Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Installed PSPAD and picked up the stt.streamjs.net virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 12th, 2013, 2:17 pm

I DLed and installed PSPAD ... from what I thought was a safe site ... :x

-= moved from another topic area =-

I now have the stt.streamjs.net virus.

HELP ... ... PLEEZ!

PC Running Win 7 Home Premium SP1 (Also running outta patience.)
My PC is used solely at home, mostly for gaming.
BTW All of my MS updatres are current.
I have no P2P programs running on my computer.

What I've done so far:
1. uninstalled PSPAD
2. uninstalled all of the shit programs that came with it ... that I can find
3. uninstalled and reinstalled Firefox
4. uninstalled and reinstalled both JAVA RTE (JRE) & Flash
5. tried to find out how to get rid of stt.streamjs.net ... most sites want me to DL something ... just isn't going to happen unless YOUR people tell me to, and from what site(s) to get the DLs from.

Firefrox is still being redirected to stt.streamjs.net :x just not as often.

- - - - - DDS logs: DDS.txt - - - - -
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.40.2
Run by Farthard at 11:04:32 on 2013-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8425 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
F:\PROGRAM FILES\BOINC\boincmgr.exe
F:\PROGRAM FILES\BOINC\boinctray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
F:\PROGRAM FILES\BOINC\boinc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
F:\PROGRAM FILES\BOINC\DATA FILES\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Farthard\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 53955032c84047d3ab632881ca33b549-6abcd5f844cd62902ededcbba54da48bd5c71fc4 --CMPID 0913a
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Farthard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: NameServer = 4.2.2.1 8.8.8.8 192.168.0.1
TCP: Interfaces\{DD62217A-D5CC-4C21-92B6-B0E0286BAC02} : DHCPNameServer = 4.2.2.1 8.8.8.8 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [boincmgr] "F:\PROGRAM FILES\BOINC\boincmgr.exe" /a /s
x64-Run: [boinctray] "F:\PROGRAM FILES\BOINC\boinctray.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2013-6-15 1600064]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-12 245760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-20 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-20 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-17 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="F:\Program Files\PSPad editor\PSPad.exe" "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-11 23:51:54 -------- d-----w- C:\Users\Farthard\AppData\Local\GreatArcadeHits
2013-10-11 23:51:48 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-10-11 21:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 21:33:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-11 21:17:48 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-11 20:04:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-11 19:38:27 -------- d-----w- C:\ProgramData\Oracle
2013-10-10 03:08:33 -------- d-----w- C:\Users\Farthard\AppData\Roaming\PSpad
.
==================== Find3M ====================
.
2013-10-11 21:17:40 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-10-11 21:17:40 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-10-11 20:04:04 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-11 20:04:04 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-05 08:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-27 12:46:06 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 08:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 08:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 08:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 08:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 11:04:42.92 ===============



- - - - - DDS logs: Attach.txt - - - - -
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 6/15/2013 5:08:02 PM
System Uptime: 10/11/2013 4:27:48 PM (19 hours ago)
.
Motherboard: DELL Inc. | | 0X501H
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 161 GiB total, 103.202 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 255 GiB total, 236.296 GiB free.
F: is FIXED (NTFS) - 255 GiB total, 202.933 GiB free.
G: is FIXED (NTFS) - 78 GiB total, 77.902 GiB free.
H: is FIXED (NTFS) - 853 GiB total, 742.03 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is FIXED (NTFS) - 149 GiB total, 54.102 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 9/17/2013 5:09:32 PM - Windows Update
RP74: 9/25/2013 6:11:35 AM - Scheduled Checkpoint
RP75: 9/28/2013 11:30:14 AM - Windows Backup
RP76: 9/29/2013 7:00:29 PM - Windows Backup
RP77: 10/6/2013 7:00:28 PM - Windows Backup
RP78: 10/9/2013 11:55:20 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP79: 10/9/2013 3:16:30 PM - Installed Java 7 Update 40 (64-bit)
RP80: 10/11/2013 12:30:46 PM - Removed Java 7 Update 25
RP81: 10/11/2013 12:31:44 PM - Removed Java 7 Update 25
RP82: 10/11/2013 12:32:32 PM - Removed Java 7 Update 40 (64-bit)
RP83: 10/11/2013 12:37:52 PM - Installed Java 7 Update 40
RP84: 10/11/2013 1:03:28 PM - Removed Java 7 Update 40
RP85: 10/11/2013 1:03:54 PM - Installed Java 7 Update 40
RP86: 10/11/2013 2:17:22 PM - Installed Java 7 Update 40 (64-bit)
RP87: 10/11/2013 4:05:51 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AVG 2013
BOINC
Brother MFL-Pro Suite HL-2280DW
GIMP 2.8.6
HxD Hex Editor version 1.7.7.0
Java 7 Update 40
Java 7 Update 40 (64-bit)
Java Auto Updater
MICRODEM Freeware GIS
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nuance PaperPort 12
Nuance PDF Viewer Plus
OpenOffice 4.0.0
Paint.NET v3.5.10
PaperPort Image Printer 64-bit
PSPad editor
Railroad Tycoon 3 1.06
Recuva
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Tropico 3: Absolute Power
Tropico 4 Gold
Tropico Reloaded
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Visual Studio 2010 x64 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
10/11/2013 4:29:00 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm
Advertisement
Register to Remove

