Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Out witted, need a little help with this guy


  • This topic is locked This topic is locked
19 replies to this topic

#1 Gilligan8

Gilligan8

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 08 May 2014 - 09:50 PM

Ok... I've been whacking at this malware for about a week (off and on) and it's got me stumped.

 

At this point I've run just about everything on it (sorry), and hitman pro (trial) is still showing a bunch of stuff including some proxies.

 

I'm hoping someone can take a look at all of this mess and help me get it sorted out.

 

Not sure which logs to start with, but I've got a TON of them.

 

Here is HJT's log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:34:02 PM, on 5/8/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
G:\-=Repair=-\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: (no name) - {7F58B476-754F-4B83-99E4-EDB679E8EA21} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1005\..\Run: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe" (User 'dalek_000')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1005\..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (User 'dalek_000')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1005\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (User 'dalek_000')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1005\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" (User 'dalek_000')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1005\..\Run: [GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window (User 'dalek_000')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1006\..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Melissa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun (User 'Tylor')
O4 - HKUS\S-1-5-21-1547324850-1089188440-2165775012-1007\..\Run: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe" (User 'Noah')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem19.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 9782 bytes
 

 



BC AdBot (Login to Remove)

 


#2 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 08 May 2014 - 09:52 PM

Here is DDS's logs:

 

dds:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537
Run by Melissa at 21:44:12 on 2014-05-08
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7366.5665 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NewPlayer\NewPlayerUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\dashost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: {1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Melissa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.9.1
TCP: Interfaces\{A1B8215B-057A-4D4F-9339-EF1F5D1D0C34} : DHCPNameServer = 40.20.1.201 40.20.1.202
TCP: Interfaces\{C7C7B1EA-A9F9-498A-B272-AFAD77D1C05F} : DHCPNameServer = 192.168.9.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396043222&from=tugs&uid=HitachiXHTS547564A9E384_J2180053FALLHCFALLHCX
x64-BHO: {11111111-1111-1111-1111-110411411150} - <orphaned>
x64-BHO: {11111111-1111-1111-1111-110511311172} - <orphaned>
x64-BHO: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-4-30 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-4-30 208416]
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;C:\Windows\System32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [2014-4-29 61120]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2014-4-30 1039096]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-4-30 423240]
R1 wStLib64;wStLib64;C:\Windows\System32\Drivers\wStLib64.sys [2014-3-21 61120]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-8-9 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-26 240640]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-4-30 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-4-30 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-30 50344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-3-1 43320]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-12-25 1039160]
R2 NewPlayerUpdaterService;NewPlayer Updater Service;C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [2014-3-10 11776]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-9 239176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2013-2-26 49200]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-8-9 288328]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2013-12-2 1204424]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-9 760032]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-8-9 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-2-26 361984]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-4-30 29208]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iscFlash;iscFlash;C:\SWSetup\sp65062\iscflashx64.sys [2014-3-22 75016]
S3 RTSPER;Realtek PCIe CardReader Driver;C:\Windows\System32\Drivers\RtsPer.sys [2013-8-9 448072]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-2-5 28400]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-2-5 31984]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-10-28 204568]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-01 18:09:57 -------- d-----w- C:\FRST
2014-04-30 22:58:04 -------- d-----w- C:\Users\Melissa\AppData\Local\temp
2014-04-30 22:54:50 -------- d-----w- C:\$RECYCLE.BIN
2014-04-30 22:26:58 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-30 16:50:48 -------- d-----w- C:\Users\Melissa\AppData\Roaming\AVAST Software
2014-04-30 16:48:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-30 16:48:54 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-30 16:48:54 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-30 16:48:54 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-30 16:48:54 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-30 16:48:54 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-30 16:48:54 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-30 16:48:49 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-30 16:48:31 -------- d-----w- C:\Program Files\AVAST Software
2014-04-30 16:48:04 -------- d-----w- C:\ProgramData\AVAST Software
2014-04-30 16:25:46 -------- d-----w- C:\Users\Melissa\AppData\Local\VS Revo Group
2014-04-29 22:49:54 217776 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10237.bin
2014-04-29 19:21:08 98816 ----a-w- C:\Windows\sed.exe
2014-04-29 19:21:08 256000 ----a-w- C:\Windows\PEV.exe
2014-04-29 19:21:08 208896 ----a-w- C:\Windows\MBR.exe
2014-04-29 18:56:30 -------- d-----w- C:\AdwCleaner
2014-04-29 18:29:33 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-04-29 18:28:55 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-29 17:46:32 61120 ----a-w- C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-29 17:09:27 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Malwarebytes
2014-04-29 17:09:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-29 17:09:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-29 17:09:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-29 16:47:03 -------- d-----w- C:\Windows\ERUNT
2014-04-09 13:55:56 978432 ----a-w- C:\Windows\System32\KernelBase.dll
2014-04-09 13:55:53 666112 ----a-w- C:\Windows\SysWow64\KernelBase.dll
.
==================== Find3M  ====================
.
2014-04-22 23:47:16 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-22 03:46:04 61120 ----a-w- C:\Windows\System32\drivers\wStLib64.sys
2014-03-21 21:56:11 49952 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-03-15 20:52:57 379 ----a-w- C:\Windows\SysWow64\ff.bin
2014-03-15 20:49:21 536 ----a-w- C:\Windows\SysWow64\schtasks.bin
2014-03-07 00:48:11 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-03-07 00:08:06 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:44:54.52 ===============
 

 

 


Edited by Gilligan8, 08 May 2014 - 09:53 PM.


