Inactive Adware, popups and dinging

Status
Not open for further replies.
G

GoneBajaSR

Hi: appreciate the guidance from here...will post log files as directed.

thx

jp

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Lana :: LANA-PC [administrator]

Protection: Enabled

9/27/2013 7:19:57 PM
mbam-log-2013-09-27 (19-19-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203763
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 2152 -> No action taken.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2008 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{d77aa852-def3-43cb-a3f5-bd679de72f32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\TypeLib\{c3c45c5f-2f1b-4012-a854-f89dc99f2335} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\Interface\{7F66829F-F442-431F-AF59-E4474505A67A} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> No action taken.

Registry Values Detected: 1
HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.

Files Detected: 13
C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Users\Lana\Downloads\SoftonicDownloader_for_snapseed (1).exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\Lana\Downloads\SoftonicDownloader_for_snapseed.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\Lana\Local Settings\Temporary Internet Files\Content.IE5\LF3FUETH\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\luckyleap.Common.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\sqlite3.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688
Run by Lana at 11:06:26 on 2013-09-28
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6098.3620 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\lucky leap\updateluckyleap.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Users\Lana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.softonic.com/MOY00016/tb_v1?SearchSource=10&cc=&mi=c8a623ad00000000000008606e455fe2
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
BHO: lucky leap: {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapbho.dll
BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN24JBR03S05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Lana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SAGEAC~1.LNK - C:\Program Files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{44C843CA-1B6D-42CA-AAAD-3EA1BE0CFF02} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-9-27 204880]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-9-27 378944]
R2 ActService;ACT! Service Host;C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-15 18432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-17 239616]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-10-26 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-10-26 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-10-26 149120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-9-27 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-9-27 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-27 46808]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-20 166720]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-27 701512]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-9-21 61913952]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-20 365376]
R2 Update lucky leap;Update lucky leap;C:\Program Files (x86)\lucky leap\updateluckyleap.exe [2013-8-29 206624]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-11-20 98472]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem22.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\Windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-27 25928]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-26 683664]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-9-27 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-9-27 1030952]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-15 81920]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-26 645952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2011-9-21 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\Drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-9-21 428384]
.
=============== Created Last 30 ================
.
2013-09-28 01:18:11--------d-----w-C:\Users\Lana\AppData\Roaming\Malwarebytes
2013-09-28 01:18:01--------d-----w-C:\ProgramData\Malwarebytes
2013-09-28 01:18:0025928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-09-28 01:18:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 01:17:43--------d-----w-C:\Users\Lana\AppData\Local\Programs
2013-09-28 01:11:5472016----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-09-28 01:11:5080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-28 01:11:5065336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-09-28 01:11:50204880----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-09-28 01:11:501030952----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-09-28 01:11:3341664----a-w-C:\Windows\avastSS.scr
2013-09-28 01:11:17--------d-----w-C:\Program Files\AVAST Software
2013-09-28 01:10:48--------d-----w-C:\ProgramData\AVAST Software
2013-09-27 23:05:159694160----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DB9B1B0-8ED5-45D2-9D40-285FC96A1A6A}\mpengine.dll
2013-09-27 21:13:369694160----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-24 19:58:02--------d-----w-C:\Program Files (x86)\lucky leap
2013-09-20 15:59:37--------d-----w-C:\Program Files (x86)\Citrix
2013-09-20 15:58:35--------d-----w-C:\Users\Lana\AppData\Local\Citrix
2013-09-17 22:23:27--------d-----w-C:\Users\Lana\AppData\Roaming\TeamViewer
2013-09-17 21:51:35--------d-----w-C:\Users\Lana\AppData\Local\ElevatedDiagnostics
2013-09-17 18:59:37144896----a-w-C:\Windows\System32\tssdisai.dll
2013-09-16 01:37:08--------d-----w-C:\Program Files (x86)\Softonic
2013-09-16 01:37:05--------d-----w-C:\Users\Lana\AppData\Roaming\Softonic
2013-09-16 01:37:04--------d-----w-C:\Users\Lana\AppData\Local\Nik Software
2013-09-16 01:36:47--------d-----w-C:\Program Files (x86)\Nik Software
2013-09-16 00:19:50965008------w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA5D2246-A342-4E48-8D16-DDAEB43DE5BA}\gapaengine.dll
2013-09-11 10:39:59701952----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
2013-09-10 16:13:39911032----a-w-C:\Program Files\Windows Defender\MpClient.dll
2013-09-10 16:12:55694272----a-w-C:\Windows\SysWow64\rpcrt4.dll
2013-09-10 16:12:551314816----a-w-C:\Windows\System32\rpcrt4.dll
2013-09-10 16:12:532233168----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-09-10 16:07:5298304----a-w-C:\Windows\System32\apprepsync.dll
