Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct / ssl / browser hijack


  • This topic is locked This topic is locked
2 replies to this topic

#1 mattelle

mattelle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 13 December 2014 - 12:02 PM

Please help me get rid of the Google re-direct virus from my pc. 

Below is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.60.2
Run by MattFox at 16:42:31 on 2014-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6039.3943 [GMT 0:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Users\MattFox\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Users\MattFox\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxpers.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Spotify Web Helper] "C:\Users\MattFox\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [Spotify] "C:\Users\MattFox\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\MattFox\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\MattFox\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{29441271-32BD-4AAB-9FC9-4F4F1E1EFFE8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{29441271-32BD-4AAB-9FC9-4F4F1E1EFFE8}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{29441271-32BD-4AAB-9FC9-4F4F1E1EFFE8}\244584572633D205157584 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MattFox\AppData\Roaming\Mozilla\Firefox\Profiles\mubcqhc6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\MattFox\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\bin\a2ddax64.sys [2014-1-13 26176]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-1-14 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-28 13824]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-1-14 356128]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-13 127752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-28 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-28 164184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-1-13 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-1-13 969016]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-7-3 31624]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-28 362840]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-9 163456]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-9 551552]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-1-14 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-1-14 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-1-13 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-1-13 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-28 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-1-13 57024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-21 111616]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2012-5-28 314472]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-1-4 155824]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-25 20:09:27 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39C9D048-185B-4FD2-8577-2C509FEACC7E}\mpengine.dll
2014-11-22 11:32:16 -------- d-----w- C:\Users\MattFox\AppData\Roaming\WildTangent
2014-11-17 16:06:11 -------- d-----w- C:\Users\MattFox\AppData\Local\Microsoft Games
2014-09-21 10:31:43 -------- d-----w- C:\Users\MattFox\AppData\Local\{CC76050F-4389-43A2-AD68-1C5DE055B357}
2014-09-20 09:42:33 -------- d-----w- C:\Users\MattFox\AppData\Local\{3B7326DC-C6AB-4DB6-9B17-D3409FC3E064}
2014-07-17 14:39:48 -------- d-----w- C:\Users\MattFox\AppData\Local\{E302C7F6-619F-42BF-BC97-7C23FD7C6EC8}
2014-07-17 00:32:27 -------- d-----w- C:\Users\MattFox\AppData\Local\{A8C92A07-9662-403F-A91B-CB5D4C50A447}
2014-07-16 11:35:46 -------- d-----w- C:\Users\MattFox\AppData\Local\{41B14697-A5B1-4BED-8E4C-9582CA1393E2}
2014-07-15 11:10:36 -------- d-----w- C:\Users\MattFox\AppData\Local\{4697CFDD-4D53-40BA-9489-7FF2E06886C5}
2014-07-13 22:17:05 -------- d-----w- C:\Users\MattFox\AppData\Local\{DD1B8EC4-D947-4FEA-AC78-ECF5AD81B025}
2014-07-13 04:24:45 -------- d-----w- C:\Users\MattFox\AppData\Local\{D741C9E3-7F94-4AD9-89AC-66998D88230D}
2014-07-12 15:00:47 -------- d-----w- C:\Users\MattFox\AppData\Local\{B8E23307-7398-4DDF-B6B6-BCA843081C41}
2014-07-12 01:16:21 -------- d-----w- C:\Users\MattFox\AppData\Local\{95C2D6C0-3C51-4563-94A9-2E5D3110AAA2}
2014-07-11 10:28:15 -------- d-----w- C:\Users\MattFox\AppData\Local\{8E08BBA4-EC05-4E73-8591-708F93CF765B}
2014-07-10 00:31:51 -------- d-----w- C:\Users\MattFox\AppData\Local\{7C66BA05-9093-4512-9910-8C9A2B38050F}
2014-07-09 10:08:53 -------- d-----w- C:\Users\MattFox\AppData\Local\{961CAE7B-2EE8-4F01-BA83-E1F23F2B5E01}
2014-07-08 02:59:24 -------- d-----w- C:\Users\MattFox\AppData\Local\{DBE6EF03-8AFE-4066-9201-4F21B1881C73}
2014-07-07 14:44:34 -------- d-----w- C:\Users\MattFox\AppData\Local\{2A805EE8-2CFD-4CFC-985F-602B0AA36317}
2014-07-06 20:44:12 -------- d-----w- C:\Users\MattFox\AppData\Local\{9E054984-628D-46A2-84CF-6180961F0AF6}
2014-06-11 19:53:00 -------- d-----w- C:\Users\MattFox\AppData\Local\{53B037DB-5689-41B5-81AA-20C95309FDF0}
2014-06-08 14:55:57 -------- d-----w- C:\Users\MattFox\AppData\Roaming\.minecraft
2014-06-07 08:04:21 729088 ----a-w- C:\windows\SysWow64\Ipx32_56.dll
2014-06-07 08:04:21 448000 ----a-w- C:\windows\SysWow64\MM32DCMP.DLL
2014-06-07 08:04:21 28672 ----a-w- C:\windows\ipUnInst.exe
2014-06-07 08:04:21 126704 ----a-w- C:\windows\Unwise.exe
2014-06-07 08:04:21 -------- d-----w- C:\Program Files (x86)\IPIX
2014-06-07 07:25:59 -------- d-----w- C:\ProgramData\Oracle
