Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome and IE9 Redirected & video pop-ups


  • This topic is locked This topic is locked
16 replies to this topic

#1 Diggar

Diggar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 23 July 2013 - 08:31 AM

I have Windows Vista with Chrome and IE9. Chrome is worse and almost unusable with redirecting. IE is a little better but along with the redirecting, whenever I click a link to go to another webpage a small window opens on the page and an advertisment video plays. It happens no matter what webpage I go to even govenerment web pages. The video has an x next to it but it does not close the video when I click on it. There is also a ? there and when I click on that another page opens to toparcadehits.

 

I also get pop-up windows occassionaly with advertising.

 

This has been going on for about a month and I can no longer take it. I greatly appreciate your help and if you have any questions please ask me so I can help in anyway to clean this stupid things.

 

Thanks

Dig

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496 

BrowserJavaVersion: 10.25.2
Run by user at 8:26:46 on 2013-07-23
Microsoft® Windows Vista™ Business  

6.0.6002.2.1252.1.1033.18.3316.1191 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated*

{3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated*

{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated*

{9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated*

{84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes

================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security

Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0

\armsvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-

Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-

Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe
C:\Program Files\HTC\Internet Pass-

Through\PassThruSvr.exe
c:\Program Files\Common Files\Protexis\License

Service\PsiService_2.exe
C:\Program Files\Common

Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common

Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Spybot - Search & Destroy 2

\SDFSSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files\Seagate\Seagate

Dashboard\SeagateDashboardService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0

\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 10.0

\Acrobat\acrotray.exe
C:\Program Files\Microsoft Security

Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HTC\HTC Sync 3.0

\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java

Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2

\SDTray.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows

Live\Messenger\msnmsgr.exe
C:\Program Files\TeamViewer\Version8

\TeamViewer_Service.exe
C:\Program Files\Windows Media

Player\wmpnscfg.exe
C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2

\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2

\SDWSCSvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media

Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seagate\Seagate

Dashboard\MemeoDashboard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TeamViewer\Version8

\TeamViewer.exe
C:\Program Files\Seagate\Seagate

Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0

\WPF\PresentationFontCache.exe
C:\Program Files\Common

Files\Adobe\OOBE\PDApp\UWA\AAM Updates

Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Windows\system32

\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.e

xe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k

LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report

===============
.
uStart Page = hxxp://www.google.com/
BHO: DivX Plus Web Player HTML5 <video>:

{326E768D-4182-46FD-9C16-1449A49795F4} -

c:\program files\divx\divx plus web

player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-

4D22-B7F9-0BBC1D38A37E} - c:\program

files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-

462C-B6EB-D4DAF1D92D43} - c:\program

files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-

4C02-4ABF-8ECC-5164760863C6} - c:\program

files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper:

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} -

c:\program files\windows

live\companion\companioncore.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-

49395D5BF99C} - c:\program

files\wajam\ie\priam_bho.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-

9F13-6A06BD073CDA} -

c:\users\user\appdata\local\toparcadehits\Toparcadehi

ts.dll
BHO: Adobe PDF Conversion Toolbar Helper:

{AE7CD045-E861-484f-8273-0445EE161910} -

c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-

0E21-4959-BA22-42B3008E02FF} - c:\program

files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-

03dc2f38c34f} -
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-

9EB1-66033ECD8ABB} -

c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445

-435b-BC74-9C25C1C588A9} - c:\program

files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-

665D8EE6A077} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f}

-
uRun: [Sidebar] c:\program files\windows

sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update]

"c:\users\user\appdata\local\google\update\GoogleUp

date.exe" /c
uRun: [msnmsgr] "c:\program files\windows

live\messenger\msnmsgr.exe" /background
uRun: [aliim] "c:\program

files\trademanager\AliIM.exe" /autorun
uRun: [WMPNSCFG] c:\program files\windows media

player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32

\hkcmd.exe
mRun: [Persistence] c:\windows\system32

\igfxpers.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [BCSSync] "c:\program files\microsoft

office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common

files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx

update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common

files\apple\apple application

support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program

files\common

files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe

"
mRun: [SwitchBoard] c:\program files\common

files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program

files\common

files\adobe\cs5.5servicemanager\CS5.5ServiceManage

r.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program

files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program

files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Seagate Dashboard] c:\program

files\seagate\seagate dashboard\MemeoLauncher.exe

--silent --no_ui
mRun: [MSC] "c:\program files\microsoft security

client\msseces.exe" -hide -runkey
mRun: [SoundMAXPnP] c:\program files\analog

devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program

files\quicktime\QTTask.exe" -atboottime
mRun: [Intuit SyncManager] c:\program files\common

files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [HTC Sync Loader] "c:\program files\htc\htc

sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program

files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search &

destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1

\windows\startm~1\programs\startup\intuit~1.lnk -

c:\program files\common

files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1

\windows\startm~1\programs\startup\quickb~2.lnk -

c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1

\windows\startm~1\programs\startup\quickb~1.lnk -

c:\program files\intuit\quickbooks 2012\QBW32.EXE
mPolicies-Explorer:

BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle =

dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1

\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14

\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} -

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -

c:\program files\windows

live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -

{FFFDC614-B694-4AE6-AB38-5D6374584B52} -

c:\program files\microsoft office\office14

\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan

all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force

scan all domains' option.
.
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} -

hxxp://xserv.dell.com/DellDriverScanner/DellSystem.C

AB
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FB41B2C8-7195-4D85-B109-

5DAD8B24CA59} : DHCPNameServer = 75.75.75.75

75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-

00B0D022E945} - c:\program files\common

files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-

D85F968D466F} - c:\program files\intuit\quickbooks

2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-

53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-

83F89B8E6324} - c:\program files\windows live\photo

gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program

files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190

-DDA6-4420-B3BA-52453494E6CD} - c:\program

files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel

wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS

===============
.
R0 MpFilter;Microsoft Malware Protection

Driver;c:\windows\system32\drivers\MpFilter.sys

[2013-1-20 195296]
R2 FontCache;Windows Font Cache

Service;c:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HitmanProScheduler;HitmanPro

Scheduler;c:\program files\hitmanpro\hmpsched.exe

[2013-7-16 106280]
R2 MBAMScheduler;MBAMScheduler;c:\program

files\malwarebytes' anti-malware\mbamscheduler.exe

[2012-11-8 418376]
R2 MBAMService;MBAMService;c:\program

files\malwarebytes' anti-malware\mbamservice.exe

[2012-11-8 701512]
R2 NisDrv;Microsoft Network Inspection

System;c:\windows\system32\drivers\NisDrvWFP.sys

[2011-4-27 100328]
R2 PassThru Service;Internet Pass-Through

Service;c:\program files\htc\internet pass-

through\PassThruSvr.exe [2012-3-23 87040]
R2 QBVSS;QBIDPService;c:\program files\common

files\intuit\dataprotect\QBIDPService.exe [2011-8-19

1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner

Service;c:\program files\spybot - search & destroy 2

\SDFSSvc.exe [2013-6-24 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating

Service;c:\program files\spybot - search & destroy 2

\SDUpdSvc.exe [2013-6-24 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center

Service;c:\program files\spybot - search & destroy 2

\SDWSCSvc.exe [2013-6-24 171928]
R2 SeagateDashboardService;Seagate Dashboard

Service;c:\program files\seagate\seagate

dashboard\SeagateDashboardService.exe [2011-6-1

14088]
R2 TeamViewer8;TeamViewer 8;c:\program

files\teamviewer\version8\TeamViewer_Service.exe

[2013-1-20 4153184]
R2 UNS;Intel® Active Management Technology User

Notification Service;c:\program files\intel\amt\UNS.exe

[2011-11-10 2519040]
R2 WajamUpdater;WajamUpdater;c:\program

files\wajam\updater\WajamUpdater.exe [2013-4-22

109064]
R3

MBAMProtector;MBAMProtector;c:\windows\system32

\drivers\mbam.sys [2012-1-31 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program

files\microsoft security client\NisSrv.exe [2013-1-27

295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET

Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v

4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program

files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;FssFltr;c:\windows\system32

\drivers\fssfltr.sys [2012-7-31 39272]
S3 fsssvc;Windows Live Family Safety

Service;c:\program files\windows live\family

safety\fsssvc.exe [2012-3-8 1492840]
S3 HTCAND32;HTC Device

Driver;c:\windows\system32\drivers\ANDROIDUSB.sys

[2009-6-10 24576]
S3 htcdiag;HTC Android Diag

Port;c:\windows\system32\drivers\htcdiag.sys [2012-7

-25 101376]
S3 htcnprot;HTC NDIS Protocol

Driver;c:\windows\system32\drivers\htcnprot.sys

[2010-6-23 23040]
S3 Revoflt;Revoflt;c:\windows\system32

\drivers\revoflt.sys [2011-11-10 27192]
S3 SwitchBoard;Adobe SwitchBoard;c:\program

files\common

files\adobe\switchboard\SwitchBoard.exe [2010-2-19

517096]
S3 WPFFontCache_v0400;Windows Presentation

Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 wlcrasvc;Windows Live Mesh remote connections

service;c:\program files\windows

live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30

================
.
2013-07-23 12:11:50 7143960 ----a-w- 

c:\programdata\microsoft\microsoft

antimalware\definition updates\{11130719-13b6-4e62-

b823-c1f68158db70}\mpengine.dll
2013-07-22 12:11:46 -------- d-----w- 

c:\users\user\appdata\local\{4DBC7227-7B54-4D20-

80B2-766D37128A32}
2013-07-21 19:08:20 7143960 ------w- 

c:\programdata\microsoft\microsoft

antimalware\definition updates\backup\mpengine.dll
2013-07-19 13:10:00 -------- d-----w- 

