Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection - many popups/random words in websites turned into Ad links


  • This topic is locked This topic is locked
21 replies to this topic

#1 dmcomp12

dmcomp12

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 February 2014 - 10:49 AM

I'm sorry I can't be more specific, as this is my girlfriend's computer. When I've used it, I notice pop up ads galore on sites that don't typically have them. Random words are linked as ads in websites that don't have ads like that (such as this site). On using google, there are more ads than results...things like that. Some say "ads by KeepNow". She also is running Chrome, which keeps installing several extensions: shopndrop, dealster, and png2imagiee (which doesn't even give you the option to remove).

 

I ran malwarebytes and removed a whole host of things (something like 500 questionable entities) but I am still having many of the same issues. Despite the whole host of warnings, I did begin to run ComboFix...I was referred to that program from an outside site and did not see the warnings before I ran it. After it hung up, I stopped it and researched and come to find out I shouldn't have run it...ooops.

 

I have the malwarebytes logs if that is helpful. Thanks in advance

 

edit: she says chrome crashes a lot, as well....however I've seen her run 3 chrome windows with like 20 tabs on each, so I'm not sure if that is a symptom of the problem I've described, or her computer use :)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Dawn Myers at 9:34:57 on 2014-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.964 [GMT -6:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\rundll32.exe
C:\windows\Explorer.EXE
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\windows\SysWOW64\Rundll32.exe
C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11111&tm=249&src=hmp
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>;*.local
BHO: AutorunsDisabled - <orphaned>
BHO: LinkeyBHO: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AC1PH3505R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Dawn Myers\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2B12FD20-59D7-46AD-B55F-C493B65E1DE9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2B12FD20-59D7-46AD-B55F-C493B65E1DE9}\84F4D454D273539323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\settin~1\systemk\syskldr.dll c:\progra~2\linkey\ieexte~1\iedll.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: dealster: {12515C30-1B51-912C-75E9-ED635D55C309} - 
x64-BHO: shopndrop: {23C28A63-271A-E610-7BE8-513C89FEE6D3} - 
x64-BHO: LinkeyBHO: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll
x64-BHO: seaveer box: {50A32654-7D3F-5F55-8349-50DE9DD2B923} - 
x64-BHO: Png2Imagiee: {8CBC335B-F1BD-63C7-85E6-933831460F38} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-3-9 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-3-9 38016]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-3-9 204288]
R2 SystemkService;Systemk Service;C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [2014-2-4 3445776]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-3-9 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-9 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-3-9 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-21 138360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-9 243712]
S3 ssmirrdr;ssmirrdr;C:\windows\System32\drivers\ssmirrdr.sys [2011-3-14 10112]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 0146131349666122mcinstcleanup;McAfee Application Installer Cleanup (0146131349666122);C:\Users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE -cleanup -nolog --> C:\Users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE -cleanup -nolog [?]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-3-9 123320]
S4 Office Depot PC Support Agent;Office Depot PC Support Agent;C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [2012-9-28 998336]
S4 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-3-9 126392]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-3-9 57216]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-17 15:22:43 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-02-17 14:51:42 98816 ----a-w- C:\windows\sed.exe
2014-02-17 14:51:42 256000 ----a-w- C:\windows\PEV.exe
2014-02-17 14:51:42 208896 ----a-w- C:\windows\MBR.exe
2014-02-17 14:51:32 -------- d-s---w- C:\ComboFix
2014-02-17 14:23:15 -------- d-----w- C:\Users\Dawn Myers\AppData\Local\Packages
2014-02-17 14:23:05 -------- d-----w- C:\ProgramData\dealster
2014-02-14 23:45:08 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-14 23:45:08 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-14 23:35:59 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-14 23:35:54 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-14 23:35:53 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-13 12:50:53 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-02-13 12:50:52 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-13 12:50:50 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-02-13 12:50:49 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-05 01:16:49 -------- d-----w- C:\ProgramData\BrowserProtect
2014-02-05 01:16:48 -------- d-----w- C:\ProgramData\BitGuard
2014-02-05 01:16:47 -------- d-----w- C:\ProgramData\Browser Manager
2014-02-05 00:14:43 -------- d-----w- C:\Program Files\Level Quality Watcher
2014-02-05 00:14:29 -------- d-----w- C:\ProgramData\Wincert
2014-02-05 00:14:12 -------- d-----w- C:\Program Files (x86)\Linkey
2014-02-05 00:13:42 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-02-05 00:13:31 -------- d-----w- C:\ProgramData\systemk
2014-02-05 00:13:14 -------- d-----w- C:\Users\Dawn Myers\AppData\Local\Apple Computer
2014-02-05 00:10:50 -------- d-----w- C:\Program Files\Bonjour
2014-02-05 00:10:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-02-05 00:10:35 -------- d-----w- C:\Users\Dawn Myers\AppData\Local\Apple
2014-01-31 22:27:07 -------- d-----w- C:\ProgramData\Png2Imagiee
2014-01-31 22:26:53 -------- d-----w- C:\ProgramData\ildkjjnagdipeidohkmcepibgcfgolpe
2014-01-22 02:10:41 741480 ------w- C:\windows\System32\HPDiscoPMAD11.dll
2014-01-22 02:09:31 -------- d-----w- C:\Program Files (x86)\HP
2014-01-22 02:09:04 -------- d-----w- C:\Program Files\HP
2014-01-22 02:07:47 -------- d-----w- C:\Users\Dawn Myers\AppData\Local\HP
2014-01-22 01:37:55 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-01-22 01:37:55 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-01-22 01:37:55 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-01-22 01:37:55 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-01-22 01:37:55 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-01-22 01:37:55 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-01-22 01:37:55 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2014-01-22 01:37:54 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-22 01:37:51 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2014-01-22 01:28:49 -------- d-----w- C:\Users\Dawn Myers\AppData\Roaming\GradeCam Corporation
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-12-18 12:13:56 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
.
============= FINISH:  9:35:29.67 ===============