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 13th, 2013, 5:23 am

Hello Shamough, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 13th, 2013, 6:00 am

Hi Shamough,

Let's run a few scans to check for further signs of infection:

Step 1 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Report button to produce the scan report.
  5. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.

Step 2 - CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Right-click on the CKScanner.exe icon and select "Run as Administrator", then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 3 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 13th, 2013, 11:09 am

Thanks nunped :)

Note: I did not have AdwCleaner remove any files ... waiting for your input.

Hans/Shamough

- - - - - AdwCleaner[Rn].txt - - - - -

# AdwCleaner v3.007 - Report created 13/10/2013 at 07:32:13
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Farthard - CLUNKER
# Running from : C:\Users\Farthard\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Farthard\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


*************************

AdwCleaner[R0].txt - [1911 octets] - [13/10/2013 07:32:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1971 octets] ##########


- - - - - ckfiles.txt - - - - -

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.MCAPM0
----- EOF -----


- - - - - OTL.txt - - - - -

OTL logfile created on: 10/13/2013 7:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farthard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.84 Gb Available Physical Memory | 73.75% Memory free
23.98 Gb Paging File | 21.45 Gb Available in Paging File | 89.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161.30 Gb Total Space | 102.98 Gb Free Space | 63.85% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 255.31 Gb Total Space | 236.30 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive F: | 255.31 Gb Total Space | 202.93 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 78.03 Gb Total Space | 77.90 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive H: | 853.39 Gb Total Space | 742.03 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Drive M: | 149.00 Gb Total Space | 54.10 Gb Free Space | 36.31% Space Free | Partition Type: NTFS