c:\users\user\appdata\roaming\Alibaba
2013-07-19 00:10:00 -------- d-----w- 

c:\users\user\appdata\local\{7B0DC5AC-DCA7-4FDF-

8D73-14A76CBC72AB}
2013-07-18 07:09:18 -------- d-----w- 

c:\windows\system32\MRT
2013-07-17 14:57:08 -------- d-----w- c:\program

files\CCleaner
2013-07-17 14:21:05 698504 ------w- 

c:\programdata\microsoft\microsoft

antimalware\definition updates\{79cf5e34-b477-40b3-

9427-c0200c6db9bc}\gapaengine.dll
2013-07-17 00:08:54 -------- d-----w- 

c:\users\user\appdata\local\{E8DB1C83-9847-49F2-

9FFD-7F2A7D0CFCB3}
2013-07-16 13:19:04 -------- d-----w- c:\program

files\HitmanPro
2013-07-16 13:18:30 -------- d-----w- 

c:\programdata\HitmanPro
2013-07-16 13:11:34 -------- d-----w- 

c:\users\user\appdata\local\Wajam
2013-07-16 13:11:32 -------- d-----w- c:\program

files\Wajam
2013-07-16 13:11:03 33958 ----a-w- 

c:\programdata\uninstaller.exe
2013-07-16 13:10:48 -------- d-----w- 

c:\programdata\WeCareReminder
2013-07-16 13:10:15 -------- d-----w- 

c:\users\user\appdata\local\TopArcadeHits
2013-07-16 00:08:13 -------- d-----w- 

c:\users\user\appdata\local\{FBDF254F-CA4E-4A5A-

AB5D-7950E3D31284}
2013-07-12 00:06:18 -------- d-----w- 

c:\users\user\appdata\local\{13362C0E-A003-4A1E-

82C4-8B925A4F913F}
2013-07-11 12:48:09 981528 ----a-w- 

c:\windows\system32\heciudlg.exe
2013-07-11 12:47:59 45184 ----a-w- 

c:\windows\system32\drivers\HECI.sys
2013-07-11 12:05:49 -------- d-----w- 

c:\users\user\appdata\local\{28C5C868-8751-4828-

8D22-2480023A094E}
2013-07-11 07:01:57 -------- d-sh--w- 

c:\windows\system32\%APPDATA%
2013-07-11 05:10:04 2049024 ----a-w- 

c:\windows\system32\win32k.sys
2013-07-10 16:33:56 -------- d-----w- 

c:\users\user\appdata\local\{F6D4E76D-9555-42F7-

B7F6-8774CEF5BFC6}
2013-07-10 12:19:13 -------- d-----w- 

c:\users\user\appdata\local\temp
2013-07-10 12:18:45 -------- d-sh--w- 

C:\$RECYCLE.BIN
2013-07-10 12:05:31 98816 ----a-w- 

c:\windows\sed.exe
2013-07-10 12:05:31 256000 ----a-w- 

c:\windows\PEV.exe
2013-07-10 12:05:31 208896 ----a-w- 

c:\windows\MBR.exe
2013-07-10 04:33:31 -------- d-----w- 

c:\users\user\appdata\local\{D868EF70-02C0-4E30-

A07A-1FDE2D54BDCE}
2013-07-09 16:33:05 -------- d-----w- 

c:\users\user\appdata\local\{497095E4-1A4F-4E70-

AC3A-2A8A41058EE7}
2013-07-07 16:32:10 -------- d-----w- 

c:\users\user\appdata\local\{51ACBC19-E156-4862-

B0A8-22D0CBC14119}
2013-06-24 14:31:16 -------- d-----w- 

c:\programdata\Spybot - Search & Destroy
2013-06-24 14:30:43 15224 ----a-w- 

c:\windows\system32\sdnclean.exe
2013-06-24 14:30:35 -------- d-----w- c:\program

files\Spybot - Search & Destroy 2
2013-06-24 14:20:53 94632 ----a-w- 

c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M 

====================
.
2013-06-24 14:20:12 867240 ----a-w- 

c:\windows\system32\npdeployJava1.dll
2013-06-24 14:20:12 789416 ----a-w- 

c:\windows\system32\deployJava1.dll
2013-06-13 08:38:11 71048 ----a-w- 

c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 08:38:11 692104 ----a-w- 

c:\windows\system32\FlashPlayerApp.exe
2013-06-01 04:06:08 505344 ----a-w- 

c:\windows\system32\qedit.dll
2013-05-29 01:50:14 1800704 ----a-w- 

c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- 

c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- 

c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- 

c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- 

c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- 

c:\windows\system32\mshtml.tlb
2013-05-22 15:21:06 4325376 ----a-w- 

c:\programdata\ReadOnlyInstaller.msi
2013-05-08 04:04:52 1548288 ----a-w- 

c:\windows\system32\WMVDECOD.DLL
2013-05-08 03:40:36 914792 ----a-w- 

c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58:22 31232 ----a-w- 

c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 22:03:36 3603832 ----a-w- 

c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- 

c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50 238872 ------w- 

c:\windows\system32\MpSigStub.exe
2013-05-02 04:04:25 443904 ----a-w- 

c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- 

c:\windows\system32\printcom.dll
.
============= FINISH:  8:27:40.81 ===============

Attached Files


Edited by Diggar, 23 July 2013 - 08:57 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 23 July 2013 - 04:24 PM

Hello Diggar,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

AdwCleaner log

Roguekiller log

Do you have A USB Flash Drive you can use?

