980bad36b334ccf2 File name: WMM2EXT.dll Detection ratio: 1 / 46 Analysis date: 2013-01-02 01:23:01 UTC ( 1 month ago )

Share this post


Link to post
Share on other sites

Much better. The Norton's expired and I was not told of it so there was time with no virus protection. Also a 13 year old tends to install things without knowing what they really are.

Share this post


Link to post
Share on other sites

Good!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Flash Player 11.5.502.149

Mozilla Firefox (18.0.2)

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Symantec Norton Online Backup NOBuAgent.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Looks Good......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.