It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

"tursted"/tursted.net [sic] click-hijack? kaytri.com 4jsdw9ta.com Level Quality Watcher

Posted 11/30/2013 9:55 PM
#96267
User avatar

Hilamonsta Member

Date Joined Nov 2016
Total Posts: 2
Yesterday I noticed that my browsing was generating a lot more popups than usual. More accurately, I was getting popups, and that's not something I ever get on my home machine. <br/> <br/>It seemed that as I was visiting reddit, every 10th click I was making on a link was being intercepted by an invisible frame and sending me to a tailored subdomain that was determined by whatever site I was using at the time. I could tell that something was up since the timing was off and the cursor was not changing to a Hand tool from the windows arrow when mousing over the hyperlinks. If I was clicking a reddit comment link, I would be sent to http://reddit.tursted.com (no that's not a typo) and if it was an imgur link, I would be sent to http://imgur.tursted.com. It may have been tursted.net. Again, not a typo. I can't remember since running through the prescribed utilities. My Panda Security browser integration something something caught a few of the redirects since the sites were in the database as being malicious. <br/> <br/>Anyhow, another fishy thing that was happening was that my Firefox addon NoScript was registering some strange commonalities in its list of blocked script requests. I noticed that in addition to there being many more total blocks than I typically see, the websites that I was visiting had much more overlap in the script blocks when it didn't seem like they should. For example, I had the following tabs open in Firefox: Best Buy, reddit, globalsecurity.org, Jinx.com, usajobs.gov, themittani.com, ribbonfarm.com. All of their tabs had blocked scripts from "kaytri.com" and "4jsdw9ta.com". My browser is still blocking these scripts while I write this post on forum.bullguard.com so I can only assume that these scripts are malicious and need to go. I've followed the directions and here are my logs as requested. <br/> <br/>Oh and my computer just shutdown with no warning just now, so that's great. Luckily this post was saved somehow. :mad: <br/> <br/>Sticking out like a sore thumb in the logs is Level Quality Watcher, which IIRC is a trojan. <br/> <br/>I found Firefox extensions that I don't recognize which were installed yesterday: "DictAddon", "Scorpion Saver". :nono: Firefox is running the following security addons, all of which are updated to their latest version: AddBlock Plus, Disconnect, HTTPS Finder, Lightbeam, NoScript, Web of Trust (WOT) <br/> <br/>System info that might not be included in the logs: I'm running Win7 64 bit, I only ever use Firefox, my hardware is primarily ASUS stuff, Canon printer, I'm on a private LAN with a router, I've got an Ubuntu partition for emergency situations <br/> <br/>Stuff I know I use that's in the HJT log: EveMon, Dropbox (I don't use skydrive or iCloud), OneNote, Desura, Livescribe, TeamViewer, Spybot, SUPERAntiSpyware <br/> <br/>Thanks in advance for any help that you may be able to provide. Any advice and reasoning regarding future anti-spyware software to use would be of great help. It seems things change rather quickly and I don't know what's a good piece of software anymore so I've been running three different ones to compensate. Panda is my only antivirus, of course. <br/> <br/> <br/>[red][4]Logfile of Trend Micro HijackThis v2.0.4[/4][/red] <br/>Scan saved at 3:50:51 PM, on 11/30/2013 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v11.0 (11.00.9600.16428) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe <br/>C:\Windows\SysWOW64\HsMgr.exe <br/>C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE <br/>C:\Program Files (x86)\Steam\Steam.exe <br/>C:\Program Files (x86)\EVEMon\EVEMon.exe <br/>C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe <br/>C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe <br/>C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe <br/>C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe <br/>C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe <br/>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe <br/>C:\Program Files (x86)\Mozilla Firefox\firefox.exe <br/>C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe <br/>C:\Program Files (x86)\Java\jre7\bin\java.exe <br/>C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>F2 - REG:system.ini: UserInit=userinit.exe, <br/>O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll <br/>O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL <br/>O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin <br/>O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-21-671534078-4294506487-2035977455-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-671534078-4294506487-2035977455-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 <br/>O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll <br/>O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll <br/>O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll <br/>O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll <br/>O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll <br/>O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll <br/>O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL <br/>O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <br/>O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: ArcGIS License Manager - Flexera Software, Inc. - C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe <br/>O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe <br/>O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe <br/>O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe <br/>O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) <br/>O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <br/>O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) <br/>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe <br/>O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe <br/>O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe <br/>O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe <br/>O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/> <br/>-- <br/>End of file - 16428 bytes <br/> <br/> <br/> <br/> <br/> <br/> <br/>[blue][4]Malwarebytes Anti-Malware 1.75.0.1300[/4][/blue] <br/>www.malwarebytes.org <br/> <br/>Database version: v2013.11.30.05 <br/> <br/>Windows 7 Service Pack 1 x64 NTFS <br/>Internet Explorer 11.0.9600.16428 <br/>Mark :: MARK-PC [administrator] <br/> <br/>11/30/2013 2:39:46 PM <br/>mbam-log-2013-11-30 (14-39-46).txt <br/> <br/>Scan type: Full scan (C:\|E:\|H:\|I:\|J:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 685338 <br/>Time elapsed: 48 minute(s), 39 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 5 <br/>C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\~ (PUP.Optional.Hao123.A) -> Quarantined and deleted successfully. <br/>H:\~ (CrackTool.Agent) -> Quarantined and deleted successfully. <br/>H:\~ (Trojan.P2P.Worm) -> Quarantined and deleted successfully. <br/>H:\~ (CrackTool.Agent) -> Quarantined and deleted successfully. <br/>H:\~ (Trojan.P2P.Worm) -> Quarantined and deleted successfully. <br/> <br/>(end) <br/> <br/> <br/> <br/> <br/> <br/>[4][red]DDS (Ver_2012-11-20.01) - NTFS_AMD64[/red][/4] <br/>Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 <br/>Run by Mark at 15:42:45 on 2013-11-30 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8159.5831 [GMT -5:00] <br/>. <br/>AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} <br/>SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} <br/>FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} <br/>. <br/>============== Running Processes =============== <br/>. <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\nvvsvc.