#3 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 08 May 2014 - 09:54 PM

Combofix2 log from the qoobox folder:

 

 

ComboFix 14-04-29.01 - Melissa 04/29/2014  14:24:19.1.4 - x64

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7366.5531 [GMT -5:00]
Running from: f:\-=repair=-\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\smartcompare
c:\programdata\smartcompare\x7mGt.dat
c:\programdata\smartcompare\x7mGt.exe
c:\programdata\smartcompare\x7mGt.tlb
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\background.html
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\content.js
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\hnItEY8.js
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\lsdb.js
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\manifest.json
c:\users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Melissa\AppData\Local\AnyProtectScannerSetup.exe
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\background.html
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\content.js
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\hnItEY8.js
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\lsdb.js
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\okihngclidilhdbfjfddelcnhclibdic\4.41\manifest.json
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okihngclidilhdbfjfddelcnhclibdic_0.localstorage-journal
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okihngclidilhdbfjfddelcnhclibdic_0.localstorage
c:\users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\587a15af-708e-48c8-9ec4-0655cb2527d0.jpg
c:\users\Melissa\AppData\Local\nsz788.tmp
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-28 to 2014-04-29  )))))))))))))))))))))))))))))))
.
.
2014-04-29 19:30 . 2014-04-29 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-29 19:30 . 2014-04-29 19:30 -------- d-----w- c:\users\dalek_000\AppData\Local\temp
2014-04-29 18:56 . 2014-04-29 18:58 -------- d-----w- C:\AdwCleaner
2014-04-29 18:28 . 2013-04-28 22:30 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-29 17:46 . 2014-04-24 17:33 61120 ----a-w- c:\windows\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-29 17:09 . 2014-04-29 17:09 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2014-04-29 17:09 . 2014-04-29 17:09 -------- d-----w- c:\programdata\Malwarebytes
2014-04-29 17:09 . 2014-04-29 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-04-29 17:09 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-29 16:47 . 2014-04-29 16:47 -------- d-----w- c:\windows\ERUNT
2014-04-09 13:55 . 2014-02-05 23:41 978432 ----a-w- c:\windows\system32\KernelBase.dll
2014-04-09 13:55 . 2014-02-05 23:41 1257984 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 13:55 . 2014-02-05 23:26 666112 ----a-w- c:\windows\SysWow64\KernelBase.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-22 23:47 . 2013-11-30 20:29 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47 . 2013-11-30 20:29 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 16:34 . 2013-11-30 19:35 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-22 03:46 . 2014-03-22 03:46 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-21 21:56 . 2014-02-03 00:12 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-16 14:45 . 2014-03-16 14:45 254640 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-02-09 01:50 . 2014-02-09 01:51 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-08 04:34 . 2014-03-12 02:56 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 23:41 . 2014-03-12 02:49 595968 ----a-w- c:\windows\system32\qedit.dll
2014-02-05 23:37 . 2014-03-12 02:49 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-31 03:16 . 2013-08-10 03:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-01-31 03:16 . 2013-08-10 03:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-01-31 03:16 . 2013-08-10 03:16 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2014-01-31 00:48 . 2014-03-12 14:51 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06 . 2014-03-12 14:51 1628160 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3AA4FC9D-FB51-44a2-B09F-0457857CA7C2}]
2013-10-24 15:47 251968 ----a-w- c:\users\Melissa\AppData\Roaming\IDMSQ\idmsqext.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-20 859464]
"IDMSQ"="c:\program files (x86)\IDMSQ\idmsq.exe" [2013-10-30 2561088]
"Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2014-02-04 4679576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-26 642656]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-07-24 77088]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-16 689744]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-12-25 1045304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iscFlash;iscFlash;c:\swsetup\sp65062\iscflashx64.sys;c:\swsetup\sp65062\iscflashx64.sys [x]
R3 RTSPER;Realtek PCIe CardReader Driver;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;c:\windows\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys;c:\windows\SYSNATIVE\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira Secure Backup Crawler;Avira Secure Backup Crawler;c:\program files\Avira Secure Backup\Avira Secure BackupCrawler.exe;c:\program files\Avira Secure Backup\Avira Secure BackupCrawler.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 NewPlayerUpdaterService;NewPlayer Updater Service;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-24 17:30 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 20:14]
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 20:14]
.
2014-04-11 c:\windows\Tasks\HPCeeScheduleForMelissa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-04-10 c:\windows\Tasks\HPCeeScheduleForNoah.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-04-29 c:\windows\Tasks\HPCeeScheduleForSCHOOL$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-03-20 c:\windows\Tasks\PCHelpers1st.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-20 00:47]
.
2014-04-09 c:\windows\Tasks\PCHelpers_period.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-20 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2013-12-20 10:58 2078720 ----a-w- c:\program files\Avira Secure Backup\ShellExtensionx64\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2013-12-20 10:58 2078720 ----a-w- c:\program files\Avira Secure Backup\ShellExtensionx64\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2013-12-20 10:58 2078720 ----a-w- c:\program files\Avira Secure Backup\ShellExtensionx64\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2013-12-20 10:58 2078720 ----a-w- c:\program files\Avira Secure Backup\ShellExtensionx64\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-01-29 7165000]
"Avira Secure Backup"="c:\program files\Avira Secure Backup\Avira Secure Backup.exe" [2013-12-20 1727056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-04-23 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396043222&from=tugs&uid=HitachiXHTS547564A9E384_J2180053FALLHCFALLHCX&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:13828;https=127.0.0.1:49182
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.9.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} - c:\users\Melissa\AppData\Local\TidyNetwork\petn.dll
Toolbar-{7F58B476-754F-4B83-99E4-EDB679E8EA21} - c:\users\Melissa\AppData\Local\TNT2\Profiles\10412\passport.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-PC Driver Kit - c:\program files (x86)\PC Driver Kit\PCDKLauncher.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\SoftwareUpdater.lnk - c:\program files (x86)\Software Updater\SoftwareUpdater.exe
BHO-{11111111-1111-1111-1111-110411411150} - c:\program files (x86)\media enhance\media enhance-bho64.dll
BHO-{11111111-1111-1111-1111-110511311172} - c:\program files (x86)\HQTotalS\HQTotalS-bho64.dll
BHO-{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - c:\program files\Highlightly\IE\HighlightlyClientIE.dll
Toolbar-{7F58B476-754F-4B83-99E4-EDB679E8EA21} - c:\users\Melissa\AppData\Local\TNT2\Profiles\10412\passport64.dll
WebBrowser-{7F58B476-754F-4B83-99E4-EDB679E8EA21} - c:\users\Melissa\AppData\Local\TNT2\Profiles\10412\passport64.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-Amazon Browser Settings - c:\program files (x86)\Amazon Browser Bar\uninstaller.exe
AddRemove-IECT3287811 - c:\programdata\Conduit\IE\CT3287811\UninstallerUI.exe
AddRemove-{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F} - c:\programdata\SmArtCoMpare\x7mGt.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-TidyNetwork - c:\users\Melissa\AppData\Local\TidyNetwork\TidyNetwork.exe
AddRemove-{041208F7-3869-41B1-AE97-1CD28BE4A74C} - c:\users\Melissa\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-04-29  14:34:34
ComboFix-quarantined-files.txt  2014-04-29 19:34
.
Pre-Run: 552,864,362,496 bytes free
Post-Run: 554,103,308,288 bytes free
.
- - End Of File - - 3C9C737FDFED6A4E485E83CBACA8326F
5FB38429D5D77768867C76DCBDB35194
 