Attached Files


Edited by dmcomp12, 17 February 2014 - 11:01 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 17 February 2014 - 11:10 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 February 2014 - 11:23 AM

Marius, 

 

Thank you for your fast reply.

 

I've edited this post to include the zip files rather than the text logs in the reply. My apologies for the error.

Attached Files


Edited by dmcomp12, 17 February 2014 - 11:28 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 17 February 2014 - 11:39 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

 

 

If it fails, reboot into safe mode and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 February 2014 - 12:00 PM

ComboFix is currently running (I am posting this from another computer.) I did run it before posting here, but I did not save it to the desktop first. I let it run for about 30 minutes, and it never went past Stage 4; this time it has been running for 15 minutes and it is again stuck on Stage 4. I will continue to let it run, but it appears as though it is stuck. 

 

edit:

 

Both times I installed it, 5 instances of "??explorer.exe not responding" popped up for about 30 seconds" and then disappeared, at which point a notification that my printer went offline popped up in the bottom right corner (where notifications pop up). I'm not exactly sure of the file name ??explorer.exe ... the ?? were replaced with several letters.

 

edit2: Attempting to run again in safe mode.


Edited by dmcomp12, 17 February 2014 - 12:17 PM.


#6 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 February 2014 - 12:37 PM

Contents of combofix.txt after running the program in safemode:

 