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k GPSvcGroup <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe <br/>C:\Windows\system32\nvvsvc.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe <br/>C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe <br/>C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe <br/>C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe <br/>C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe <br/>C:\Program Files (x86)\Bluetooth Suite\adminservice.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Intel\iCLS Client\HeciServer.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe <br/>C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe <br/>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe <br/>C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe <br/>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe <br/>C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe <br/>C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskeng.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe <br/>C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe <br/>C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe <br/>C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe <br/>C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>C:\Windows\system32\svchost.exe -k bthsvcs <br/>C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe <br/>C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe <br/>C:\Windows\System32\rundll32.exe <br/>C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe <br/>C:\Windows\SysWOW64\HsMgr.exe <br/>C:\Windows\system\HsMgr64.exe <br/>C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe <br/>C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe <br/>C:\Program Files\Eraser\Eraser.exe <br/>C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE <br/>C:\Program Files\Logitech Gaming Software\LCore.exe <br/>C:\Program Files (x86)\Steam\Steam.exe <br/>C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE <br/>C:\Program Files (x86)\EVEMon\EVEMon.exe <br/>C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe <br/>C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe <br/>C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe <br/>C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe <br/>C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe <br/>C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe <br/>C:\Windows\System32\WUDFHost.exe <br/>C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <br/>C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe <br/>C:\Program Files (x86)\Common Files\Steam\SteamService.exe <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Windows\System32\svchost.exe -k LocalServicePeerNet <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe <br/>C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe <br/>C:\Windows\System32\svchost.exe -k secsvcs <br/>C:\Windows\servicing\TrustedInstaller.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\System32\cscript.exe <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uProxyServer = localhost:21320 <br/>mWinlogon: Userinit = userinit.exe, <br/>BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll <br/>BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll <br/>BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL <br/>BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll <br/>uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent <br/>uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun <br/>uRun: [EVEMon] "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized <br/>mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" <br/>mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe <br/>mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe <br/>mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe <br/>mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" <br/>mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide <br/>mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" <br/>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin <br/>mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray <br/>dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 <br/>StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>mPolicies-Explorer: NoActiveDesktop = dword:1 <br/>mPolicies-Explorer: NoActiveDesktopChanges = dword:1 <br/>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 <br/>mPolicies-System: ConsentPromptBehaviorUser = dword:3 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 <br/>IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html <br/>IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html <br/>IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 <br/>IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105 <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll <br/>IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll <br/>IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll <br/>IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll <br/>. <br/>INFO: HKCU has more than 50 listed domains. <br/>If you wish to scan all of them, select the 'Force scan all domains' option. <br/>. <br/>. <br/>INFO: HKLM has more than 50 listed domains. <br/> If you wish to scan all of them, select the 'Force scan all domains' option. <br/>. <br/>TCP: NameServer = 192.168.0.1 <br/>TCP: Interfaces\{6FB522C1-7895-4B3C-833A-963E83A142D4} : DHCPNameServer = 192.168.0.1 <br/>Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <br/>Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL <br/>SSODL: WebCheck - <orphaned> <br/>x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll <br/>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL <br/>x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL <br/>x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s <br/>x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" <br/>x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd <br/>x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke <br/>x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke <br/>x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" <br/>x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" <br/>x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart <br/>x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized <br/>x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" <br/>x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart <br/>x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll <br/>x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll <br/>x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll <br/>. <br/>INFO: x64-HKLM has more than 50 listed domains. <br/> If you wish to scan all of them, select the 'Force scan all domains' option. <br/>. <br/>x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <br/>x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL <br/>x64-SSODL: WebCheck - <orphaned> <br/>Hosts: 127.0.0.1 www.spywareinfo.com <br/>. <br/>================= FIREFOX =================== <br/>. <br/>FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\7ncvpblj.