Computer Name: CLUNKER | User Name: Farthard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/13 07:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farthard\Desktop\OTL.exe
PRC - [2013/09/10 19:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/10 19:26:53 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/10/11 14:33:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 19:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/08 10:41:16 | 001,600,064 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 FF FD 53 47 6A CE 01 [binary data]
IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-886581764-787746746-3050916297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/09 14:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Extensions
[2013/10/11 02:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions
[2013/10/09 15:41:47 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/10/09 15:46:04 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/10/09 15:38:08 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/10/09 15:38:08 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions\donottrackplus@abine.com
[2013/10/10 17:06:18 | 000,000,000 | ---D | M] (Redirect Bypasser) -- C:\Users\Farthard\AppData\Roaming\Mozilla\Profiles\c1ih0y3q.Farthard\extensions\redirectbypasser@moonlight21.com
[2013/10/09 14:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/09 14:30:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [boincmgr] F:\PROGRAM FILES\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [boinctray] F:\PROGRAM FILES\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-886581764-787746746-3050916297-1000..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Farthard\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 53955032c84047d3ab632881ca33b549-6abcd5f844cd62902ededcbba54da48bd5c71fc4 --CMPID 0913a File not found
O4 - HKU\S-1-5-21-886581764-787746746-3050916297-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Farthard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1 8.8.8.8 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD62217A-D5CC-4C21-92B6-B0E0286BAC02}: DhcpNameServer = 4.2.2.1 8.8.8.8 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/24 05:07:18 | 001,588,224 | R--- | M] () - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012/09/04 07:23:16 | 000,000,065 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2012/08/24 05:07:18 | 001,588,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/13 07:32:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/13 07:30:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Farthard\Desktop\OTL.exe
[2013/10/12 10:41:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Farthard\Desktop\dds.scr
[2013/10/11 16:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
[2013/10/11 16:51:54 | 000,000,000 | ---D | C] -- C:\Users\Farthard\AppData\Local\GreatArcadeHits
[2013/10/11 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/10/11 16:14:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/11 16:14:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/11 16:14:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/11 16:14:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/11 16:14:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/11 16:14:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/11 16:14:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/11 16:14:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/11 16:14:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/11 16:14:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/11 16:14:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/11 16:14:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/11 16:14:17 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/11 16:14:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/11 16:14:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/11 14:33:09 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/11 14:33:09 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/11 14:17:52 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/10/11 14:17:48 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/10/11 14:17:48 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/10/11 14:17:48 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/10/11 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/11 13:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/11 13:04:13 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/11 13:04:09 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/11 13:04:09 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/11 13:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/11 13:04:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/11 13:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/11 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/10 12:06:33 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 12:06:31 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 12:06:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 12:06:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 12:06:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 12:06:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 12:06:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 12:06:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 12:06:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 12:06:28 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 12:06:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 12:06:28 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 12:06:24 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 12:06:23 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 12:06:23 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 12:06:23 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 12:06:23 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 12:06:22 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 12:06:22 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 12:06:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 12:06:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 12:06:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 12:06:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 12:06:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 12:06:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 12:06:17 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 12:06:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 12:06:16 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 20:08:33 | 000,000,000 | ---D | C] -- C:\Users\Farthard\AppData\Roaming\PSpad
[2013/10/09 15:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/10/09 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/09 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/10/09 14:30:32 | 000,000,000 | ---D | C] -- C:\Users\Farthard\AppData\Local\Mozilla
[2013/10/09 14:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/30 20:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 15:54:38 | 000,000,000 | ---D | C] -- C:\Users\Farthard\Desktop\T.4 Saves

========== Files - Modified Within 30 Days ==========

[2013/10/13 07:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farthard\Desktop\OTL.exe
[2013/10/13 07:29:07 | 000,468,480 | ---- | M] () -- C:\Users\Farthard\Desktop\CKScanner.exe
[2013/10/13 07:26:36 | 001,048,960 | ---- | M] () -- C:\Users\Farthard\Desktop\AdwCleaner.exe
[2013/10/13 07:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/12 10:41:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Farthard\Desktop\dds.scr
[2013/10/11 16:53:25 | 000,000,698 | ---- | M] () -- C:\Users\Farthard\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2013/10/11 16:36:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/11 16:36:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/11 16:33:27 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/11 16:33:27 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/11 16:33:27 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 16:28:56 | 000,221,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 16:28:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/11 16:28:38 | 1066,651,646 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/11 14:33:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/11 14:33:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/11 14:17:41 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/10/11 14:17:40 | 001,095,080 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/10/11 14:17:40 | 000,973,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/10/11 14:17:40 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/10/11 14:17:40 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/10/11 14:17:40 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/10/11 13:04:04 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/10/11 13:04:04 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/11 13:04:04 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/11 13:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/11 13:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/11 13:04:04 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/09 14:30:25 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Firefox.lnk
[2013/09/22 16:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 16:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/22 16:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/22 16:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/22 16:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/22 15:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/22 15:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 15:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 15:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 15:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 15:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/22 15:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/22 15:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/20 19:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/20 19:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

========== Files Created - No Company Name ==========

[2013/10/13 07:29:25 | 000,468,480 | ---- | C] () -- C:\Users\Farthard\Desktop\CKScanner.exe
[2013/10/13 07:27:05 | 001,048,960 | ---- | C] () -- C:\Users\Farthard\Desktop\AdwCleaner.exe
[2013/10/11 16:53:25 | 000,000,698 | ---- | C] () -- C:\Users\Farthard\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2013/10/11 14:33:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/09 14:30:25 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/09 14:30:25 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Firefox.lnk
[2013/07/13 18:13:43 | 000,000,707 | ---- | C] () -- C:\Users\Farthard\.languagetool-ooo.cfg
[2013/06/16 17:34:01 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013/06/15 23:45:09 | 000,000,017 | ---- | C] () -- C:\Users\Farthard\AppData\Local\resmon.resmoncfg
[2013/06/15 21:35:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/14 09:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/09/14 09:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