ComboFix 14-02-16.01 - Dawn Myers 02/17/2014  11:18:30.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1766 [GMT -6:00]
Running from: c:\users\Dawn Myers\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp\1.7\background.html
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp\1.7\content.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp\1.7\FMx.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp\1.7\lsdb.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjiloimgjecojegaioblkmpjfemgjfgp\1.7\manifest.json
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\background.html
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\content.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\lsdb.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\manifest.json
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\NoZ.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjiloimgjecojegaioblkmpjfemgjfgp_0.localstorage-journal
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjiloimgjecojegaioblkmpjfemgjfgp_0.localstorage
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ildkjjnagdipeidohkmcepibgcfgolpe_0.localstorage-journal
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ildkjjnagdipeidohkmcepibgcfgolpe_0.localstorage
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Dawn Myers\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F65AD50-27D1-451B-8D38-C05961B466D0}.xps
c:\users\Dawn Myers\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63D9513E-B118-4BC9-8CBB-FC7EBD0D0829}.xps
c:\users\Dawn Myers\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70A9261C-85DE-4D72-A1C7-B1219CBBFAC3}.xps
c:\users\Dawn Myers\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E487CC22-4D84-443A-B1E0-2C3B5D91D6D2}.xps
c:\users\Dawn Myers\Documents\~WRL0013.tmp
c:\users\Dawn Myers\Documents\~WRL0318.tmp
c:\users\Dawn Myers\Documents\~WRL1119.tmp
c:\users\Dawn Myers\Documents\~WRL1751.tmp
c:\users\Dawn Myers\Documents\~WRL2458.tmp
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-17 to 2014-02-17  )))))))))))))))))))))))))))))))
.
.
2014-02-17 17:27 . 2014-02-17 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 17:24 . 2014-02-17 17:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77F4DCB-92AE-4AC1-A385-2DEC8414FECE}\offreg.dll
2014-02-17 17:09 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77F4DCB-92AE-4AC1-A385-2DEC8414FECE}\mpengine.dll
2014-02-17 14:23 . 2014-02-17 14:23 -------- d-----w- c:\users\Dawn Myers\AppData\Local\Packages
2014-02-17 14:23 . 2014-02-17 14:47 -------- d-----w- c:\programdata\dealster
2014-02-14 23:45 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 23:45 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 23:35 . 2014-02-06 09:50 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-14 23:35 . 2014-02-06 09:22 13051392 ----a-w- c:\windows\system32\ieframe.dll
2014-02-14 23:35 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-14 23:35 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-02-13 12:50 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 12:50 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 12:50 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 12:50 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-05 01:16 . 2014-02-05 01:16 -------- d-----w- c:\programdata\BrowserProtect
2014-02-05 01:16 . 2014-02-05 01:16 -------- d-----w- c:\programdata\BitGuard
2014-02-05 01:16 . 2014-02-05 01:16 -------- d-----w- c:\programdata\Browser Manager
2014-02-05 00:14 . 2014-02-17 14:48 -------- d-----w- c:\program files\Level Quality Watcher
2014-02-05 00:14 . 2014-02-17 14:47 -------- d-----w- c:\programdata\Wincert
2014-02-05 00:14 . 2014-02-05 00:14 -------- d-----w- c:\program files (x86)\Linkey
2014-02-05 00:13 . 2014-02-05 00:13 -------- d-----w- c:\program files (x86)\Settings Manager
2014-02-05 00:13 . 2014-02-17 17:11 -------- d-----w- c:\programdata\systemk
