Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help done everything but virus stays hidden and won't leave


  • Please log in to reply
10 replies to this topic

#1 Sirwalrusthe3rd

Sirwalrusthe3rd

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 11:44 AM

Hello I am having a problem on Windows 8 and this is the worst virus I have had it stays hidden no matter what I try. here are some anti viruses I have used was malwarebytes, Superantispyware, Norton, avast won't download and I have tried rkill, none of these will even update I can't go to any Web page that has any thing to do with getting rid of a virus I have tried all these in safe mode and still no luck but when I'm in safe mode I can go more freely but if I try to download a antivirus it says connection blocked. I have even factory restored my computer no luck at all it was worse before I couldn't even open up any Internet browser without having connection refused I was able to get some of the Internet working but if any body can help me it will be greatly appreciated. Plz HELP

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by me (administrator) on BYEBYE on 28-01-2015 11:19:21
Running from C:\Users\me\Desktop
Loaded Profiles: me (Available profiles: me)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Symantec Corporation) C:\Program Files (x86)\SymSilent\SymSilent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AVAST Software) C:\Users\me\Desktop\avast_premier_antivirus_setup_online.exe
(AVAST Software) C:\Users\me\AppData\Local\Temp\_av_iup.tm~a01308\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [SymSilent] => C:\Program Files (x86)\SymSilent\SymSilent.exe [925584 2015-01-28] (Symantec Corporation)
HKU\S-1-5-21-4088441958-3709879701-3819372090-1002\...\Run: [GoogleChromeAutoLaunch_EA46CEF0976AD8B339A9FA2A9F56D13D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4088441958-3709879701-3819372090-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKU\S-1-5-21-4088441958-3709879701-3819372090-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM -> {696BEDDC-EDD9-40C1-9534-90D237CEA7EC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {696BEDDC-EDD9-40C1-9534-90D237CEA7EC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4088441958-3709879701-3819372090-1002 -> {696BEDDC-EDD9-40C1-9534-90D237CEA7EC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4088441958-3709879701-3819372090-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-4088441958-3709879701-3819372090-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 206.248.154.22 206.248.154.170 192.168.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-28]
CHR Extension: (Google Docs) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Google Drive) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-28]
CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Adblock Plus) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-28]
CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (Google Sheets) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-28]
CHR Extension: (AdBlock) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-28]
CHR Extension: (Bookmark Manager) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-28]
CHR Extension: (Avast Online Security) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-28]
CHR Extension: (Google +1 Button) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2015-01-28]
CHR Extension: (Color Wave) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnpfgjdhpopghfmomjmedpgecgjifcc [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
CHR Extension: (Canvas Rider) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-01-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-25] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-25] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-07-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-10] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1152712 2013-06-15] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 11:19 - 2015-01-28 11:19 - 00017330 _____ () C:\Users\me\Desktop\FRST.txt
2015-01-28 11:18 - 2015-01-28 11:19 - 00000000 ____D () C:\FRST
2015-01-28 11:18 - 2015-01-28 11:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 11:18 - 2015-01-28 10:57 - 02130432 ____N (Farbar) C:\Users\me\Desktop\FRST64.exe
2015-01-28 11:18 - 2015-01-28 10:38 - 04978536 ____N (AVAST Software) C:\Users\me\Desktop\avast_premier_antivirus_setup_online.exe
2015-01-28 10:15 - 2015-01-28 10:15 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a57e178b-fcce-4aa0-bf3c-f80491b037ef.job
2015-01-28 09:45 - 2015-01-28 09:52 - 00001972 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-28 09:45 - 2015-01-28 09:45 - 00000518 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task abdfbd24-4bbc-440d-bd23-a5b782e3ec73.job
2015-01-28 09:45 - 2015-01-28 09:45 - 00000000 ____D () C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com
2015-01-28 09:45 - 2015-01-28 09:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-28 09:45 - 2015-01-28 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-28 09:45 - 2015-01-28 09:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-28 09:36 - 2015-01-27 21:40 - 21096344 ____N (SUPERAntiSpyware) C:\Users\me\Desktop\SUPERAntiSpyware.exe
2015-01-28 09:20 - 2015-01-28 11:06 - 00000334 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForme.job
2015-01-28 09:20 - 2015-01-28 09:37 - 00003142 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForme
2015-01-28 09:19 - 2015-01-28 09:20 - 00000166 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-28 03:47 - 2015-01-28 03:47 - 00000000 _____ () C:\Recovery.txt
2015-01-28 03:32 - 2015-01-28 11:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 03:31 - 2015-01-28 03:31 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 03:31 - 2015-01-28 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 03:31 - 2015-01-28 03:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 03:31 - 2015-01-28 03:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-28 03:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-28 03:31 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-28 03:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-28 03:13 - 2015-01-28 03:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-28 03:10 - 2015-01-28 03:10 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 03:10 - 2015-01-28 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-28 03:08 - 2015-01-28 11:13 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 03:08 - 2015-01-28 11:07 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 03:08 - 2015-01-28 03:10 - 00000000 ____D () C:\Users\me\AppData\Local\Google
2015-01-28 03:08 - 2015-01-28 03:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 03:08 - 2015-01-28 03:08 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-28 03:08 - 2015-01-28 03:08 - 00003640 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-28 03:08 - 2015-01-28 03:08 - 00000000 ____D () C:\Users\me\AppData\Local\Deployment
2015-01-28 03:08 - 2015-01-28 03:08 - 00000000 ____D () C:\Users\me\AppData\Local\Apps\2.0
2015-01-28 02:48 - 2015-01-28 02:48 - 00002324 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4088441958-3709879701-3819372090-500
2015-01-28 02:30 - 2015-01-28 02:30 - 00000000 ____D () C:\Users\me\AppData\Roaming\hpqlog
2015-01-28 02:23 - 2015-01-28 02:23 - 00000000 ____D () C:\MediaServer
2015-01-28 02:14 - 2015-01-28 02:14 - 00000000 ____D () C:\WINDOWS\pss
2015-01-28 01:28 - 2015-01-28 01:28 - 00004014 _____ () C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2015-01-28 01:08 - 2015-01-28 02:53 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4088441958-3709879701-3819372090-1002
2015-01-28 01:04 - 2015-01-28 11:08 - 00000000 ____D () C:\Users\me\Documents\Youcam
2015-01-28 01:04 - 2015-01-28 01:27 - 00000000 ____D () C:\Users\me\AppData\Roaming\Hewlett-Packard
2015-01-28 01:04 - 2015-01-28 01:04 - 00000000 ____D () C:\Users\me\AppData\Roaming\ATI
2015-01-28 01:04 - 2015-01-28 01:04 - 00000000 ____D () C:\Users\me\AppData\Local\CyberLink
2015-01-28 01:04 - 2015-01-28 01:04 - 00000000 ____D () C:\Users\me\AppData\Local\ATI
2015-01-28 01:04 - 2015-01-28 01:04 - 00000000 ____D () C:\Users\me\AppData\Local\AMD
2015-01-28 01:03 - 2015-01-28 01:03 - 00000000 ____D () C:\Users\me\Documents\Bluetooth
2015-01-28 01:03 - 2015-01-28 01:03 - 00000000 ____D () C:\Users\me\AppData\Local\bluesoleil
2015-01-28 01:02 - 2015-01-28 01:02 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4523208C-54E6-45FF-A777-85EFD1382117}
2015-01-28 01:02 - 2015-01-28 01:02 - 00002103 _____ () C:\Users\Public\Desktop\HP Games.lnk
2015-01-28 01:02 - 2015-01-28 01:02 - 00001441 _____ () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 01:02 - 2015-01-28 01:02 - 00000000 ____D () C:\Users\me\AppData\Roaming\Adobe
2015-01-28 01:01 - 2015-01-28 01:28 - 00000000 ____D () C:\Users\me\AppData\Local\Hewlett-Packard
2015-01-28 01:01 - 2015-01-28 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-01-28 01:01 - 2015-01-28 01:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-01-28 01:01 - 2015-01-28 01:01 - 00000000 ____D () C:\Users\me\AppData\Local\Power2Go8
2015-01-28 01:01 - 2013-10-01 02:21 - 00002225 _____ () C:\Users\Public\Desktop\Snapfish.lnk
2015-01-28 01:01 - 2013-07-20 01:06 - 00002186 _____ () C:\Users\Public\Desktop\eBay.lnk
2015-01-28 01:00 - 2015-01-28 01:00 - 00000000 ____D () C:\Users\me\AppData\Roaming\Synaptics
2015-01-28 00:59 - 2015-01-28 11:13 - 00276098 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-28 00:59 - 2015-01-28 09:37 - 00000000 ____D () C:\Users\me
2015-01-28 00:59 - 2015-01-28 01:27 - 00000000 ____D () C:\Users\me\AppData\Local\Packages
2015-01-28 00:59 - 2015-01-28 00:59 - 00000020 ___SH () C:\Users\me\ntuser.ini
2015-01-28 00:59 - 2015-01-28 00:59 - 00000000 ____D () C:\Users\me\AppData\Local\VirtualStore
2015-01-28 00:59 - 2013-07-20 01:02 - 00002100 _____ () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-01-28 00:59 - 2013-07-20 00:52 - 00000000 ___HD () C:\Users\me\Documents\hp.system.package.metadata
2015-01-28 00:59 - 2013-07-20 00:38 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-28 00:59 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 00:59 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-28 00:59 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 11:11 - 2013-07-19 23:58 - 00877348 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-01-28 11:11 - 2013-07-19 23:58 - 00191806 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-01-28 11:11 - 2012-07-26 02:28 - 01994298 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-28 11:07 - 2013-10-01 02:08 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-01-28 11:06 - 2013-10-01 02:08 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-01-28 11:06 - 2013-06-07 11:40 - 00001017 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-01-28 11:06 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 09:43 - 2012-08-03 17:23 - 00129606 _____ () C:\WINDOWS\PFRO.log
2015-01-28 09:15 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-28 04:26 - 2013-10-01 01:51 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-01-28 04:06 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-28 04:04 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-01-28 03:46 - 2012-07-26 03:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-28 03:29 - 2013-10-01 02:39 - 00000000 ____D () C:\ProgramData\Norton
2015-01-28 03:29 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-28 03:28 - 2013-10-01 02:40 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-28 03:13 - 2012-07-26 02:21 - 00035766 _____ () C:\WINDOWS\setupact.log
2015-01-28 03:06 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-28 02:50 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup
2015-01-28 02:50 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-28 02:48 - 2012-08-03 17:40 - 00010342 _____ () C:\WINDOWS\iis.log
2015-01-28 02:48 - 2012-07-26 03:13 - 00004552 _____ () C:\WINDOWS\DtcInstall.log
2015-01-28 02:22 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 01:02 - 2013-07-20 01:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-01-28 01:02 - 2013-07-20 01:06 - 00000000 ___RD () C:\Program Files\Online Services
2015-01-28 01:02 - 2013-07-20 01:06 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-01-28 01:02 - 2013-07-20 00:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-01-28 01:02 - 2013-07-20 00:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-28 01:02 - 2013-07-20 00:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-28 01:01 - 2012-08-03 19:02 - 00000000 ___HD () C:\SYSTEM.SAV
2015-01-28 01:00 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-28 00:59 - 2012-08-03 18:21 - 00000000 ____D () C:\WINDOWS\Panther

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-03 17:23

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 29 January 2015 - 10:57 AM.
FRST log posted.


BC AdBot (Login to Remove)

 


#2 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 11:57 AM

I also forgot to mention that all my email accounts have had an email saying unusual sign in when I check it says some person signed into my account from a different country

#3 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 12:34 PM

Is this a hijack virus of some sort

#4 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 01:56 PM

I am trying adwcleaner now hope it helps

#5 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 02:17 PM

Nope still get this error in Google chrome
I tried just saving the page but if I save it it automatically will cancel the download everytime I also posted what adwcleaner did

Attached Files



#6 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 04:36 PM

I don't know if this matters but when I first used malwarebytes it detected I think it was four infections but it was all based off of a application called dynamo combo I uninstalled it then I quarantined it then I factory restored my computer this was when I first noticed something wrong and I'm not a 100% sure but I thought I had avast installed is it possible for a virus to completely uninstall my antivirus

I just thought more info would help a bit more

#7 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 January 2015 - 05:23 PM

Sorry for keep updating my topic but I'm trying my best to figure this out and Im just updating on what I figured out so far and maybe someone will start to clue in before me but anyway (

I just did some troubleshooting and when I did that to my network it popped up giving me this error

The remote device or resource won't accept the connection

The device or resource (go.Microsoft.com) is not setup to accept connections on port "The Worldwide Web service (HTTP)"

any help will be greatly appreciated

Edited by Sirwalrusthe3rd, 28 January 2015 - 10:45 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 AM

Posted 29 January 2015 - 11:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I factory restored my computer this was when I first noticed something wrong and I'm not a 100% sure but I thought I had avast installed is it possible for a virus to completely uninstall my antivirus


The restore point may have remove the Avast prograM.
Please run the Farbar tool one more time and post a fresh FRST log for my review.

I want your also do run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

p.s.
Do not attempt to run/install any other programs until I have had a chance to look at both logs.

#9 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 29 January 2015 - 01:42 PM

I did what you said and now when I plug my phone In it doesn't detect my device
(it's a nexus 4)
I have been using my phone to post to this forum since my computer blocks this site
And I need to connect my phone to grab all the log files to post them here
any help
Also my phone wasn't plugged in at the time of the scan

Edited by Sirwalrusthe3rd, 29 January 2015 - 01:43 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 AM

Posted 29 January 2015 - 02:02 PM

Open the Computer do you see the C:\ drive?

Do you also see you phone?
Make sure it's connected to the computer.

#11 Sirwalrusthe3rd

Sirwalrusthe3rd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 30 January 2015 - 09:48 AM

I see c/ drive but not my phone
And when I try to install the drivers it fails I will get back to you when I figure out how to install the drivers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users