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/ <br/>FF - prefs.js: network.proxy.type - 0 <br/>FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL <br/>FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll <br/>FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll <br/>FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll <br/>FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll <br/>FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll <br/>FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll <br/>FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll <br/>FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll <br/>FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll <br/>FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll <br/>FF - plugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\7ncvpblj.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll <br/>FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll <br/>FF - ExtSQL: 2013-10-17 21:27; {c4080853-c699-4120-b8e0-618bff8a4474}; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\7ncvpblj.default\extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi <br/>FF - ExtSQL: 2013-11-29 00:00; thomas.cummerata@retta.biz; C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\7ncvpblj.default\extensions\thomas.cummerata@retta.biz <br/>FF - ExtSQL: !HIDDEN! 2013-11-29 16:28; thomas.cummerata@retta.biz; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\thomas.cummerata@retta.biz <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-8-9 24880] <br/>R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-28 91368] <br/>R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-28 122088] <br/>R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-28 109288] <br/>R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-28 114920] <br/>R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584] <br/>R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-28 95464] <br/>R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-28 69864] <br/>R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-28 119016] <br/>R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-28 305896] <br/>R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-28 118504] <br/>R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-28 114920] <br/>R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-28 246504] <br/>R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-28 106216] <br/>R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-10-11 206056] <br/>R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] <br/>R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] <br/>R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120] <br/>R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [2012-1-5 1408904] <br/>R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2013-8-18 918144] <br/>R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2013-8-18 915584] <br/>R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2013-8-18 586880] <br/>R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896] <br/>R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] <br/>R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-8-16 161560] <br/>R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4681 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4681 [?] <br/>R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-10-3 140768] <br/>R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-15 15125280] <br/>R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528] <br/>R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-10-17 169192] <br/>R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-10-11 122600] <br/>R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-10-11 124648] <br/>R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-10-11 137960] <br/>R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-10-19 37344] <br/>R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-18 1817560] <br/>R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-18 1033688] <br/>R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-18 171928] <br/>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496] <br/>R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-20 5087584] <br/>R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248] <br/>R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680] <br/>R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080] <br/>R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624] <br/>R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992] <br/>R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520] <br/>R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152] <br/>R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-8-15 2725376] <br/>R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-18 283064] <br/>R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-8-16 26136] <br/>R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-24 410008] <br/>R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-24 102808] <br/>R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408] <br/>R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800] <br/>R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008] <br/>R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] <br/>R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680] <br/>R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384] <br/>R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248] <br/>R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-28 39200] <br/>R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-16 872152] <br/>R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] <br/>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] <br/>S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336] <br/>S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-8-18 131912] <br/>S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2013-8-26 1501144] <br/>S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-11 111616] <br/>S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824] <br/>S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-10-11 105704] <br/>S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-10-27 26112] <br/>S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-17 19456] <br/>S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] <br/>S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-12 56832] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-17 1255736] <br/>S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] <br/>S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824] <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2013-11-30 20:35:34 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys <br/>2013-11-30 17:20:02 -------- d-----w- C:\AdwCleaner <br/>2013-11-30 17:13:21 388096 ----a-r- C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe <br/>2013-11-30 17:13:21 -------- d-----w- C:\Program Files (x86)\Trend Micro <br/>2013-11-29 21:28:14 -------- d-----w- C:\Program Files (x86)\ScorpionSaver <br/>2013-11-29 21:28:13 -------- d-----w- C:\temp <br/>2013-11-29 21:28:13 -------- d-----w- C:\Program Files (x86)\VideoLAN <br/>2013-11-29 21:28:11 -------- d-----w- C:\Program Files\Level Quality Watcher <br/>2013-11-29 21:28:07 -------- d-----w- C:\Users\Mark\AppData\Roaming\DictAddon <br/>2013-11-29 20:55:18 6668 ----a-w- C:\Windows\System32\cc_20131129_155516.reg <br/>2013-11-29 08:42:33 -------- d-----w- C:\Windows\Migration <br/>2013-11-29 08:42:04 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{972B10BA-22F1-46BB-8BF5-4EECFA103F8F}\mpengine.dll <br/>2013-11-26 18:02:27 -------- d-----w- C:\Users\Mark\AppData\Local\NVIDIA Corporation <br/>2013-11-17 04:09:58 