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 24 July 2013 - 07:05 AM

Again thank you for you help and the work that you are doing.

 

RougeKiller found numerous problems in the registry called SUSP PATH  from TideyNetwork Update

I did not delete any of the problems it is showing. Should I delete these items?

Thanks

 

 

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 07:44:18
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : user - JAZZKAT-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

*************************

AdwCleaner[S1].txt - [4644 octets] - [24/07/2013 07:44:18]

########## EOF - C:\AdwCleaner[S1].txt - [4704 octets] ##########

 

_______________________________________________________

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service

Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 07/24/2013 08:00:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0)

-> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0)

-> FOUND
[HJ SMENU] HKCU\[...]\Advanced :

Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72

-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-

3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TidyNetwork Update :

C:\Users\user\AppData\Local\TidyNetwork.com\tidy2u

pdate.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1   ad.doubleclick.net --> Potentially malicious!
127.0.0.1   ad.doubleclick.be --> Potentially malicious!
127.0.0.1   ad.doubleclick.com --> Potentially

malicious!
127.0.0.1   ad.doubleclick.de --> Potentially malicious!

127.0.0.1 localhost
127.0.0.1   ad.doubleclick.net
127.0.0.1   ad.doubleclick.be
127.0.0.1   ad.doubleclick.com
127.0.0.1   ad.doubleclick.de
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-75MSA3 ATA

Device +++++
--- User ---
[MBR] 316c3ec7d6fbef0612d7bfe36989cdb9
[BSP] 9407c283e8c4e6ee3c82c618869e045e : Windows

Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors):

255 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800JD-75MSA3 ATA

Device +++++
--- User ---
[MBR] dd39a326ad649ec449e2af6d9d95e2c3
[BSP] b7ecf208debb51aeacfb822e9ac63cb6 : Empty

MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors):

63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07242013_080028.txt >>

 

 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 24 July 2013 - 06:41 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click FixHosts 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

Roguekiller logs

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 25 July 2013 - 07:25 AM

no change. The top arcade is still there. Whenever I open a webpage a advertising video opens on top and then a pop up window opens in the upper left hand corner to advertise something.

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 07/25/2013 08:16:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1   ad.doubleclick.net --> Potentially malicious!
127.0.0.1   ad.doubleclick.be --> Potentially malicious!
127.0.0.1   ad.doubleclick.com --> Potentially malicious!
127.0.0.1   ad.doubleclick.de --> Potentially malicious!

127.0.0.1 localhost
127.0.0.1   ad.doubleclick.net
127.0.0.1   ad.doubleclick.be
127.0.0.1   ad.doubleclick.com
127.0.0.1   ad.doubleclick.de
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-75MSA3 ATA Device +++++
--- User ---
[MBR] 316c3ec7d6fbef0612d7bfe36989cdb9
[BSP] 9407c283e8c4e6ee3c82c618869e045e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 255 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800JD-75MSA3 ATA Device +++++
--- User ---
[MBR] dd39a326ad649ec449e2af6d9d95e2c3
[BSP] b7ecf208debb51aeacfb822e9ac63cb6 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07252013_081656.txt >>
RKreport[0]_D_07252013_081457.txt;RKreport[0]_S_07242013_080028.txt

 

 

_______________________________________

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : HOSTSFix -- Date : 07/25/2013 08:17:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1   ad.doubleclick.net --> Potentially malicious!
127.0.0.1   ad.doubleclick.be --> Potentially malicious!
127.0.0.1   ad.doubleclick.com --> Potentially malicious!
127.0.0.1   ad.doubleclick.de --> Potentially malicious!

127.0.0.1 localhost
127.0.0.1   ad.doubleclick.net
127.0.0.1   ad.doubleclick.be
127.0.0.1   ad.doubleclick.com
127.0.0.1   ad.doubleclick.de
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_07252013_081711.txt >>
RKreport[0]_D_07252013_081457.txt;RKreport[0]_S_07242013_080028.txt;RKreport[0]_S_07252013_081656.txt

 

 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 25 July 2013 - 09:05 PM

Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 26 July 2013 - 05:51 AM

Yes



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 27 July 2013 - 03:47 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 29 July 2013 - 07:28 AM

I have Vista Business...there was no advanced system recovery so I just opened it in SafeMode Command Prompt and ran the file. If this  is incorrect please let me know.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Administrator (administrator) on 29-07-2013 08:12:48
Running from F:\
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1874264 2011-08-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
HKCU\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-13] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\user\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\user\...\Run: [Google Update] - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-10] (Google Inc.)
HKU\user\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [aliim] - C:\Program Files\Trademanager\AliIM.exe [ 2013-03-06] (Alibaba (China) Co., Ltd.)
HKU\user\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [ 2013-06-13] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\user\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