2014-02-05 00:13 . 2014-02-05 00:13 -------- d-----w- c:\users\Dawn Myers\AppData\Local\Apple Computer
2014-02-05 00:13 . 2014-02-05 00:13 -------- d-----w- c:\users\Dawn Myers\AppData\Roaming\Apple Computer
2014-02-05 00:12 . 2014-02-05 00:12 -------- d-----w- c:\program files (x86)\Safari
2014-02-05 00:12 . 2014-02-05 00:12 -------- d-----w- c:\programdata\Apple Computer
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files\Bonjour
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\users\Dawn Myers\AppData\Local\Apple
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\programdata\Apple
2014-01-31 22:27 . 2014-02-17 14:47 -------- d-----w- c:\programdata\Png2Imagiee
2014-01-31 22:26 . 2014-01-31 22:27 -------- d-----w- c:\programdata\ildkjjnagdipeidohkmcepibgcfgolpe
2014-01-22 02:10 . 2012-10-17 10:31 741480 ------w- c:\windows\system32\HPDiscoPMAD11.dll
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\programdata\HP
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\program files (x86)\HP
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\program files\HP
2014-01-22 02:07 . 2014-01-22 02:14 -------- d-----w- c:\users\Dawn Myers\AppData\Local\HP
2014-01-22 01:37 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-22 01:37 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-22 01:37 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-22 01:37 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-22 01:37 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-22 01:37 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-22 01:37 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-22 01:37 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-22 01:37 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-22 01:28 . 2014-01-22 01:28 -------- d-----w- c:\users\Dawn Myers\AppData\Roaming\GradeCam Corporation
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 20:12 . 2012-04-22 02:32 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-11 23:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 23:11 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}]
2013-12-05 07:45 183312 ----a-w- c:\progra~2\Linkey\IEEXTE~1\iedll.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"BackgroundContainer"="c:\users\Dawn Myers\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Linkey\IEEXTE~1\iedll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
R2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemkService;Systemk Service;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 0146131349666122mcinstcleanup;McAfee Application Installer Cleanup (0146131349666122);c:\users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE;c:\users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
R4 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files (x86)\Office Depot PC Support Agent\esService.exe;c:\program files (x86)\Office Depot PC Support Agent\esService.exe [x]
R4 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 15:21 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 01:47]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Linkey\IEEXTE~1\iedll64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11111&tm=249&src=hmp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{12515C30-1B51-912C-75E9-ED635D55C309} - c:\programdata\dealster\F.x64.dll
BHO-{23C28A63-271A-E610-7BE8-513C89FEE6D3} - c:\programdata\shopndrop\qgwVVbzgr.x64.dll
BHO-{50A32654-7D3F-5F55-8349-50DE9DD2B923} - c:\programdata\seaveer box\oLS6KsGP.x64.dll
BHO-{8CBC335B-F1BD-63C7-85E6-933831460F38} - c:\programdata\Png2Imagiee\Y.x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-17  11:33:04
ComboFix-quarantined-files.txt  2014-02-17 17:33
.
Pre-Run: 219,459,211,264 bytes free
Post-Run: 221,345,267,712 bytes free
.
- - End Of File - - D28BE0B7F43484921A09A8B0ACBF720D
5B5E648D12FCADC244C1EC30318E1EB9