- - - - - Extras.txt - - - - -

OTL Extras logfile created on: 10/13/2013 7:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farthard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.84 Gb Available Physical Memory | 73.75% Memory free
23.98 Gb Paging File | 21.45 Gb Available in Paging File | 89.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161.30 Gb Total Space | 102.98 Gb Free Space | 63.85% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 255.31 Gb Total Space | 236.30 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive F: | 255.31 Gb Total Space | 202.93 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 78.03 Gb Total Space | 77.90 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive H: | 853.39 Gb Total Space | 742.03 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Drive M: | 149.00 Gb Total Space | 54.10 Gb Free Space | 36.31% Space Free | Partition Type: NTFS

Computer Name: CLUNKER | User Name: Farthard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-886581764-787746746-3050916297-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E7775B0-576C-4223-B557-41A8737A8D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{406BCFD5-7C87-4A6C-8870-93E375821866}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5FFED0C8-2932-4E5B-A085-F83911BFF27D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6D31C649-2C12-4FDD-AFB1-0CF0CECA7A54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9F9954A2-1934-4662-BF2C-14B51F9F8FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{DF3E167A-8F55-46DE-8306-EC2E4C78E1B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F2B04E88-1433-487C-8308-904FE6E5FA76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F993B14C-0E87-4C1A-976D-328C320BEDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68D2AC29-B594-466A-8D6F-238FA2135BB5}" = BOINC
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BC20D4CC-C409-42A9-A783-B3ACBD5ABE91}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"GIMP-2_is1" = GIMP 2.8.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite HL-2280DW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}" = MICRODEM Freeware GIS
"{65422AD6-A33F-49C6-A02C-A6FD81FAAEB2}_is1" = Tropico Reloaded
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PSPad editor_is1" = PSPad editor
"RT3Patch" = Railroad Tycoon 3 1.06
"Tropico3" = Tropico 3: Absolute Power

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-886581764-787746746-3050916297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4 Gold" = Tropico 4 Gold

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2013 7:51:43 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: RT3.exe, version: 1.0.0.1, time stamp:
0x00000000 Faulting module name: RT3.exe, version: 1.0.0.1, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000d9285 Faulting process id: 0x934 Faulting application
start time: 0x01ce89f660b0bdf3 Faulting application path: E:\PROGRAM FILES\Railroad
Tycoon 3 - 1.06\RT3.exe Faulting module path: E:\PROGRAM FILES\Railroad Tycoon 3
- 1.06\RT3.exe Report Id: bcf684a1-f5e9-11e2-a966-0023aee724f1

Error - 7/26/2013 7:52:40 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: RT3.exe, version: 1.0.0.1, time stamp:
0x00000000 Faulting module name: RT3.exe, version: 1.0.0.1, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000d9285 Faulting process id: 0xf78 Faulting application
start time: 0x01ce89f6886b558f Faulting application path: E:\PROGRAM FILES\Railroad
Tycoon 3 - 1.06\RT3.exe Faulting module path: E:\PROGRAM FILES\Railroad Tycoon 3
- 1.06\RT3.exe Report Id: df23ea53-f5e9-11e2-a966-0023aee724f1

Error - 7/26/2013 7:53:37 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: RT3.exe, version: 1.0.0.1, time stamp:
0x00000000 Faulting module name: RT3.exe, version: 1.0.0.1, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000d9285 Faulting process id: 0xba4 Faulting application
start time: 0x01ce89f6afe76575 Faulting application path: E:\PROGRAM FILES\Railroad
Tycoon 3 - 1.06\RT3.exe Faulting module path: E:\PROGRAM FILES\Railroad Tycoon 3
- 1.06\RT3.exe Report Id: 00e34b76-f5ea-11e2-a966-0023aee724f1

Error - 8/20/2013 2:53:05 AM | Computer Name = Clunker | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 23.0.1.4974 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1380 Start
Time: 01ce9d71c50a4488 Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id:

Error - 9/5/2013 2:29:38 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: Tropico4 Gold.exe, version: 1.6.345.25459,
time stamp: 0x50923e21 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0x00000000 Fault offset: 0x00000000 Faulting process id:
0x4f0 Faulting application start time: 0x01cea9ebe3ce181f Faulting application path:
E:\PROGRAM FILES\Kalypso\Tropico 4 Gold\Tropico4 Gold.exe Faulting module path:
unknown Report Id: 89a68525-15f4-11e3-a51d-0023aee724f1

Error - 9/21/2013 4:10:37 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: Tropico4 Gold.exe, version: 1.6.345.25459,
time stamp: 0x50923e21 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0x00000000 Fault offset: 0x00000000 Faulting process id:
0x9e0 Faulting application start time: 0x01ceb68b0162e56b Faulting application path:
E:\PROGRAM FILES\Kalypso\Tropico 4 Gold\Tropico4 Gold.exe Faulting module path:
unknown Report Id: 4b73b6bf-2295-11e3-9d66-0023aee724f1

Error - 9/21/2013 8:07:43 PM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: Tropico4 Gold.exe, version: 1.6.345.25459,
time stamp: 0x50923e21 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0x00000000 Fault offset: 0x00000000 Faulting process id:
0xfc0 Faulting application start time: 0x01ceb70dffedc1f6 Faulting application path:
E:\PROGRAM FILES\Kalypso\Tropico 4 Gold\Tropico4 Gold.exe Faulting module path:
unknown Report Id: fff47970-231a-11e3-9d66-0023aee724f1

Error - 10/6/2013 9:40:03 AM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: Tropico4 Gold.exe, version: 1.6.345.25459,
time stamp: 0x50923e21 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0x00000000 Fault offset: 0x00000000 Faulting process id:
0xb30 Faulting application start time: 0x01cec208acadedd6 Faulting application path:
E:\PROGRAM FILES\Kalypso\Tropico 4 Gold\Tropico4 Gold.exe Faulting module path:
unknown Report Id: cd6df8aa-2e8c-11e3-9daf-0023aee724f1

Error - 10/9/2013 10:37:07 AM | Computer Name = Clunker | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ca4 Start
Time: 01cec4fbae7be116 Termination Time: 0 Application Path: C:\Windows\system32\NOTEPAD.EXE

Report
Id: 400824b6-30f0-11e3-9daf-0023aee724f1

Error - 10/9/2013 5:06:52 PM | Computer Name = Clunker | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686,
time stamp: 0x52058cf0 Faulting module name: TubeSaver-1-bho.dll_unloaded, version:
0.0.0.0, time stamp: 0x5208ae68 Exception code: 0xc0000005 Fault offset: 0x03e24732
Faulting
process id: 0x1134 Faulting application start time: 0x01cec53375cc3653 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
TubeSaver-1-bho.dll Report Id: b7b171ef-3126-11e3-9daf-0023aee724f1

[ System Events ]
Error - 10/3/2013 7:16:13 PM | Computer Name = Clunker | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR8.

Error - 10/3/2013 7:22:53 PM | Computer Name = Clunker | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR9.

Error - 10/3/2013 7:22:54 PM | Computer Name = Clunker | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR9.

Error - 10/10/2013 8:04:26 PM | Computer Name = Clunker | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:02:26 PM on ?10/?10/?2013 was unexpected.

Error - 10/10/2013 8:04:35 PM | Computer Name = Clunker | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/11/2013 5:51:26 AM | Computer Name = Clunker | Source = DCOM | ID = 10010
Description =

Error - 10/11/2013 5:51:28 AM | Computer Name = Clunker | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/11/2013 7:26:52 PM | Computer Name = Clunker | Source = DCOM | ID = 10010
Description =

Error - 10/11/2013 7:27:15 PM | Computer Name = Clunker | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/11/2013 7:29:00 PM | Computer Name = Clunker | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >

- - - - - Thanks - - - - -
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 13th, 2013, 1:40 pm

Hi Shamough,

You are welcome :)

Step 1
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O3 - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O32 - AutoRun File - [2012/08/24 05:07:18 | 001,588,224 | R--- | M] () - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012/09/04 07:23:16 | 000,000,065 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2012/08/24 05:07:18 | 001,588,224 | R--- | M] ()

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

How is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 14th, 2013, 4:57 am

nunped, thanks again for your help.