========================== Services (Whitelisted) =================

S2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-07-16] (SurfRight B.V.)
S2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
S2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)

==================== Drivers (Whitelisted) ====================

S3 htcdiag; C:\Windows\System32\DRIVERS\htcdiag.sys [101376 2009-10-14] (HTC Corporation)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-25 17:44 - 2013-07-25 17:44 - 01117096 _____ (AirInstaller Inc.) C:\Users\user\Downloads\FPP_Setup.exe
2013-07-25 08:17 - 2013-07-25 08:17 - 00001650 _____ C:\Users\user\Desktop\RKreport[0]_H_07252013_081711.txt
2013-07-25 08:16 - 2013-07-25 08:16 - 00002360 _____ C:\Users\user\Desktop\RKreport[0]_S_07252013_081656.txt
2013-07-25 08:14 - 2013-07-25 08:14 - 00002839 _____ C:\Users\user\Desktop\RKreport[0]_D_07252013_081457.txt
2013-07-24 08:12 - 2013-07-28 20:14 - 00000000 ____D C:\Users\user\AppData\Local\{5DA52AF0-A063-414C-A059-3A2645DF7089}
2013-07-24 08:00 - 2013-07-24 08:01 - 00002777 _____ C:\Users\user\Desktop\RKreport[0]_S_07242013_080028.txt
2013-07-24 07:56 - 2013-07-25 08:17 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-07-24 07:55 - 2013-07-24 07:55 - 00915968 _____ C:\Users\user\Desktop\RogueKiller.exe
2013-07-24 07:53 - 2013-07-24 07:53 - 00004773 _____ C:\Users\user\Desktop\AdwCleaner[S1].txt
2013-07-24 07:50 - 2013-07-24 07:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-24 07:44 - 2013-07-24 07:44 - 00004773 _____ C:\AdwCleaner[S1].txt
2013-07-24 07:43 - 2013-07-24 07:43 - 00666633 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-07-23 08:27 - 2013-07-23 08:33 - 00013732 _____ C:\Users\user\Desktop\attach.txt
2013-07-23 08:27 - 2013-07-23 08:32 - 00019675 _____ C:\Users\user\Desktop\dds.txt
2013-07-23 08:26 - 2013-07-23 08:26 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2013-07-22 08:11 - 2013-07-23 20:12 - 00000000 ____D C:\Users\user\AppData\Local\{4DBC7227-7B54-4D20-80B2-766D37128A32}
2013-07-19 09:10 - 2013-07-19 09:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Alibaba
2013-07-19 09:04 - 2013-07-19 09:04 - 35150632 _____ (Digiarty Software, Inc.                                     ) C:\Users\user\Downloads\winx-hd-converter-deluxe.exe
2013-07-18 20:10 - 2013-07-21 20:11 - 00000000 ____D C:\Users\user\AppData\Local\{7B0DC5AC-DCA7-4FDF-8D73-14A76CBC72AB}
2013-07-18 03:09 - 2013-07-18 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 11:29 - 2013-07-17 11:30 - 00171908 _____ C:\Users\user\Documents\cc_20130717_112950.reg
2013-07-17 10:57 - 2013-07-17 11:03 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 10:57 - 2013-07-17 10:57 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 10:54 - 2013-07-17 10:56 - 00000000 ____D C:\Users\user\Downloads\CCleaner Professional + Business Edition 4.03.4151 Final ML - SceneDL (PimpRG)
2013-07-16 20:08 - 2013-07-18 08:09 - 00000000 ____D C:\Users\user\AppData\Local\{E8DB1C83-9847-49F2-9FFD-7F2A7D0CFCB3}
2013-07-16 10:03 - 2013-07-16 10:03 - 00027858 _____ C:\Users\user\Documents\HitmanPro_20130716_1003.log
2013-07-16 10:02 - 2013-07-16 10:02 - 00001044 _____ C:\Windows\system32\.crusader
2013-07-16 09:43 - 2013-07-16 09:43 - 00012271 _____ C:\Users\user\Downloads\54DAF31F46C3D95427CC37B1BBE95C5B7F0DED39 (1).torrent
2013-07-16 09:34 - 2013-07-16 09:34 - 00000000 ____D C:\Users\user\Downloads\HitmanPro 3.7.6 Build 201
2013-07-16 09:32 - 2013-07-16 09:32 - 00012271 _____ C:\Users\user\Downloads\54DAF31F46C3D95427CC37B1BBE95C5B7F0DED39.torrent
2013-07-16 09:19 - 2013-07-16 09:54 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-16 09:19 - 2013-07-16 09:19 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-07-16 09:18 - 2013-07-16 10:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-16 09:11 - 2013-07-16 09:11 - 00033958 _____ C:\ProgramData\uninstaller.exe
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\user\AppData\Local\Wajam
2013-07-16 09:10 - 2013-07-16 10:02 - 00000000 ____D C:\Users\user\AppData\Local\TopArcadeHits
2013-07-16 09:10 - 2013-07-16 09:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-07-15 20:08 - 2013-07-16 08:08 - 00000000 ____D C:\Users\user\AppData\Local\{FBDF254F-CA4E-4A5A-AB5D-7950E3D31284}