#4 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 08 May 2014 - 09:57 PM

ADWClean S1 Log:

 

 

# AdwCleaner v3.018 - Report created 29/04/2014 at 13:57:54

# Updated 28/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Melissa - SCHOOL
# Running from : F:\-=Repair=-\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\speedupmypc.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Melissa\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Melissa\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Melissa\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\Software\CompeteInc
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [3210 octets] - [29/04/2014 13:56:34]
AdwCleaner[S1].txt - [3144 octets] - [29/04/2014 13:57:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3204 octets] ##########
 

 

 

I had also run JRT but it's log is no longer around, it now runs clean though.


Hitman Pro log (this is the persistent problems):

 

 

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : SCHOOL
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : SCHOOL\Melissa
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-04-30 18:03:08
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 109
   Traces  . . . . . . . : 181
 
   Objects scanned . . . : 2,032,636
   Files scanned . . . . : 40,218
   Remnants scanned  . . : 521,864 files / 1,470,554 keys
 
Malware remnants ____________________________________________________________
 
   Mysearchdial.com
   C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   session/startup_urls[0]
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
   mysearchdial.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   session/startup_urls[0]
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
   Mysearchdial.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\m\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}\ (MySearchDial)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASAPI32\ (FindWide)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASMANCS\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\TNT2\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   C:\Users\Melissa\AppData\Roaming\SupTab\ (FTDownloader)
   C:\Users\Melissa\Desktop\Sync Folder.lnk (MyPC Backup)
   ask.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   ask.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   askws
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader)
   HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak (AdvSysProtector)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\supTab\ (FTDownloader)
   HKLM\SOFTWARE\Wow6432Node\Wpm\ (FTDownloader)
   HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\IePluginService\ (FTDownloader)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginService\ (FTDownloader)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\BrowsersafeguardInstalled\ (BrowserSafeguard)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1005\Software\Microsoft\Internet Explorer\SearchScopes\{06014DCF-A47F-46CB-9A63-C5529A4D06B2}\ (Conduit)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1007\Software\Microsoft\Internet Explorer\SearchScopes\{06014DCF-A47F-46CB-9A63-C5529A4D06B2}\ (Conduit)
 
