Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help--proxy


  • This topic is locked This topic is locked
4 replies to this topic

#1 mrzebra

mrzebra

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 17 December 2013 - 11:11 AM

A few days ago, I downloaded and ran a lot of anti-virus software to see if I had any trojans after I had found my email had been attempted to be entered from an odd location. Anyways, I don't believe I have any viruses but I would like to make sure.

 

I say proxy issue because I have run TASKSTRUN and found an issue in the Hijacks tab. Running DDS, I have the log: 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16671  BrowserJavaVersion: 10.45.2
Run by Luke at 7:45:37 on 2013-12-17
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4095.945 [GMT -8:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\Downloads\TaskSTRun.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
C:\Program Files (x86)\Autorun Eater\billy.exe
C:\Users\Luke\Downloads\HijackThis.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: {326E768D-4182-46FD-9C16-1449A49795F4} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - <orphaned>
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - <orphaned>
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [uTorrent] "C:\Users\Luke\Downloads\utorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [wservices.exe] C:\Users\ADMINI~1\AppData\Local\Temp\start.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{61466F82-2716-4503-935E-141DAA3641DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85089D8E-9101-40CA-A02C-8D5D1523EE8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D28D234F-7516-43A6-96E7-C3EE1C983461} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{D28D234F-7516-43A6-96E7-C3EE1C983461}\458656E4564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{D28D234F-7516-43A6-96E7-C3EE1C983461}\D697177756374753937373 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D28D234F-7516-43A6-96E7-C3EE1C983461}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D28D234F-7516-43A6-96E7-C3EE1C983461}\E4544574541425D2B4 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\cx86sain.default\
FF - component: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\cx86sain.default\extensions\{90d375c8-2b3c-46db-bdb5-58e30d998a54}\components\FFExternalAlert.dll
FF - component: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\cx86sain.default\extensions\{90d375c8-2b3c-46db-bdb5-58e30d998a54}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Luke\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\cx86sain.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-12-14 18:23; adsremoval@adsremoval.net; C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\cx86sain.default\extensions\adsremoval@adsremoval.net
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-8-21 34640]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-8-21 17720]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-7-25 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-24 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-7-25 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-7-25 440376]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-7-25 108440]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-12-11 109352]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-8-21 341824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-4 701512]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-8-23 27768]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-7 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-8-21 23048]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-4 25928]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-8-21 34848]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2013-8-22 52736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-21 872152]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-8-21 23016]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-8-22 1250816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-8-21 21712]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-20 40712]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-7-25 1011768]
S4 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-5 1153368]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-14 11:42:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{544AF4C9-C749-47B3-AB39-839A925AC8B8}\offreg.dll
2013-12-14 03:43:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-12-13 12:53:06 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{544AF4C9-C749-47B3-AB39-839A925AC8B8}\mpengine.dll
2013-12-11 20:43:57 -------- d-----w- C:\Users\Luke\AppData\Local\temp
2013-12-11 20:39:30 -------- d-----w- C:\$RECYCLE.BIN
2013-12-11 20:20:08 98816 ----a-w- C:\Windows\sed.exe
2013-12-11 20:20:08 256000 ----a-w- C:\Windows\PEV.exe
2013-12-11 20:20:08 208896 ----a-w- C:\Windows\MBR.exe
2013-12-11 17:31:58 -------- d-----w- C:\Program Files\HitmanPro
2013-12-11 17:30:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-11 17:24:31 -------- d-----w- C:\Windows\ERUNT
2013-12-11 17:20:52 -------- d-----w- C:\AdwCleaner
2013-12-05 04:33:07 -------- d-----w- C:\Users\Luke\AppData\Roaming\SUPERAntiSpyware.com
2013-12-05 04:31:44 -------- d-----w- C:\Users\Luke\AppData\Roaming\Malwarebytes
2013-12-05 04:31:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-05 04:31:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-05 04:31:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-05 04:31:17 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-05 04:31:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-04 12:32:47 -------- d-----w- C:\ProgramData\WaLMaRT
2013-11-29 13:21:26 -------- d-----w- C:\Users\Luke\AppData\Local\CrashDumps
2013-11-23 01:02:00 2179072 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
.
==================== Find3M  ====================
.
2013-12-17 11:46:56 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-17 11:46:56 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-11-25 23:31:37 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH:  7:46:40.39 ===============
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 mrzebra

mrzebra
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 17 December 2013 - 11:15 AM

Hijack log

Attached Files



#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:15 AM

Posted 21 December 2013 - 06:20 PM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:15 AM

Posted 23 December 2013 - 06:17 PM

Still here?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:15 AM

Posted 26 December 2013 - 08:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users