2013-07-15 10:57 - 2013-07-10 08:17 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130715-105742.backup
2013-07-11 20:06 - 2013-07-15 08:08 - 00000000 ____D C:\Users\user\AppData\Local\{13362C0E-A003-4A1E-82C4-8B925A4F913F}
2013-07-11 08:50 - 2013-07-11 08:50 - 08617840 _____ C:\Users\user\Downloads\Intel_AMT-SOL--LMS_A02_R255438.exe
2013-07-11 08:48 - 2009-10-29 15:31 - 00981528 _____ (Intel Corporation) C:\Windows\system32\heciudlg.exe
2013-07-11 08:47 - 2013-07-11 08:47 - 01734856 _____ C:\Users\user\Downloads\Intel_AMT-HECI_A02_R255437.exe
2013-07-11 08:47 - 2009-09-18 16:32 - 00045184 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECI.sys
2013-07-11 08:05 - 2013-07-11 08:06 - 00000000 ____D C:\Users\user\AppData\Local\{28C5C868-8751-4828-8D22-2480023A094E}
2013-07-11 03:12 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:12 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:12 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:12 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 03:12 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:12 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:12 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 03:12 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 03:12 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 03:12 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 03:12 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:12 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:12 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:12 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:12 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 03:12 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:01 - 2013-07-11 03:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-07-11 01:10 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 01:09 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 01:09 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 01:09 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 01:09 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 01:09 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 01:09 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 01:09 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 01:09 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 01:09 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 01:09 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 01:09 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-10 12:33 - 2013-07-10 12:34 - 00000000 ____D C:\Users\user\AppData\Local\{F6D4E76D-9555-42F7-B7F6-8774CEF5BFC6}
2013-07-10 08:19 - 2013-07-10 08:19 - 00014646 _____ C:\ComboFix.txt
2013-07-10 08:05 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-10 08:05 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-10 08:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-10 08:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-10 08:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-10 08:05 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-10 08:05 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-10 08:05 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-10 07:54 - 2013-07-10 08:19 - 00000000 ____D C:\Qoobox
2013-07-10 07:54 - 2013-07-10 08:18 - 00000000 ____D C:\Windows\erdnt
2013-07-10 07:53 - 2013-07-10 07:53 - 05087643 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-07-10 07:49 - 2013-07-10 07:49 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller (1).exe
2013-07-10 00:33 - 2013-07-10 00:33 - 00000000 ____D C:\Users\user\AppData\Local\{D868EF70-02C0-4E30-A07A-1FDE2D54BDCE}
2013-07-09 12:33 - 2013-07-09 12:33 - 00000000 ____D C:\Users\user\AppData\Local\{497095E4-1A4F-4E70-AC3A-2A8A41058EE7}
2013-07-09 08:19 - 2013-07-09 08:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-07-08 08:35 - 2013-07-08 08:35 - 00061078 _____ C:\Users\user\Downloads\undirect v101.crx
2013-07-08 08:10 - 2013-07-08 08:10 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-07-07 12:32 - 2013-07-09 00:32 - 00000000 ____D C:\Users\user\AppData\Local\{51ACBC19-E156-4862-B0A8-22D0CBC14119}
116