2013-09-10 16:07:5287040----a-w-C:\Windows\SysWow64\apprepapi.dll
2013-09-10 16:07:5274240----a-w-C:\Windows\SysWow64\apprepsync.dll
2013-09-10 16:07:5268096----a-w-C:\Windows\System32\cryptsvc.dll
2013-09-10 16:07:52337408----a-w-C:\Windows\System32\wintrust.dll
2013-09-10 16:07:52261120----a-w-C:\Windows\SysWow64\wintrust.dll
2013-09-10 16:07:521889280----a-w-C:\Windows\System32\crypt32.dll
2013-09-10 16:07:521568256----a-w-C:\Windows\SysWow64\crypt32.dll
2013-09-10 16:07:52124416----a-w-C:\Windows\System32\apprepapi.dll
.
==================== Find3M ====================
.
2013-09-18 23:26:3578296----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 23:26:35694232----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:062241024----a-w-C:\Windows\System32\wininet.dll
2013-08-21 04:11:59915968----a-w-C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:5953760----a-w-C:\Windows\System32\UXInit.dll
2013-08-21 04:11:073959296----a-w-C:\Windows\System32\jscript9.dll
2013-08-21 04:11:0467072----a-w-C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04136704----a-w-C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:512706432----a-w-C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:111767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:0644032----a-w-C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:282876928----a-w-C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:2561440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:542706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56534528----a-w-C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:1358200----a-w-C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:262371728----a-w-C:\Windows\System32\WSService.dll
2013-08-16 05:32:48209200----a-w-C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:2240448----a-w-C:\Windows\System32\wuapp.exe
2013-08-16 05:22:114917760----a-w-C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30105984----a-w-C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:2135328----a-w-C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:0784992----a-w-C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07126976----a-w-C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03562688----a-w-C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03159232----a-w-C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:0283968----a-w-C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02167424----a-w-C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02143872----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02124928----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:5276800----a-w-C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:4791648----a-w-C:\Windows\SysWow64\sppc.dll
2013-08-03 04:30:144038144----a-w-C:\Windows\System32\win32k.sys
2013-07-09 08:04:07120144----a-w-C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21439488----a-w-C:\Windows\System32\WerFault.exe
2013-07-09 04:25:45385768----a-w-C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19245760----a-w-C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00543744----a-w-C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00414208----a-w-C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00370688----a-w-C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16312832----a-w-C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:171025024----a-w-C:\Windows\System32\localspl.dll
2013-07-03 00:23:43391168----a-w-C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12778752----a-w-C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:261300480----a-w-C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23268800----a-w-C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02551424----a-w-C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:1436288----a-w-C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49247216----a-w-C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:1467072----a-w-C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:2277312----a-w-C:\Windows\System32\openfiles.exe
.
============= FINISH: 11:06:34.04 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 4/9/2013 2:27:57 PM
System Uptime: 9/27/2013 3:02:26 PM (20 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | CM6330_CM6630_CM6730_CM6830
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 150 GiB total, 81.993 GiB free.
D: is FIXED (NTFS) - 765 GiB total, 765.158 GiB free.
E: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 9/15/2013 7:36:30 PM - Installed Snapseed
RP28: 9/24/2013 4:45:04 PM - Windows Update
RP29: 9/27/2013 7:11:03 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
???
????
Adobe Reader X (10.1.8) MUI
AI Suite II
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Easy Update
ASUS Music Maker
ASUS MX Suite
ASUS Video easy
ASUSDVD
avast! Free Antivirus
Bing Bar
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix Online Launcher
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
eManual
Firebird SQL Server - MAGIX Edition
Fotogalerie
Galeria de Fotografias
Galerie de photos
Galería de fotos
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.8.0.1189
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iCloud
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
iTunes
lucky leap 3.0.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nero 12 Essentials OEM.a01
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Launcher
Nero Update
Photo Common
Photo Gallery
Prerequisite installer
Raccolta foto
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af???
Sage ACT! Pro 2012
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Snapseed
Softonic toolbar on IE and Chrome
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Why ASUS PC
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
9/27/2013 3:33:05 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
9/24/2013 6:47:59 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user Lana-PC\Lana SID (S-1-5-21-2420420098-1629028483-150908305-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftMahjong_1.6.4.30605_x86__8wekyb3d8bbwe SID (S-1-15-2-2481395877-3904904754-2872837976-1880937080-3242436791-3293372984-3327460953). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Your MBAM log says "No action taken">
Re-run MBAM fix all issues and post new log.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
H
  • Locked
Inactive-A Computer stuttering during downloads of anything, sluggish and high CPU usage at random times.
Replies
21
Views
3K
Broni
Broni

Latest posts

Back