#7 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 February 2014 - 04:50 AM

Completed the steps you've told me, awaiting instructions...a new problem has come up: upon reloading or hitting back on a webpage, a pop up comes up asking are you sure you want to leave this page, you are missing out on downloads...

 

thanks for your help



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 19 February 2014 - 07:36 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Edited by TB-Psychotic, 19 February 2014 - 07:36 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 February 2014 - 04:12 PM

Combo Fix log

 

ComboFix 14-02-19.01 - Dawn Myers 02/19/2014  13:33:13.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1908 [GMT -6:00]
Running from: c:\users\Dawn Myers\Desktop\ComboFix.exe
Command switches used :: c:\users\Dawn Myers\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Linkey
c:\program files (x86)\Linkey\ChromeExtension\ChromeExtension.crx
c:\program files (x86)\Linkey\Helper.dll
c:\program files (x86)\Linkey\IEExtension\iedll.dll
c:\program files (x86)\Linkey\IEExtension\iedll64.dll
c:\program files (x86)\Linkey\log.log
c:\program files (x86)\Linkey\Uninstall.exe
c:\program files (x86)\Settings Manager
c:\program files (x86)\Settings Manager\systemk\del_DM_DLL_nsxFC03.dll
c:\program files (x86)\Settings Manager\systemk\del_mg_nsxFC03.dll
c:\program files (x86)\Settings Manager\systemk\favicon.ico
c:\program files (x86)\Settings Manager\systemk\Helper.dll
c:\program files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe
c:\program files (x86)\Settings Manager\systemk\sysapcrt.dll
c:\program files (x86)\Settings Manager\systemk\syskldr.dll
c:\program files (x86)\Settings Manager\systemk\syskldr_u.dll
c:\program files (x86)\Settings Manager\systemk\systemk.dll
c:\program files (x86)\Settings Manager\systemk\systemkbho.dll
c:\program files (x86)\Settings Manager\systemk\SystemkService.exe
c:\program files (x86)\Settings Manager\systemk\systemku.exe
c:\program files (x86)\Settings Manager\systemk\Uninstall.exe
c:\program files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe
c:\program files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
c:\program files (x86)\Settings Manager\systemk\x64\syskldr.dll
c:\program files (x86)\Settings Manager\systemk\x64\syskldr_u.dll
c:\program files (x86)\Settings Manager\systemk\x64\systemk.dll
c:\program files (x86)\Settings Manager\systemk\x64\systemkbho.dll
c:\program files\Level Quality Watcher
c:\programdata\BitGuard
c:\programdata\Browser Manager
c:\programdata\BrowserProtect
c:\programdata\dealster
c:\programdata\dealster\F.dat
c:\programdata\dealster\F.tlb
c:\programdata\ildkjjnagdipeidohkmcepibgcfgolpe
c:\programdata\ildkjjnagdipeidohkmcepibgcfgolpe\ildkjjnagdipeidohkmcepibgcfgolpe.crx
c:\programdata\ildkjjnagdipeidohkmcepibgcfgolpe\update.xml
c:\programdata\Png2Imagiee
c:\programdata\Png2Imagiee\Y.dat
c:\programdata\Png2Imagiee\Y.tlb
c:\programdata\systemk
c:\programdata\systemk\coordinator.cfg
c:\programdata\systemk\general.cfg
c:\programdata\systemk\S-1-5-21-1368006857-974161730-1481843978-1000.cfg
c:\programdata\Wincert
c:\programdata\Wincert\win32cert.dll
c:\programdata\Wincert\win32prop.dll
c:\programdata\Wincert\win64cert.dll
c:\programdata\Wincert\win64prop.dll
c:\users\Dawn Myers\AppData\Local\Conduit
c:\users\Dawn Myers\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
c:\users\Dawn Myers\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll
c:\users\Dawn Myers\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\background.html
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\content.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\lsdb.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\manifest.json
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildkjjnagdipeidohkmcepibgcfgolpe\1.6_0\NoZ.js
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ildkjjnagdipeidohkmcepibgcfgolpe_0.localstorage-journal
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ildkjjnagdipeidohkmcepibgcfgolpe_0.localstorage
c:\users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Dawn Myers\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B797BA92-8F0C-4A8C-85FD-5CC20E4D9AA6}.xps
c:\users\Dawn Myers\AppData\Local\Packages
c:\users\Dawn Myers\AppData\Local\Packages\windows_ie_ac_001\AC\{12515C30-1B51-912C-75E9-ED635D55C309}\dealster.2.7.dat
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemkService2
-------\Service_SystemkService2
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-19 to 2014-02-19  )))))))))))))))))))))))))))))))
.
.
2014-02-19 19:44 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D315C00C-C4E5-4E4B-80E4-1F08E53BE77D}\mpengine.dll
2014-02-19 19:42 . 2014-02-19 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 00:46 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C58EDE34-96E7-4A76-9686-9637CD30C8D1}\mpengine.dll
2014-02-14 23:45 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 23:45 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 23:35 . 2014-02-06 09:50 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-14 23:35 . 2014-02-06 09:22 13051392 ----a-w- c:\windows\system32\ieframe.dll