==================== One Month Modified Files and Folders =======

2013-07-29 08:12 - 2013-07-29 08:12 - 00000000 ____D C:\FRST
2013-07-29 08:06 - 2006-11-02 09:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-29 08:06 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 08:06 - 2006-11-02 08:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 08:06 - 2006-11-02 08:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 08:05 - 2008-01-20 21:39 - 01233975 _____ C:\Windows\WindowsUpdate.log
2013-07-29 07:59 - 2006-11-02 06:33 - 00759910 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 20:14 - 2013-07-24 08:12 - 00000000 ____D C:\Users\user\AppData\Local\{5DA52AF0-A063-414C-A059-3A2645DF7089}
2013-07-28 19:38 - 2012-04-24 15:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 19:21 - 2012-04-25 10:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 18:50 - 2011-11-10 15:23 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411281708-360580690-1176938756-1000UA.job
2013-07-28 03:21 - 2012-04-25 10:52 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-27 19:50 - 2011-11-10 15:23 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411281708-360580690-1176938756-1000Core.job
2013-07-27 08:22 - 2012-04-25 10:52 - 00000000 ____D C:\Program Files\Google
2013-07-27 05:47 - 2012-07-18 14:41 - 00000462 _____ C:\Windows\Tasks\SDMsgUpdate (SD).job
2013-07-26 07:56 - 2011-11-23 20:35 - 00137728 _____ C:\Users\user\Desktop\REPAIR RECORDS 2011.xls
2013-07-25 17:44 - 2013-07-25 17:44 - 01117096 _____ (AirInstaller Inc.) C:\Users\user\Downloads\FPP_Setup.exe
2013-07-25 08:17 - 2013-07-25 08:17 - 00001650 _____ C:\Users\user\Desktop\RKreport[0]_H_07252013_081711.txt
2013-07-25 08:17 - 2013-07-24 07:56 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-07-25 08:16 - 2013-07-25 08:16 - 00002360 _____ C:\Users\user\Desktop\RKreport[0]_S_07252013_081656.txt
2013-07-25 08:14 - 2013-07-25 08:14 - 00002839 _____ C:\Users\user\Desktop\RKreport[0]_D_07252013_081457.txt
2013-07-24 08:01 - 2013-07-24 08:00 - 00002777 _____ C:\Users\user\Desktop\RKreport[0]_S_07242013_080028.txt
2013-07-24 07:55 - 2013-07-24 07:55 - 00915968 _____ C:\Users\user\Desktop\RogueKiller.exe
2013-07-24 07:53 - 2013-07-24 07:53 - 00004773 _____ C:\Users\user\Desktop\AdwCleaner[S1].txt
2013-07-24 07:50 - 2013-07-24 07:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-24 07:49 - 2012-07-31 13:15 - 00000000 ____D C:\Users\user\Tracing
2013-07-24 07:47 - 2013-06-24 10:31 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-07-24 07:44 - 2013-07-24 07:44 - 00004773 _____ C:\AdwCleaner[S1].txt
2013-07-24 07:43 - 2013-07-24 07:43 - 00666633 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-07-24 07:41 - 2012-05-22 14:02 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-07-24 00:30 - 2013-06-24 10:31 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-07-23 20:12 - 2013-07-22 08:11 - 00000000 ____D C:\Users\user\AppData\Local\{4DBC7227-7B54-4D20-80B2-766D37128A32}
2013-07-23 15:39 - 2012-07-25 14:00 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2013-07-23 15:38 - 2012-07-25 13:54 - 00000000 ____D C:\Program Files\HTC
2013-07-23 08:33 - 2013-07-23 08:27 - 00013732 _____ C:\Users\user\Desktop\attach.txt
2013-07-23 08:32 - 2013-07-23 08:27 - 00019675 _____ C:\Users\user\Desktop\dds.txt
2013-07-23 08:26 - 2013-07-23 08:26 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2013-07-21 20:11 - 2013-07-18 20:10 - 00000000 ____D C:\Users\user\AppData\Local\{7B0DC5AC-DCA7-4FDF-8D73-14A76CBC72AB}
2013-07-19 09:10 - 2013-07-19 09:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Alibaba
2013-07-19 09:10 - 2012-10-08 15:18 - 00000000 ____D C:\Program Files\Trademanager
2013-07-19 09:04 - 2013-07-19 09:04 - 35150632 _____ (Digiarty Software, Inc.                                     ) C:\Users\user\Downloads\winx-hd-converter-deluxe.exe
2013-07-18 08:09 - 2013-07-16 20:08 - 00000000 ____D C:\Users\user\AppData\Local\{E8DB1C83-9847-49F2-9FFD-7F2A7D0CFCB3}
2013-07-18 03:20 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-18 03:13 - 2013-07-18 03:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 11:32 - 2011-12-21 10:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Player Classic
2013-07-17 11:32 - 2011-11-10 15:10 - 00000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
2013-07-17 11:32 - 2011-10-25 18:02 - 00000000 ____D C:\Windows\Panther
2013-07-17 11:31 - 2012-02-09 16:47 - 00000000 ____D C:\Windows\Minidump
2013-07-17 11:30 - 2013-07-17 11:29 - 00171908 _____ C:\Users\user\Documents\cc_20130717_112950.reg
2013-07-17 11:03 - 2013-07-17 10:57 - 00000000 ____D C:\Program Files\CCleaner
2013-07-17 10:57 - 2013-07-17 10:57 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-17 10:56 - 2013-07-17 10:54 - 00000000 ____D C:\Users\user\Downloads\CCleaner Professional + Business Edition 4.03.4151 Final ML - SceneDL (PimpRG)
2013-07-16 10:03 - 2013-07-16 10:03 - 00027858 _____ C:\Users\user\Documents\HitmanPro_20130716_1003.log
2013-07-16 10:02 - 2013-07-16 10:02 - 00001044 _____ C:\Windows\system32\.crusader
2013-07-16 10:02 - 2013-07-16 09:18 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-16 10:02 - 2013-07-16 09:10 - 00000000 ____D C:\Users\user\AppData\Local\TopArcadeHits
2013-07-16 09:54 - 2013-07-16 09:19 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-16 09:43 - 2013-07-16 09:43 - 00012271 _____ C:\Users\user\Downloads\54DAF31F46C3D95427CC37B1BBE95C5B7F0DED39 (1).torrent