2014-06-07 07:25:06 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-21 08:11:35 878080 ----a-w- C:\windows\System32\advapi32.dll
2014-04-21 08:09:29 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-21 08:06:44 1887232 ----a-w- C:\windows\System32\d3d11.dll
2014-04-21 08:06:44 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2014-03-26 12:45:47 -------- d-----w- C:\Users\MattFox\AppData\Local\{751E201A-F6FD-49AD-B070-866052DE6F9C}
2014-03-25 19:53:09 -------- d-----w- C:\Users\MattFox\AppData\Local\{18F1E731-5F85-4CBB-9420-AF1A5B002519}
2014-03-25 07:37:05 -------- d-----w- C:\Users\MattFox\AppData\Local\{08D7FC91-44D8-41C5-ABA0-763A09BBC433}
2014-03-24 20:26:50 -------- d-----w- C:\Users\MattFox\AppData\Roaming\CANON INC
2014-03-24 20:13:41 -------- d-----w- C:\Users\MattFox\AppData\Roaming\Canon_Inc_IC
2014-03-24 20:13:26 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2014-03-24 20:13:26 -------- d-----w- C:\Program Files (x86)\Canon
2014-03-24 20:00:14 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2014-03-24 15:40:29 -------- d-----w- C:\Users\MattFox\AppData\Local\{C8FD0340-634C-4C26-9DD0-4BE883D745E4}
2014-03-23 19:48:52 -------- d-----w- C:\Users\MattFox\AppData\Local\{57EDC877-7636-4E4F-9895-C7C5C8C7667C}
2014-03-21 22:20:33 -------- d-----w- C:\Users\MattFox\AppData\Local\Windows Live
2014-03-21 22:20:07 -------- d-----w- C:\Users\MattFox\AppData\Local\{6A8A56AC-18E9-4DCE-9CC5-098D7C9CA0C7}
2014-03-21 22:19:36 -------- d-----w- C:\Users\MattFox\AppData\Local\{05B1ABEF-19E2-4329-868D-A8305CB259AA}
2014-03-15 16:17:59 -------- d-----w- C:\Users\MattFox\AppData\Local\HP
2014-03-08 20:54:08 -------- d-----w- C:\ProgramData\WEBREG
2014-03-08 20:48:45 249856 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfpp70w.dll
2014-03-08 20:44:43 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-03-08 20:44:16 -------- d-----w- C:\ProgramData\HP Photo Creations
2014-03-08 20:44:16 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2014-03-08 20:44:09 -------- d-----w- C:\Users\MattFox\AppData\Roaming\HpUpdate
2014-03-08 20:41:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2014-03-08 20:41:19 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2014-03-08 20:40:56 136704 ----a-w- C:\windows\System32\hpf3l70w.dll
2014-03-08 20:40:21 -------- d-----w- C:\Program Files (x86)\HP
2014-03-08 20:38:48 880640 ----a-w- C:\windows\System32\hposwia_p02e.dll
2014-03-08 20:38:48 642360 ----a-w- C:\windows\System32\hpzids40.dll
2014-03-08 20:38:48 551424 ----a-w- C:\windows\System32\hppldcoi.dll
2014-03-08 20:38:47 515072 ----a-w- C:\windows\System32\hposc_p02a.dll
2014-03-08 20:38:47 1403904 ----a-w- C:\windows\System32\hpost_p02e.dll
2014-01-26 15:04:10 -------- d-----w- C:\PC_Play&Learn
2014-01-22 07:52:10 206080 ----a-w- C:\windows\System32\drivers\ssudmdm.sys
2014-01-22 07:52:10 108800 ----a-w- C:\windows\System32\drivers\ssudbus.sys
2014-01-13 16:25:54 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39C9D048-185B-4FD2-8577-2C509FEACC7E}\offreg.dll
2014-01-13 16:12:13 -------- d-----w- C:\AdwCleaner
2014-01-13 15:38:11 -------- d-----w- C:\Program Files\CCleaner
2014-01-13 14:10:10 -------- d-----w- C:\EEK
2014-01-13 13:55:54 37624 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-01-13 13:55:52 -------- d-----w- C:\ProgramData\RogueKiller
2014-01-13 13:31:50 -------- d-----w- C:\Program Files\HitmanPro
2014-01-13 13:30:51 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-13 13:03:45 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-01-13 13:03:27 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-01-13 13:03:27 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-01-13 13:03:27 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-13 13:03:27 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-13 13:03:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-01-13 13:03:06 -------- d-----w- C:\Users\MattFox\AppData\Local\Programs
2014-01-13 12:38:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-13 12:21:36 98816 ----a-w- C:\windows\sed.exe
2014-01-13 12:21:36 256000 ----a-w- C:\windows\PEV.exe
2014-01-13 12:21:36 208896 ----a-w- C:\windows\MBR.exe
2014-01-04 16:41:44 -------- d-----w- C:\Program Files (x86)\Sony
.
==================== Find3M  ====================
.
2014-11-04 14:30:58 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-05-26 09:25:49 91008 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-05-14 16:21:04 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-05-14 16:20:45 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-05-14 16:17:10 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-05-14 08:23:04 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-05-14 08:23:04 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-05-14 08:20:46 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-05-14 08:17:14 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-04-21 08:11:35 859648 ----a-w- C:\windows\System32\tdh.dll
2014-04-21 08:09:29 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-05 16:33:13 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-05 16:33:13 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-25 21:57:36 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2013-12-25 21:57:36 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
.
============= FINISH: 16:43:24.63 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 18 December 2014 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 PM

Posted 23 December 2014 - 10:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users