Repairs _____________________________________________________________________
 
   Proxy server on this computer (User)
   127.0.0.1:13828
 
   Proxy server on this computer (User)
   127.0.0.1:55058
 
   Proxy server on this computer (User)
   127.0.0.1:13828
 
   Proxy server on this computer (User)
   127.0.0.1:49216
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlsearchcrm.112.2o7.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 


#5 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 08 May 2014 - 09:59 PM

I tried running HelpAsst but it doesn't like Windows 8 and threw up some errors:

 

 

mbr infection detected! ~ running mbr -f

 
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.2.9200 
 
device: opened successfully
user: error reading MBR 
error: Read  The handle is invalid.
kernel: error reading MBR 
 
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.2.9200 
 
device: opened successfully
user: error reading MBR 
error: Read  The handle is invalid.
kernel: error reading MBR 
 

 

RKill comes up empty

 

Rouge Killer doesn't come up with much that I can see:

 

 

RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Melissa [Admin rights]
Mode : Scan -- Date : 04/30/2014 17:24:43
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:13828;hxxps=127.0.0.1:49182 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Melissa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][x][x] -> FOUND
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Melissa\AppData\Local\TidyNetwork\petnupdate.exe - CID=TRUS26 [x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547564A9E384 SATA Disk Device +++++
--- User ---
[MBR] 50d0221f5a04680079036c70dafa9d9a
[BSP] 1dac98500ab1d7d6d7ab9694ae4a9676 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 610480 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Patriot Memory USB Device +++++
--- User ---
[MBR] 1303c65935658e4328aedd9517f72ec2
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3821 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_04302014_172443.txt >>
 
 
 
 

I've probably run other things and some things have been run multiple times as sometimes that's what it seems to take.

 

But this one has me whooped!

 

Any help would be much appreciated... Thanks,

Gilligan



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 PM

Posted 13 May 2014 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Get the latest AdwCleaner tool and run it. Post the cleaning log when done.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

Edited by nasdaq, 13 May 2014 - 10:19 AM.


#7 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 13 May 2014 - 11:17 AM

Thanks, looks like the new adwcleaner found a bunch more stuff... or it just has reinfected itself while siting idle.

 

adwcleaner log:

 

 

# AdwCleaner v3.208 - Report created 13/05/2014 at 11:05:53

# Updated 11/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Melissa - SCHOOL
# Running from : G:\-=Repair=-\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : NewPlayerUpdaterService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\Software Updater
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\dalek_000\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\dalek_000\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Melissa\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Melissa\AppData\Local\emaze
Folder Deleted : C:\Users\Melissa\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Melissa\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\Melissa\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Melissa\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Melissa\AppData\Roaming\key-find
Folder Deleted : C:\Users\Melissa\AppData\Roaming\Optimizer Elite Max
Folder Deleted : C:\Users\Melissa\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Melissa\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Melissa\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Noah\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Noah\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tylor\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tylor\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\Users\Public\Desktop\NewPlayer.lnk
File Deleted : C:\Users\Melissa\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Melissa\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Melissa\Desktop\Sync Folder.lnk
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing 18\Register Mavis Beacon Teaches Typing 18.lnk
Shortcut Disinfected : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\NewPlayer
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=cmi_14_12_ch&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtBtAyEyDyB0ByEtC0E0EyCtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCtD0CyByCyDtAtGzztA0C0BtGtB0EtC0EtGyCtAtAzztGyEyD0DyEtAzzzyzy0CyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDzz0AyC0DtCzztG0EtCzztCtGtAtCyEzztG0D0FtC0FtGtCtC0AtD0B0Fzz0FyCyC0C0B2Q&cr=879073133&ir=
Deleted [Startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1Qo_3f-ulc_ylZK8rx-IU7i1bN5XEZYc6wr0jAsgjB8DSMzcTrxRF0Yj9Cd61ZiFUgR9ETt9havm-oZMl9bOYTURaFOXdrNm3vJtJbYCrdP9RtJQTNRSdcciL-2fhG9Q, 
Deleted [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=cmi_14_12_ch&cd=2XzuyEtN2Y1L1QzuzztDyDyC0FtBtAyEyDyB0ByEtC0E0EyCtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCtD0CyByCyDtAtGzztA0C0BtGtB0EtC0EtGyCtAtAzztGyEyD0DyEtAzzzyzy0CyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDzz0AyC0DtCzztG0EtCzztCtGtAtCyEzztG0D0FtC0FtGtCtC0AtD0B0Fzz0FyCyC0C0B2Q&cr=879073133&ir=
Deleted [Startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1Qo_3f-ulc_ylZK8rx-IU7i1bN5XEZYc6wr0jAsgjB8DSMzcTrxRF0Yj9Cd61ZiFUgR9ETt9havm-oZMl9bOYTURaFOXdrNm3vJtJbYCrdP9RtJQTNRSdcciL-2fhG9Q, 
Deleted [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo
 