2013-07-16 09:34 - 2013-07-16 09:34 - 00000000 ____D C:\Users\user\Downloads\HitmanPro 3.7.6 Build 201
2013-07-16 09:32 - 2013-07-16 09:32 - 00012271 _____ C:\Users\user\Downloads\54DAF31F46C3D95427CC37B1BBE95C5B7F0DED39.torrent
2013-07-16 09:19 - 2013-07-16 09:19 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-07-16 09:11 - 2013-07-16 09:11 - 00033958 _____ C:\ProgramData\uninstaller.exe
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\user\AppData\Local\Wajam
2013-07-16 09:10 - 2013-07-16 09:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-07-16 08:08 - 2013-07-15 20:08 - 00000000 ____D C:\Users\user\AppData\Local\{FBDF254F-CA4E-4A5A-AB5D-7950E3D31284}
2013-07-15 10:57 - 2006-11-02 06:23 - 00448635 ____R C:\Windows\system32\Drivers\etc\hosts_backup
2013-07-15 09:13 - 2011-11-14 09:45 - 00002243 _____ C:\Windows\epplauncher.mif
2013-07-15 08:08 - 2013-07-11 20:06 - 00000000 ____D C:\Users\user\AppData\Local\{13362C0E-A003-4A1E-82C4-8B925A4F913F}
2013-07-14 12:31 - 2013-01-20 15:52 - 00000955 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-11 17:43 - 2011-11-28 17:21 - 00000000 ____D C:\Users\user\Desktop\PROTEL SCHEMATICS
2013-07-11 08:50 - 2013-07-11 08:50 - 08617840 _____ C:\Users\user\Downloads\Intel_AMT-SOL--LMS_A02_R255438.exe
2013-07-11 08:48 - 2011-11-10 15:29 - 00000000 ____D C:\Program Files\Intel
2013-07-11 08:48 - 2011-10-25 15:14 - 00000000 ____D C:\Windows\system32\Lang
2013-07-11 08:47 - 2013-07-11 08:47 - 01734856 _____ C:\Users\user\Downloads\Intel_AMT-HECI_A02_R255437.exe
2013-07-11 08:06 - 2013-07-11 08:05 - 00000000 ____D C:\Users\user\AppData\Local\{28C5C868-8751-4828-8D22-2480023A094E}
2013-07-11 03:44 - 2006-11-02 08:47 - 03763976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:40 - 2011-11-10 18:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:38 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 03:17 - 2011-11-10 15:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 03:01 - 2013-07-11 03:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-07-11 03:00 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 12:34 - 2013-07-10 12:33 - 00000000 ____D C:\Users\user\AppData\Local\{F6D4E76D-9555-42F7-B7F6-8774CEF5BFC6}
2013-07-10 08:19 - 2013-07-10 08:19 - 00014646 _____ C:\ComboFix.txt
2013-07-10 08:19 - 2013-07-10 07:54 - 00000000 ____D C:\Qoobox
2013-07-10 08:19 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public
2013-07-10 08:18 - 2013-07-10 07:54 - 00000000 ____D C:\Windows\erdnt
2013-07-10 08:17 - 2013-07-15 10:57 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130715-105742.backup
2013-07-10 08:17 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini
2013-07-10 07:53 - 2013-07-10 07:53 - 05087643 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-07-10 07:49 - 2013-07-10 07:49 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller (1).exe
2013-07-10 00:33 - 2013-07-10 00:33 - 00000000 ____D C:\Users\user\AppData\Local\{D868EF70-02C0-4E30-A07A-1FDE2D54BDCE}
2013-07-09 17:40 - 2011-12-12 17:35 - 00002613 _____ C:\Users\user\Desktop\Microsoft Word 2010.lnk
2013-07-09 12:33 - 2013-07-09 12:33 - 00000000 ____D C:\Users\user\AppData\Local\{497095E4-1A4F-4E70-AC3A-2A8A41058EE7}
2013-07-09 09:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\nap
2013-07-09 08:19 - 2013-07-09 08:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-07-09 00:32 - 2013-07-07 12:32 - 00000000 ____D C:\Users\user\AppData\Local\{51ACBC19-E156-4862-B0A8-22D0CBC14119}
2013-07-08 08:35 - 2013-07-08 08:35 - 00061078 _____ C:\Users\user\Downloads\undirect v101.crx
2013-07-08 08:10 - 2013-07-08 08:10 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-07-07 12:25 - 2013-06-24 10:31 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-28 20:35

==================== End Of Log ============================



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 29 July 2013 - 08:01 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 30 July 2013 - 06:58 AM

I thought this fixed it but I ran chrome and after poking around on ebay I clicked on a link and another window opened telling me I won from surveygifters dot com. Maybe I will try rebooting and see if that helps.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by user at 2013-07-30 07:41:12 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} => Key deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} => Key deleted successfully.
C:\Users\user\AppData\Local\TopArcadeHits => Moved successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.

==== End of Fixlog ====



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 30 July 2013 - 05:18 PM

Please uninstall and reinstall Chrome. Please let it delete any personnel setting if it ask to do so.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 01 August 2013 - 10:00 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Diggar

Diggar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 02 August 2013 - 07:08 AM

Hi:

 

Sorry for the late reply. It appears that Chrome is now back to normal. IE is still having some issues. Would you recommend that I delete IE and reinstall?

 

Thanks



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:04 PM

Posted 02 August 2013 - 04:21 PM

Please tell me what issues IE is having?

 

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users