If I don't get back to your next post its because I'm in the hospital. (I'm 71 and atm I think I'm having a mild heart attack. Numbness in my left arm and some mild discomfort in my chest.)

Hans/Shamough

- - - - - OTL Report - - - - -

All processes killed
Error: Unable to interpret <Code: Select all> in the current context!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret < O3 - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.> in the current context!
Error: Unable to interpret < O32 - AutoRun File - [2012/08/24 05:07:18 | 001,588,224 | R--- | M] () - D:\AutoRun.exe -- [ UDF ]> in the current context!
Error: Unable to interpret < O32 - AutoRun File - [2012/09/04 07:23:16 | 000,000,065 | R--- | M] () - D:\autorun.inf -- [ UDF ]> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2012/08/24 05:07:18 | 001,588,224 | R--- | M] ()> in the current context!
Error: Unable to interpret < :files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < :commands> in the current context!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50051 bytes
->Temporary Internet Files folder emptied: 230115 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Farthard
->Temp folder emptied: 61019901 bytes
->Temporary Internet Files folder emptied: 20716411 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113815899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42293561 bytes
RecycleBin emptied: 41826 bytes

Total Files Cleaned = 227.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_012343

Files\Folders moved on Reboot...
C:\Users\Farthard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Farthard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


- - - - - AdwCleaner Report - - - - -

# AdwCleaner v3.007 - Report created 14/10/2013 at 01:37:41
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Farthard - CLUNKER
# Running from : C:\Users\Farthard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


*************************

AdwCleaner[R0].txt - [2067 octets] - [13/10/2013 07:32:13]
AdwCleaner[R1].txt - [1963 octets] - [14/10/2013 01:33:52]
AdwCleaner[S0].txt - [1841 octets] - [14/10/2013 01:37:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1901 octets] ##########
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 14th, 2013, 10:34 am

Hi Shamough,

If I don't get back to your next post its because I'm in the hospital. (I'm 71 and atm I think I'm having a mild heart attack. Numbness in my left arm and some mild discomfort in my chest.)

I sincerely hope you get better as soon as possible.

The OTL fix didn't go as expected... Let's try again. Then please give me an update on computer performance.

Run OTL Script

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    O3 - HKU\S-1-5-21-886581764-787746746-3050916297-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O32 - AutoRun File - [2012/08/24 05:07:18 | 001,588,224 | R--- | M] () - D:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2012/09/04 07:23:16 | 000,000,065 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2012/08/24 05:07:18 | 001,588,224 | R--- | M] ()
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Best wishes,
nunped
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 14th, 2013, 3:24 pm

Thanks again nunped

Drs., didn't find anything serious enough to keep me in the hospital.
--------------------------------------

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-886581764-787746746-3050916297-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76901d84-d617-11e2-b62d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76901d84-d617-11e2-b62d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76901d84-d617-11e2-b62d-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Farthard\Desktop\cmd.bat deleted successfully.
C:\Users\Farthard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Farthard
->Temp folder emptied: 455344 bytes
->Temporary Internet Files folder emptied: 37755 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_121315

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Users\Farthard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Farthard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 14th, 2013, 3:37 pm

Hi Shamough,

Drs., didn't find anything serious enough to keep me in the hospital.

Hope it stays that way.

Are you still experiencing redirects?

Run this scan, please:
ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 15th, 2013, 1:59 am