2014-02-14 23:35 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-14 23:35 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-02-13 12:50 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 12:50 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 12:50 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 12:50 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-05 00:13 . 2014-02-05 00:13 -------- d-----w- c:\users\Dawn Myers\AppData\Local\Apple Computer
2014-02-05 00:13 . 2014-02-05 00:13 -------- d-----w- c:\users\Dawn Myers\AppData\Roaming\Apple Computer
2014-02-05 00:12 . 2014-02-05 00:12 -------- d-----w- c:\program files (x86)\Safari
2014-02-05 00:12 . 2014-02-05 00:12 -------- d-----w- c:\programdata\Apple Computer
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files\Bonjour
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\users\Dawn Myers\AppData\Local\Apple
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-05 00:10 . 2014-02-05 00:10 -------- d-----w- c:\programdata\Apple
2014-01-22 02:10 . 2012-10-17 10:31 741480 ------w- c:\windows\system32\HPDiscoPMAD11.dll
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\programdata\HP
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\program files (x86)\HP
2014-01-22 02:09 . 2014-01-22 02:09 -------- d-----w- c:\program files\HP
2014-01-22 02:07 . 2014-01-22 02:14 -------- d-----w- c:\users\Dawn Myers\AppData\Local\HP
2014-01-22 01:37 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-22 01:37 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-22 01:37 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-22 01:37 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-22 01:37 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-22 01:37 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-22 01:37 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-22 01:37 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-22 01:37 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-22 01:28 . 2014-01-22 01:28 -------- d-----w- c:\users\Dawn Myers\AppData\Roaming\GradeCam Corporation
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 20:12 . 2012-04-22 02:32 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-11 23:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 23:11 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 0146131349666122mcinstcleanup;McAfee Application Installer Cleanup (0146131349666122);c:\users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE;c:\users\DAWNMY~1\AppData\Local\Temp\014613~1.EXE [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
R4 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files (x86)\Office Depot PC Support Agent\esService.exe;c:\program files (x86)\Office Depot PC Support Agent\esService.exe [x]
R4 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 15:21 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 01:47]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12515C30-1B51-912C-75E9-ED635D55C309}]
c:\programdata\dealster\F.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23C28A63-271A-E610-7BE8-513C89FEE6D3}]
c:\programdata\shopndrop\qgwVVbzgr.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50A32654-7D3F-5F55-8349-50DE9DD2B923}]
c:\programdata\seaveer box\oLS6KsGP.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CBC335B-F1BD-63C7-85E6-933831460F38}]
c:\programdata\Png2Imagiee\Y.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\progra~2\Linkey\IEEXTE~1\iedll.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-Settings Manager - c:\program files (x86)\Settings Manager\systemk\Uninstall.exe
AddRemove-Linkey - c:\program files (x86)\Linkey\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
   07,92,bb,ec,09,b1,98,bf,17,85,6a,fc,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,21,
   8f,3d,1f,d0,01,9a,c2,14,24,7f,4c,22,db
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
   c4,7a,f7,34,08,a8,7a,d9,65,c8,81,c9,b4
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,11,
   2d,96,17,88,08,90,e7,c5,c8,31,c4,d4,04
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,19,63,
   e2,e1,cc,22,03,b1,84,4e,eb,48,15,8b,c5
"{f0e59437-6148-4a98-b0a6-60d557ef57f4}"=hex:51,66,7a,6c,4c,1d,3b,1b,27,8b,f4,
   ef,77,32,f7,01,a4,a8,25,95,5e,ab,16,e9
"{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}"=hex:51,66,7a,6c,4c,1d,3b,1b,d8,8d,9e,
   a8,8c,8d,8d,5a,8e,04,be,24,21,59,2b,c3
"{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}"=hex:51,66,7a,6c,4c,1d,3b,1b,c6,1e,80,
   52,9f,08,27,0b,a9,d0,3b,6d,fc,08,cd,5a
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
   50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
"{10AD2C61-0898-4348-8600-14A342F22AC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,33,bc,
   0f,a7,5b,27,08,92,0e,51,e3,4b,b6,6b,de
"{12515C30-1B51-912C-75E9-ED635D55C309}"=hex:51,66,7a,6c,4c,1d,3b,1b,20,43,40,
   0d,6e,48,43,da,61,e7,a8,23,54,11,82,14
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1368006857-974161730-1481843978-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1368006857-974161730-1481843978-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2014-02-19  13:50:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-19 19:50
ComboFix2.txt  2014-02-17 17:33
.
Pre-Run: 221,911,494,656 bytes free
Post-Run: 221,436,346,368 bytes free
.
- - End Of File - - 5B522EB22D6443DF79BBBEC48FF73104
5B5E648D12FCADC244C1EC30318E1EB9

MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.19.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Dawn Myers :: DAWNMYERS-PC [administrator]
 
2/19/2014 1:52:37 PM
mbam-log-2014-02-19 (13-52-37).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 337752
Time elapsed: 1 hour(s), 13 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 12
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\hk64tbSwe0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\hktbSwe0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\ldrtbSwe0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\tbSwe0.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Windows\System32\ARFC\wrtc.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
 
(end)


#10 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 February 2014 - 04:15 PM

I've noticed the extensions SurfCanyon and SweetpacksA5 keep installing themselves into Chrome



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 20 February 2014 - 07:40 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 20 February 2014 - 09:10 AM

I followed your instructions and everything worked except ESET. Using Chrome, I tried to run it and it said I would have to download and install something because I wasn't using Internet Explorer. Instead of installing it, I opened Internet Explorer and began to run it. After downloading the signature database (end of step 2 of 4) it gave me an "Unexpected Error 2002" message and stops. I could try downloading it the standalone program using Chrome, but wanted to get your advice first. With that said, here are the logs for adwCleaner and JRT (in the next post)

 

adwCleaner log:

 

# AdwCleaner v3.019 - Report created 20/02/2014 at 07:20:30
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dawn Myers - DAWNMYERS-PC
# Running from : C:\Users\Dawn Myers\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : 70e6ca8c
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\fileopenerpro
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\windows\SysWOW64\ARFC
Folder Deleted : C:\windows\SysWOW64\jmdp
Folder Deleted : C:\windows\SysWOW64\Searchprotect
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\windows\System32\ljkb
Folder Deleted : C:\Users\Dawn Myers\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Dawn Myers\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Dawn Myers\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dawn Myers\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dawn Myers\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5
Folder Deleted : C:\Users\Dawn Myers\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dawn Myers\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Dawn Myers\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Dawn Myers\Documents\optimizer pro
Folder Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
[!] Folder Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
[!] Folder Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibleipkbineaadpnemmalkahodjhdbd
File Deleted : C:\END
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Dawn Myers\Desktop\Optimizer Pro.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\System32\Tasks\Escolade
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ntfdsaftsfdfdxx@mozilla.org]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE2FC111-B6DE-4D08-A67E-C667ED7DC8E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38968551-22D4-4C1E-B9F4-A184306CBE16}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks_A5
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SweetPacks_A5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Dawn Myers\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [9848 octets] - [20/02/2014 07:18:14]
AdwCleaner[S0].txt - [9166 octets] - [20/02/2014 07:20:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9226 octets] ##########

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dawn Myers on Thu 02/20/2014 at  7:25:02.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0E4A2CDA-D671-48D9-B95C-E15666929519}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CA6266E-6176-46B7-9FA1-0E21DD5F7488}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{973ABF07-8A9B-43EC-8627-CB5DFB913746}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Dawn Myers\appdata\locallow\SkwConfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Dawn Myers\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Dawn Myers\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Dawn Myers\appdata\local\{02ABB8CC-2A8D-4E23-9DB9-989DB7573B34}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at  7:41:08.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 20 February 2014 - 09:26 AM

Download the plugin and run the scanner.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 20 February 2014 - 11:22 AM

ESET log

 

C:\AdwCleaner\Quarantine\C\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dawn Myers\AppData\LocalLow\SweetPacks_A5\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\ProgramData\mgonkickebhilpomjbkiieaeamchcfbd\pHtmp9fl9Ol.js Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\del_DM_DLL_nsxFC03.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\del_mg_nsxFC03.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe.vir probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\All Users\mgonkickebhilpomjbkiieaeamchcfbd\pHtmp9fl9Ol.js Win32/Adware.MultiPlug.H application
C:\Users\Dawn Myers\Downloads\Express_Installer (1).exe a variant of Win32/Kryptik.BLXE trojan
C:\Users\Dawn Myers\Downloads\StM_setup242-re (1).exe Win32/OpenCandy potentially unsafe application
C:\Users\Dawn Myers\Downloads\StM_setup242-re.exe Win32/OpenCandy potentially unsafe application


#15 dmcomp12

dmcomp12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 23 February 2014 - 02:46 AM

bump


Edited by dmcomp12, 23 February 2014 - 05:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users