*************************
 
AdwCleaner[R1].txt - [3210 octets] - [29/04/2014 13:56:34]
AdwCleaner[R3].txt - [10922 octets] - [13/05/2014 11:02:47]
AdwCleaner[S1].txt - [3292 octets] - [29/04/2014 13:57:54]
AdwCleaner[S2].txt - [9962 octets] - [13/05/2014 11:05:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10022 octets] ##########
 

 

FRST (64bit):

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01

Ran by Melissa (administrator) on SCHOOL on 13-05-2014 11:11:46
Running from G:\-=Repair=-
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7165000 2014-01-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-30] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\...\Run: [GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-02-19] (Google Inc.)
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - No Name - {7F58B476-754F-4B83-99E4-EDB679E8EA21} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.9.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Melissa\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
FF HKCU\...\FIREFOX\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12309.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (avast! Online Security) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-30]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-26] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-30] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-07-02] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-30] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
S3 iscFlash; C:\swsetup\sp65062\iscflashx64.sys [75016 2014-03-22] (Insyde Software)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-05] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-21] (StdLib)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120 2014-04-24] (StdLib)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-13 11:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-08 21:44 - 2014-05-08 21:44 - 00014883 _____ () C:\Users\Melissa\Desktop\dds.txt
2014-05-08 21:44 - 2014-05-08 21:44 - 00006089 _____ () C:\Users\Melissa\Desktop\attach.txt
2014-05-08 21:30 - 2014-04-29 09:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-08 21:30 - 2014-04-29 07:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-08 21:30 - 2014-04-29 07:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-08 21:30 - 2014-04-29 07:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-08 21:30 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-08 21:30 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-08 21:30 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-08 21:30 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-08 21:30 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-01 14:24 - 2014-05-13 11:07 - 00000856 _____ () C:\Windows\PFRO.log
2014-05-01 14:19 - 2014-05-01 14:51 - 00001424 _____ () C:\Users\Melissa\Desktop\fix.txt
2014-05-01 13:09 - 2014-05-13 11:11 - 00000000 ____D () C:\FRST
2014-05-01 10:09 - 2014-05-01 10:09 - 00000794 _____ () C:\Windows\setupact.log
2014-05-01 10:09 - 2014-05-01 10:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-01 10:06 - 2014-05-01 10:07 - 00002268 _____ () C:\Users\Melissa\Desktop\Rkill.txt
2014-05-01 10:06 - 2014-05-01 10:06 - 00000520 _____ () C:\HelpAsst.log
2014-05-01 10:06 - 2014-05-01 10:06 - 00000227 _____ () C:\Users\Melissa\Desktop\mbr.log
2014-05-01 10:06 - 2014-05-01 10:06 - 00000227 _____ () C:\Users\Melissa\Desktop\mbr.dat
2014-05-01 10:06 - 2010-03-21 02:40 - 00000878 _____ () C:\Users\Melissa\Desktop\ckmbr.bat
2014-05-01 09:49 - 2014-05-01 09:49 - 00610200 _____ () C:\Users\Melissa\Documents\cc_20140501_094901.reg
2014-04-30 18:09 - 2014-04-30 18:09 - 00039120 _____ () C:\Users\Melissa\Desktop\HitmanPro_20140430_1809.log
2014-04-30 17:58 - 2014-04-30 17:58 - 00018260 _____ () C:\ComboFix.txt
2014-04-30 17:26 - 2014-04-30 17:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-30 17:26 - 2014-04-30 17:26 - 00002584 _____ () C:\Users\Melissa\Desktop\RKreport[0]_D_04302014_172605.txt
2014-04-30 17:24 - 2014-04-30 17:24 - 00002654 _____ () C:\Users\Melissa\Desktop\RKreport[0]_S_04302014_172443.txt
2014-04-30 17:19 - 2014-04-30 17:26 - 00000000 ____D () C:\Users\Melissa\Desktop\RK_Quarantine
2014-04-30 11:50 - 2014-04-30 11:50 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\AVAST Software
2014-04-30 11:49 - 2014-05-13 11:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-30 11:49 - 2014-04-30 11:49 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-30 11:49 - 2014-04-30 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-30 11:48 - 2014-04-30 11:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-30 11:48 - 2014-04-30 11:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-30 11:48 - 2014-04-30 11:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-30 11:48 - 2014-04-30 11:48 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-30 11:45 - 2014-04-30 11:47 - 88882192 _____ (AVAST Software) C:\Users\Melissa\Downloads\avast_free_antivirus_setup.exe
2014-04-30 11:25 - 2014-04-30 11:25 - 00000000 ____D () C:\Users\Melissa\AppData\Local\VS Revo Group
2014-04-30 11:12 - 2014-04-30 11:12 - 00000000 ____D () C:\Users\dalek_000\AppData\Roaming\Malwarebytes
2014-04-30 11:03 - 2014-04-30 11:03 - 00000622 _____ () C:\Users\Melissa\Desktop\JRT.txt
2014-04-29 14:21 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-29 14:21 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-29 14:21 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-29 14:21 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-29 14:17 - 2014-04-30 17:58 - 00000000 ____D () C:\Qoobox
2014-04-29 14:16 - 2014-04-29 14:31 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 13:56 - 2014-05-13 11:06 - 00000000 ____D () C:\AdwCleaner
2014-04-29 13:30 - 2014-02-03 18:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-29 13:30 - 2014-02-03 18:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-29 13:30 - 2014-01-30 19:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-29 13:30 - 2014-01-30 19:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-29 13:30 - 2014-01-30 19:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-29 13:30 - 2014-01-26 22:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-29 13:30 - 2014-01-26 22:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-29 13:30 - 2014-01-26 19:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-29 13:30 - 2014-01-26 19:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-29 13:30 - 2014-01-26 18:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-29 13:30 - 2014-01-15 18:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-29 13:30 - 2014-01-11 01:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-29 13:30 - 2014-01-11 00:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-29 13:30 - 2014-01-02 18:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-29 13:30 - 2014-01-02 18:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-29 13:29 - 2014-03-06 19:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 13:29 - 2014-03-06 19:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 13:29 - 2014-03-06 19:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 13:29 - 2014-03-06 19:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 13:29 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-29 13:29 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-29 13:29 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-29 13:29 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 13:29 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 13:29 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 13:29 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-29 13:29 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 13:29 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-29 13:29 - 2012-11-07 23:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 13:29 - 2012-11-07 23:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 13:29 - 2012-07-25 22:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 12:46 - 2014-04-24 12:33 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-29 12:09 - 2014-04-29 12:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Malwarebytes
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-29 12:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 11:52 - 2014-04-29 11:52 - 00024492 _____ () C:\Users\Tylor\Desktop\JRT.txt
2014-04-29 11:47 - 2014-04-29 11:47 - 00000000 ____D () C:\Windows\ERUNT
 
==================== One Month Modified Files and Folders =======
 
2014-05-13 11:11 - 2014-05-01 13:09 - 00000000 ____D () C:\FRST
2014-05-13 11:11 - 2013-03-04 18:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-13 11:10 - 2014-04-30 11:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-13 11:10 - 2014-01-28 15:14 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 11:10 - 2013-08-09 21:56 - 00003618 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-05-13 11:09 - 2013-11-28 22:16 - 02014268 _____ () C:\Windows\WindowsUpdate.log
2014-05-13 11:08 - 2014-01-31 08:50 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForMelissa.job
2014-05-13 11:08 - 2013-08-09 21:56 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-05-13 11:08 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-13 11:07 - 2014-05-01 14:24 - 00000856 _____ () C:\Windows\PFRO.log
2014-05-13 11:07 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-13 11:07 - 2012-07-26 00:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-05-13 11:06 - 2014-04-29 13:56 - 00000000 ____D () C:\AdwCleaner
2014-05-13 11:06 - 2014-01-28 15:15 - 00001297 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-13 11:06 - 2014-01-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-13 11:06 - 2013-11-28 22:20 - 00001000 _____ () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-13 11:02 - 2013-11-28 22:20 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E92ABBF7-03F5-4D9E-AF24-81CF80F7565C}
2014-05-13 10:59 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-11 05:01 - 2014-01-31 08:50 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMelissa
2014-05-11 05:01 - 2013-11-28 22:16 - 00000000 ____D () C:\Users\Melissa
2014-05-11 05:00 - 2013-12-06 23:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-11 05:00 - 2013-12-01 21:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-11 04:57 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-08 21:44 - 2014-05-08 21:44 - 00014883 _____ () C:\Users\Melissa\Desktop\dds.txt
2014-05-08 21:44 - 2014-05-08 21:44 - 00006089 _____ () C:\Users\Melissa\Desktop\attach.txt
2014-05-08 21:33 - 2013-11-28 22:16 - 00000000 ____D () C:\Users\Melissa\AppData\Local\VirtualStore
2014-05-08 21:33 - 2012-07-26 02:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 21:30 - 2014-01-28 15:14 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 14:51 - 2014-05-01 14:19 - 00001424 _____ () C:\Users\Melissa\Desktop\fix.txt
2014-05-01 10:09 - 2014-05-01 10:09 - 00000794 _____ () C:\Windows\setupact.log
2014-05-01 10:09 - 2014-05-01 10:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-01 10:07 - 2014-05-01 10:06 - 00002268 _____ () C:\Users\Melissa\Desktop\Rkill.txt
2014-05-01 10:06 - 2014-05-01 10:06 - 00000520 _____ () C:\HelpAsst.log
2014-05-01 10:06 - 2014-05-01 10:06 - 00000227 _____ () C:\Users\Melissa\Desktop\mbr.log
2014-05-01 10:06 - 2014-05-01 10:06 - 00000227 _____ () C:\Users\Melissa\Desktop\mbr.dat
2014-05-01 09:49 - 2014-05-01 09:49 - 00610200 _____ () C:\Users\Melissa\Documents\cc_20140501_094901.reg
2014-05-01 09:48 - 2014-02-27 00:39 - 00000000 ____D () C:\Windows\Minidump
2014-05-01 09:48 - 2012-08-03 18:21 - 00000000 ____D () C:\Windows\Panther
2014-04-30 18:09 - 2014-04-30 18:09 - 00039120 _____ () C:\Users\Melissa\Desktop\HitmanPro_20140430_1809.log
2014-04-30 17:58 - 2014-04-30 17:58 - 00018260 _____ () C:\ComboFix.txt
2014-04-30 17:58 - 2014-04-29 14:17 - 00000000 ____D () C:\Qoobox
2014-04-30 17:54 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 17:33 - 2014-04-30 17:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-30 17:26 - 2014-04-30 17:26 - 00002584 _____ () C:\Users\Melissa\Desktop\RKreport[0]_D_04302014_172605.txt
2014-04-30 17:26 - 2014-04-30 17:19 - 00000000 ____D () C:\Users\Melissa\Desktop\RK_Quarantine
2014-04-30 17:24 - 2014-04-30 17:24 - 00002654 _____ () C:\Users\Melissa\Desktop\RKreport[0]_S_04302014_172443.txt
2014-04-30 15:24 - 2013-11-28 22:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1547324850-1089188440-2165775012-1002
2014-04-30 11:50 - 2014-04-30 11:50 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\AVAST Software
2014-04-30 11:49 - 2014-04-30 11:49 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-30 11:49 - 2014-04-30 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-30 11:48 - 2014-04-30 11:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-30 11:48 - 2014-04-30 11:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-30 11:48 - 2014-04-30 11:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 11:48 - 2014-04-30 11:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-30 11:48 - 2014-04-30 11:48 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-30 11:47 - 2014-04-30 11:45 - 88882192 _____ (AVAST Software) C:\Users\Melissa\Downloads\avast_free_antivirus_setup.exe
2014-04-30 11:29 - 2014-02-08 19:20 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 11:27 - 2013-08-09 21:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 11:25 - 2014-04-30 11:25 - 00000000 ____D () C:\Users\Melissa\AppData\Local\VS Revo Group
2014-04-30 11:15 - 2013-11-29 22:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1547324850-1089188440-2165775012-1005
2014-04-30 11:12 - 2014-04-30 11:12 - 00000000 ____D () C:\Users\dalek_000\AppData\Roaming\Malwarebytes
2014-04-30 11:03 - 2014-04-30 11:03 - 00000622 _____ () C:\Users\Melissa\Desktop\JRT.txt
2014-04-30 10:56 - 2013-11-29 22:49 - 00000000 ___RD () C:\Users\dalek_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-30 10:56 - 2013-11-29 22:49 - 00000000 ___RD () C:\Users\dalek_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-30 10:53 - 2014-02-26 14:30 - 00000000 ____D () C:\ProgramData\ExErunnner
2014-04-29 15:37 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-04-29 14:34 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-04-29 14:32 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-29 14:31 - 2014-04-29 14:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 13:57 - 2013-11-28 22:20 - 00000000 ___RD () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 13:54 - 2013-11-28 22:20 - 00000000 ___RD () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 13:52 - 2014-03-15 15:40 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForSCHOOL$.job
2014-04-29 13:51 - 2012-07-26 00:26 - 00000292 _____ () C:\Windows\win.ini
2014-04-29 13:50 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-29 13:47 - 2014-01-28 22:28 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Weather_Warnings_LLC
2014-04-29 12:16 - 2014-03-15 15:40 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSCHOOL$
2014-04-29 12:09 - 2014-04-29 12:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Malwarebytes
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-29 11:56 - 2014-03-20 09:23 - 00000000 ____D () C:\Program Files (x86)\HQTotalS
2014-04-29 11:53 - 2013-11-29 16:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1547324850-1089188440-2165775012-1006
2014-04-29 11:52 - 2014-04-29 11:52 - 00024492 _____ () C:\Users\Tylor\Desktop\JRT.txt
2014-04-29 11:47 - 2014-04-29 11:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 09:14 - 2014-05-08 21:30 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 07:47 - 2014-05-08 21:30 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 07:36 - 2014-05-08 21:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 07:25 - 2014-05-08 21:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 12:33 - 2014-04-29 12:46 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-22 18:47 - 2013-11-30 15:29 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-22 18:47 - 2013-11-30 15:29 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 04:39 - 2014-05-08 21:30 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-19 03:45 - 2014-05-08 21:30 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-19 03:45 - 2014-05-08 21:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 01:57 - 2014-05-08 21:30 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-19 01:57 - 2014-05-08 21:30 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
Some content of TEMP:
====================
C:\Users\Melissa\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-08 21:50
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 PM

Posted 14 May 2014 - 07:38 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO: No Name - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -  No File
BHO-x32: No Name - {1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} -  No File
Toolbar: HKLM-x32 - No Name - {7F58B476-754F-4B83-99E4-EDB679E8EA21} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Melissa\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
FF HKCU\...\FIREFOX\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12309.xpi
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-21] (StdLib)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120 2014-04-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#9 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 14 May 2014 - 09:16 AM

Interesting that things get "whitelisted" that need to be removed.