F:\G\J - MISC STUFF\_Software Updates\AnchorFree.com - HotSpotShield\HSS-0.941-install.exe a variant of Win32/HotSpotShield application
F:\G\J - MISC STUFF\_Software Updates\_Browsers & News Readers\FLVPlayer\FLVPlayerSetup.exe a variant of Win32/SweetIM.A application
F:\G\J - MISC STUFF\_Software Updates\_Tools\Tools\FreeRip MP3 v2.21\freeripmp3.exe a variant of Win32/AdInstaller application
F:\Installs\pcspeedup_c9accfa00ad64b32b5385402904efdcc_.exe a variant of Win32/Speedchecker.A application
F:\Installs\INSTALLED\cbsidlm-cbsi134-PSPad_Editor-ORG-10764528.exe probably a variant of Win32/CNETInstaller.A application
H:\PROGRAM FILES\Railroad Tycoon 3\RT3 Maps\cbsidlm-tr1_13-Railroad_Tycoon_3_Coast_to_Coast_expansion-SEO-10311383.exe Win32/DownloadAdmin.G application
H:\PROGRAM FILES\Railroad Tycoon 3\RT3 Maps\cbsidlm-tr1_13-Railroad_Tycoon_3_Patch-SEO-10252378.exe Win32/DownloadAdmin.G application
H:\PROGRAM FILES\Railroad Tycoon 3\RT3 Maps\cbsidlm-tr1_7-Free_Photo_Viewer-10808200.exe Win32/DownloadAdmin.D application
M:\G\J - MISC STUFF\_Software Updates\AnchorFree.com - HotSpotShield\HSS-0.941-install.exe a variant of Win32/HotSpotShield application
M:\G\J - MISC STUFF\_Software Updates\_Browsers & News Readers\FLVPlayer\FLVPlayerSetup.exe a variant of Win32/SweetIM.A application
M:\G\J - MISC STUFF\_Software Updates\_Tools\Tools\FreeRip MP3 v2.21\freeripmp3.exe a variant of Win32/AdInstaller application
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 16th, 2013, 5:35 am

Hi Shamough,

Please give me an update on your computer performance.



Then,
Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:
F:\G\J - MISC STUFF\_Software Updates\AnchorFree.com - HotSpotShield\HSS-0.941-install.exe
F:\G\J - MISC STUFF\_Software Updates\_Browsers & News Readers\FLVPlayer\FLVPlayerSetup.exe
F:\G\J - MISC STUFF\_Software Updates\_Tools\Tools\FreeRip MP3 v2.21\freeripmp3.exe
F:\Installs\pcspeedup_c9accfa00ad64b32b5385402904efdcc_.exe
F:\Installs\INSTALLED\cbsidlm-cbsi134-PSPad_Editor-ORG-10764528.exe


  • Press the Browse button and navigate to -one- of the files in the list.
  • Double click the located file name. The file name should now appear in the online scanner's text entry box.
  • Click on Send File button.
  • The file will be queued, uploaded and scanned by various antivirus scanners. This may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  • When all scans have completed the results page is displayed
  • Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  • Please repeat this procedure for each file listed above.
  • Paste the Web address link(s) for the scan results in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby Shamough » October 16th, 2013, 7:38 am

I deleted all of the files that were listed ... most I'd forgotten about and don't use ... or try to use. Anyway they are all off of my computer now and no longer available to be scanned.

Computer seems to be error free ... but then I don't run it thru its paces and mostly play off line games atm.

I've not been hi-jacked since you started helping ... I won't hold my breath ... but I think you did it!

Thanks

Hans/Shamough
Shamough
Active Member
 
Posts: 7
Joined: October 11th, 2013, 2:22 pm

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby nunped » October 17th, 2013, 3:40 am

Hi Shamough,

I've not been hi-jacked since you started helping ... I won't hold my breath ... but I think you did it!

Good news. It appears it's clean of malware :)

Now, some clean-up steps:

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks, click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection and choose Create.
  4. In the System Restore dialog box, type a description for the restore point, like "All-clean", click Create.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK and close the System Restore dialog.
    Now you have a clean restore point.
Perform Disk Cleanup
Note: You have to have administrative rights to run Disk Cleanup for "All" users.
  1. Click Start button. Type disk in the Start Search text entry box.
  2. Double click the Disk Cleanup entry, from the matching program list.
  3. In the Disk Cleanup options select "Files from all users on this computer"
    If the Disk Cleanup: Drive Selection dialog box appears:
    • Select the drive where Windows is installed. (Normally, this would be C:\ drive)
    • Press the "OK"...button.
    Disk Cleanup will begin space saving calculations.
  4. When the calculations are finished... Press the More Options tab.
  5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
  6. Press the "Delete"... button, at the "Are you sure..." prompt.
    Disk Cleanup will begin cleaning up old files and restore points.
  7. Exit Disk Cleanup.
    This will remove all restore points except the one you just created.

Don't forget to re-enable your security programs!

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Installed PSPAD and picked up the stt.streamjs.net virus

Unread postby deltalima » October 19th, 2013, 5:55 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware