Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKILL Show Major Websites as same IP in HOST


  • This topic is locked This topic is locked
2 replies to this topic

#1 reikiah

reikiah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 16 April 2014 - 07:51 AM

I have chased this down and run RKILL, ESET Online Scanner(Found 23 issues), & TDSS Killer however I'm still getting these:

 

 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  79.142.66.242 www.google-analytics.com.
  79.142.66.242 google-analytics.com.
  79.142.66.242 connect.facebook.net.
  79.142.66.242 bing.com.
  79.142.66.242 www.bing.com.
  79.142.66.242 serach.yahoo.com.
  79.142.66.242 www.search.yahoo.com.
  79.142.66.242 www.google-analytics.com.
  79.142.66.242 google-analytics.com.
  79.142.66.242 connect.facebook.net.
  79.142.66.242 bing.com.
  79.142.66.242 www.bing.com.
  79.142.66.242 serach.yahoo.com.
  79.142.66.242 www.search.yahoo.com.
 
I checked the notepad c:\windows\system32\drivers\etc\hosts file and it is set up properly with just localhost. I have run out of ideas and found very little in forum posts on this issue. I have attached DDS, RKILL, & HijackThis logs. Thanks for any help on this. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Cheryl at 6:55:42 on 2014-04-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16341.13006 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LogMeIn Backup\LMIBackupVSSServiceX64.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe
C:\Program Files (x86)\LogMeIn Backup\LMIGuardian.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Cheryl\AppData\Local\ATT Connect\Participant\pull.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files (x86)\1Password\Agile1pAgent.exe
C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\LogMeIn Backup\LMIGuardian.exe
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE
C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\taskeng.exe
C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://portal.freightmonster.com/
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Push Client] "C:\Users\Cheryl\AppData\Local\ATT Connect\Participant\pull.exe"
uRun: [tyc4h08hcv34] "C:\ProgramData\m9dt734hfbjh\jtkyyvgiu.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun: [LogMeIn Backup GUI] "C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [TrialLicenseUtility] "C:\Program Files (x86)\Sage\Peachtree\PeachTrialLicenseUtility.exe" /ini="C:\Program Files (x86)\Common Files\Peach\PEACHTREE200.INI"
mRun: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Cheryl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~3.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{5C4D6C4E-CCB9-4E98-8890-599E4976650E} : NameServer = 94.242.222.66,8.8.8.8
TCP: Interfaces\{5C4D6C4E-CCB9-4E98-8890-599E4976650E} : DHCPNameServer = 205.171.3.65 205.171.2.65
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Hosts: 79.142.66.242 www.google-analytics.com.
Hosts: 79.142.66.242 google-analytics.com.
Hosts: 79.142.66.242 connect.facebook.net.
Hosts: 79.142.66.242 bing.com.
Hosts: 79.142.66.242 www.bing.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\abfh6isx.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USREL/1
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cheryl\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\npdeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-5 55856]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-9-18 316312]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-29 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-3-30 282968]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-3-30 397848]
R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2012-4-20 768784]
R2 BackupMaint;LogMeIn Backup Maintenance Service;C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe [2011-8-29 140688]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-5 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-5 171688]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 LMIBackupVSSService.exe;LogMeIn Backup VSS Service;C:\Program Files (x86)\LogMeIn Backup\lmibackupvssserviceX64.exe [2011-8-29 685456]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-5-1 72216]
R2 LogMeInBackupService.exe;LogMeIn Backup Storage PC Service;C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe [2011-8-29 1787280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-6-6 435528]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-3-30 1444120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-5 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sage 50 SmartPosting 2013;Sage 50 SmartPosting 2013;C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2013.exe [2012-4-13 334152]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-16 00:11:48    10651696    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D649246-48CC-49D5-BB8D-0ECFF021C7AC}\mpengine.dll
2014-04-15 15:11:46    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-15 14:07:33    288    ----a-w-    C:\Users\Cheryl\AppData\Roaming\42008DE.reg
2014-04-09 07:07:32    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-04-09 07:07:32    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-09 07:07:02    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 07:07:02    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-04-09 07:07:02    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-04-09 07:07:02    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-04-09 07:07:02    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-04-09 07:06:52    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-04-09 07:06:52    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-04-09 07:06:51    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-04-09 07:06:51    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-04-09 07:06:51    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 07:06:51    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-04-09 07:06:46    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-04-09 07:06:45    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-04-09 07:06:45    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-04-09 07:06:45    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-04-04 14:15:51    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83B84625-4D0C-4AAC-BD7D-C22BC3312246}\gapaengine.dll
2014-03-25 14:24:44    --------    d-sh--w-    C:\ProgramData\m9dt734hfbjh
2014-03-20 18:30:23    --------    d-----w-    C:\Users\Cheryl\AppData\Roaming\OTSVAALSVRN
.
==================== Find3M  ====================
.
2014-04-10 14:48:59    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2014-04-10 14:48:58    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2014-04-10 14:48:58    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2014-03-31 02:30:24    316312    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2014-03-12 08:04:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 08:04:17    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-11 15:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 15:04:08    729088    ----a-w-    C:\Windows\iun6002.exe
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-25 07:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-22 15:16:25    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  6:56:14.18 ===============
 

Attached Files


Edited by Noviciate, 16 April 2014 - 02:44 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:34 PM

Posted 16 April 2014 - 02:51 PM

Good evening. :)

Let's start with something that may or may not work but won't do any harm either way - it works on my system, which is the same as yours, but you can never tell. Download this zipped file and save to to your Desktop.

Right click it and Extract the contents then open the folder and double click the file HostsTool.exe that should be inside.

I want you to Copy and Paste the contents of the Location of HOSTS file textbox at the top into your next reply.

 


So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:34 PM

Posted 21 April 2014 - 02:01 PM

Helpers are limited in the number of logs they can take by the time they have available and having threads sit idle means that somebody else who could be being helped has to wait.
Given that there has been no response for at least five days, and I have no way of knowing when there will be one, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users