 

Fixlog:

 


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01

Ran by Melissa at 2014-05-14 09:08:47 Run:1
Running from G:\-=Repair=-
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO: No Name - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -  No File
BHO-x32: No Name - {1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} -  No File
Toolbar: HKLM-x32 - No Name - {7F58B476-754F-4B83-99E4-EDB679E8EA21} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Melissa\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll No File
FF HKCU\...\FIREFOX\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12309.xpi
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-21] (StdLib)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120 2014-04-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
End
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key deleted successfully.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1BE3455C-C89F-462C-BC6C-CB1A4F6C9FE8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7F58B476-754F-4B83-99E4-EDB679E8EA21} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7F58B476-754F-4B83-99E4-EDB679E8EA21} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin => Key deleted successfully.
C:\Users\Melissa\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll not found.
HKCU\Software\Mozilla\FIREFOX\Extensions\\ConsumerInput@Compete => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
BthAvrcpTg => Service deleted successfully.
BthHFEnum => Service deleted successfully.
bthhfhid => Service deleted successfully.
wStLib64 => Unable to stop service
wStLib64 => Service deleted successfully.
{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64 => Unable to stop service
{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64 => Service deleted successfully.
catchme => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

Here is the Checkup log:

 


 

Results of screen317's Security Check version 0.99.83  

   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#10 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 14 May 2014 - 09:50 AM

Issues still persisting.

 

Hitman Pro is still giving a pile of stuff including proxy servers that aren't legit. :(

 

 

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : SCHOOL
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : SCHOOL\Melissa
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-05-14 09:18:35
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 76
   Traces  . . . . . . . : 131
 
   Objects scanned . . . : 2,422,446
   Files scanned . . . . : 39,003
   Remnants scanned  . . : 509,950 files / 1,873,493 keys
 
Malware remnants ____________________________________________________________
 
   Mysearchdial.com
   C:\Users\dalek_000\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   mysearchdial.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   Mysearchdial.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASAPI32\ (FindWide)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASMANCS\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\TNT2\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   ask.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   ask.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   askws
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak (AdvSysProtector)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS\ (BrowserSafeguard)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\IePluginService\ (FTDownloader)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginService\ (FTDownloader)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1002\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1005\Software\Microsoft\Internet Explorer\SearchScopes\{06014DCF-A47F-46CB-9A63-C5529A4D06B2}\ (Conduit)
   HKU\S-1-5-21-1547324850-1089188440-2165775012-1007\Software\Microsoft\Internet Explorer\SearchScopes\{06014DCF-A47F-46CB-9A63-C5529A4D06B2}\ (Conduit)
 
Repairs _____________________________________________________________________
 
   Proxy server on this computer (User)
   127.0.0.1:55058
 
   Proxy server on this computer (User)
   127.0.0.1:13828
 
   Proxy server on this computer (User)
   127.0.0.1:49216
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlsearchcrm.112.2o7.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Tylor\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 PM

Posted 14 May 2014 - 10:31 AM


Most items reported by HitmanPro are remnant of old infections.
Are you not able to remove them with the tool.

As for the proxy see if they are active.

Proxy server on this computer (User)
127.0.0.1:55058

Proxy server on this computer (User)
127.0.0.1:13828

Proxy server on this computer (User)
127.0.0.1:49216



In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:55058 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
Check the others also.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Let me know if you have issues running this computer.

#12 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 14 May 2014 - 10:43 AM

I don't have the paid version of Hitman... I'm just using it to tell me if I have more injections that other programs might not find.

 

In regards to the proxy servers.

 

I had already reset IE and Chrome back to defaults and I just double checked them.  No settings show any proxy servers.  That's the thing, I can't find these proxy server settings ANYWHERE. :(



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 PM

Posted 14 May 2014 - 10:51 AM

Let see what we can find.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:


    :regfind
    127.0.0.1:55058
    127.0.0.1:13828
    127.0.0.1:49216
    Proxy server
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#14 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 14 May 2014 - 12:04 PM

System Look log

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 11:11 on 14/05/2014 by Melissa
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== regfind ==========
 
Searching for "127.0.0.1:55058"
[HKEY_USERS\S-1-5-21-1547324850-1089188440-2165775012-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="http=127.0.0.1:55058;https=127.0.0.1:55058"
 
Searching for "127.0.0.1:13828"
[HKEY_USERS\S-1-5-21-1547324850-1089188440-2165775012-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="http=127.0.0.1:13828;https=127.0.0.1:49160"
 
Searching for "127.0.0.1:49216"
[HKEY_USERS\S-1-5-21-1547324850-1089188440-2165775012-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="http=127.0.0.1:49216;https=127.0.0.1:49216"
 
Searching for "Proxy server"
No data found.
 
-= EOF =-

 

 

Should I just rip these out from the registry?



#15 Gilligan8

Gilligan8
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 14 May 2014 - 12:06 PM

I'm guessing these are under other profiles and that's why I wasn't finding them.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users