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll <br/>2013-11-17 04:09:58 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll <br/>2013-11-17 04:09:58 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll <br/>2013-11-17 04:09:58 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll <br/>2013-11-17 04:09:58 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll <br/>2013-11-17 04:09:58 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll <br/>2013-11-15 18:09:59 92272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll <br/>2013-11-14 01:58:01 -------- d-----w- C:\Users\Mark\AppData\Roaming\StealthBastard[Steam] <br/>2013-11-13 04:23:11 -------- d-----w- C:\Users\Mark\AppData\Roaming\fltk.org <br/>2013-11-13 04:23:11 -------- d-----w- C:\ProgramData\fltk.org <br/>2013-11-13 04:16:07 197120 ----a-w- C:\Windows\System32\credui.dll <br/>2013-11-13 04:15:50 497152 ----a-w- C:\Windows\System32\drivers\afd.sys <br/>2013-11-13 04:15:50 404480 ----a-w- C:\Windows\System32\gdi32.dll <br/>2013-11-13 04:15:50 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll <br/>2013-11-11 13:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe <br/>2013-11-03 13:59:24 -------- d-----w- C:\Program Files (x86)\FreeTime <br/>2013-11-01 05:23:55 -------- d-----w- C:\Users\Mark\AppData\Roaming\AtomZombieData <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2013-11-27 23:09:31 466456 ----a-w- C:\Windows\System32\wrap_oal.dll <br/>2013-11-27 23:09:31 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll <br/>2013-11-27 23:09:31 122904 ----a-w- C:\Windows\System32\OpenAL32.dll <br/>2013-11-27 23:09:31 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll <br/>2013-11-16 19:16:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-11-16 19:16:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe <br/>2013-11-11 21:37:58 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe <br/>2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll <br/>2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll <br/>2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe <br/>2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll <br/>2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll <br/>2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin <br/>2013-11-11 10:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe <br/>2013-11-08 20:47:40 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll <br/>2013-11-08 20:47:39 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll <br/>2013-10-26 20:23:18 9322 ----a-w- C:\Windows\System32\cc_20131026_162316.reg <br/>2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll <br/>2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll <br/>2013-10-17 19:31:26 169192 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys <br/>2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll <br/>2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL <br/>2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL <br/>2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll <br/>2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL <br/>2013-10-11 09:46:22 137960 ----a-w- C:\Windows\System32\drivers\PSINProt.sys <br/>2013-10-11 09:46:22 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys <br/>2013-10-11 09:46:22 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys <br/>2013-10-11 09:46:21 206056 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys <br/>2013-10-11 09:46:21 122600 ----a-w- C:\Windows\System32\drivers\PSINFile.sys <br/>2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll <br/>2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll <br/>2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll <br/>2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll <br/>2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll <br/>2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll <br/>2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll <br/>2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll <br/>2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys <br/>2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe <br/>2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll <br/>2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll <br/>2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll <br/>2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll <br/>2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll <br/>2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll <br/>2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll <br/>2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll <br/>2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe <br/>2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe <br/>2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll <br/>2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe <br/>2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll <br/>2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe <br/>2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll <br/>2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll <br/>2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys <br/>2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll <br/>2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll <br/>2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys <br/>2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys <br/>2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll <br/>2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll <br/>2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll <br/>2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll <br/>2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll <br/>2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll <br/>2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll <br/>2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll <br/>2013-09-25 01:57:53 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll <br/>2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll <br/>2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll <br/>2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll <br/>2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe <br/>2013-09-12 02:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll <br/>2013-09-12 02:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll <br/>2013-09-12 02:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll <br/>2013-09-12 02:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll <br/>2013-09-12 00:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll <br/>2013-09-12 00:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll <br/>2013-09-12 00:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll <br/>2013-09-12 00:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll <br/>2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys <br/>2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll <br/>2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll <br/>2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys <br/>2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys <br/>2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys <br/>2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys <br/>2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys <br/>2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys <br/>2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys <br/>. <br/>============= FINISH: 15:43:02.17 ===============
Post attachments:
Posted 12/2/2013 8:21 PM
#96269
User avatar

