Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent in Temp.exe and svchost.exe


  • Please log in to reply
8 replies to this topic

#1 kingmordred

kingmordred

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 October 2014 - 03:49 PM

I ran a scan today with malwarebytes anti malware and it detected a Trojan.Agent in Temp.exe and Trojan.Agent.Gen in svchost.exe.

I've read before that people who get infected with this are able to remove it, only for it to reappear on system reboot, which must be to do witht eh fact that the virus is tied to a legitimate system file (svchost.exe). I'd like to know how to remove this infection properly. Another thing I have noticed is that in process explorer there are two instances of conhost.exe and also an instance of dllhost.exe keeps appearing and then disappearing every few seconds. What is this?

 

Thanks!


Edited by kingmordred, 17 October 2014 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 AM

Posted 17 October 2014 - 04:26 PM

Hello -

Note - If not installed, please follow these directions -
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe) to install, then follow These instructions for doing a THREAT SCAN in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you.

Temporarily Disable such programs or permit them to allow the changes.

If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

  • After the scan, make sure that everything is checked and then click the "Remove Selected" button to remove all the listed malware.
  • After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

Thank You -



#3 kingmordred

kingmordred
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 October 2014 - 06:24 PM

Here you go:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2014.10.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jamie :: JAMIE-PC [administrator]

17/10/2014 22:34:43
mbam-log-2014-10-17 (22-34-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM | P2P
Scan options disabled: Heuristics/Shuriken
Objects scanned: 559428
Time elapsed: 1 hour(s), 37 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} (PUP.Optional.FrostwireTB.A) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (PUP.Optional.FrostwireTB.A) -> Data: |ÔJf@¡­BCØt@ -> No action taken.
HKLM\SOFTWARE\SearchProtect|InstallDir (PUP.Optional.SearchProtect.A) -> Data: C:\PROGRA~2\SearchProtect -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Users\Jamie\AppData\Local\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\SearchProtect\STG (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> No action taken.

Files Detected: 4
C:\Users\Jamie\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jamie\Templates\Temp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 PM

Posted 17 October 2014 - 07:58 PM

Hi, Just want to ask... Your log shows, No action taken., this may mean you did not click the "Remove Selected" button to remove all the listed malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kingmordred

kingmordred
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 October 2014 - 08:03 PM

Hi. Yes I forgot to tick the box next to the PUP items. I will remove them on the next scan.



#6 kingmordred

kingmordred
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 October 2014 - 12:51 PM

I just ran another scan and as I expected, the trojans have reappeared.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 AM

Posted 18 October 2014 - 11:52 PM

Please note that mny of these listed items are not "Trojans" or major infections, but

Items like PUP.Optional.SearchProtect.A, and (PUP.Optional.FrostwireTB.A) are able to be removed with other simple programs.

 

NOTE : Your version of Malwarebytes Anti-Malware "1.70.0.1100" is way outdated (almost antique) and needs to be uninstalled and be replaced.

We will do that last -

 

First -

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

Important: Do not reboot your computer until you complete the next step.

* NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button only once to ensure a correct reading
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button only once to ensure a correct reading
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

NOW - Replace your version of Malwarebytes Anti-Malware.

Note - If not installed, please follow these directions - Click here to view the uninstall guide
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe) to install, then follow These instructions for doing a THREAT SCAN in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily Disable such programs or permit them to allow the changes.

  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • After rebooting the computer, copy and past the mbam.log in your next reply.

If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

Please post those 3 logs back here, RKill / AdwCleaner / New Malwarebytes version 2.0.2.1012., not your old version 1.70.0.1100,

and you will find that things are much improved..............

 

Thank You -



#8 kingmordred

kingmordred
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 20 October 2014 - 05:33 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/20/2014 10:53:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Manual

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Manual

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com
  127.0.0.1    100sexlinks.com

  20 out of 15318 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/20/2014 10:57:09 PM
Execution time: 0 hours(s), 3 minute(s), and 16 seconds(s)
 

 

# AdwCleaner v4.001 - Report created 20/10/2014 at 23:21:12
# DB v2014-10-20.3
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jamie - JAMIE-PC
# Running from : C:\Users\Jamie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmuse.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmuse.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage-journal
File Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v31.0 (x86 en-US)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [10639 octets] - [20/10/2014 23:05:34]
AdwCleaner[S0].txt - [10355 octets] - [20/10/2014 23:21:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10416 octets] ##########
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 PM

Posted 22 October 2014 - 10:04 PM

Hello, please run these now.
 
Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
>>>>
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
>>>
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users