M H Member

Date Joined Nov 2016
Total Posts: 1
Got the same deal - Malwarebytes and Spybot tell me everything is fine, but whenever I click anything on a page, I get sent to pageI'mon.tursted.net.
Posted 12/3/2013 7:32 AM
#96273
User avatar

Hilamonsta Member

Date Joined Nov 2016
Total Posts: 2
M H, I made some headway by going to windows's programs list and uninstalling a few recently installed apps. Also, you can manually uninstall the firefox addons without much fuss.
Posted 1/2/2014 12:04 AM
#96370
User avatar

woodchucker17 Member

Date Joined Nov 2016
Total Posts: 1
I created an account here so I can reply to your issue. I just went through this same thing a few days ago. I think certain websites are getting some noscript blocked items, that if you unblock them it opens the door. I believe that "4jsdw9ta.com" is one of them, as when you unblock it two others show up from some "cloudfront.com" or something. Anyways, Scorpion Saver and Level Quality Watcher were the result. Make sure you have system restore disabled, go into safe mode and use rkill, then quick scan with MB. Delete associated programs (I use CCleaner, but whatever). Then remove manually the folders. A google search turned up the locations of the folders to go after. Some are in Program Files, some are in your Docs and Settings folders (Application Data and Local Settings). The bastardly virus locks some of their folders too, so I had to use UnLockIT to kill the processes, unlock and delete the folders. Then run a registry cleaner. At this point I thought I had got it all, but no. For good measure, run rkill and MB again. That second scan is where it actually picked up most of the rest of it. I also ran AdAware and a third MB scan, and both came up clean. Good luck!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 11:40 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.