Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with seektoexplore virus and get blocked from webpages


  • This topic is locked This topic is locked
15 replies to this topic

#1 coachoflife

coachoflife

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 30 January 2015 - 03:27 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by John (administrator) on JOHN-PC on 30-01-2015 17:37:40
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-55534762-144992477-3993507944-1000\...\MountPoints2: {7e41924a-6a72-11e4-ae98-806e6f6e6963} - D:\Setup.Now.exe
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn%20uk%20-%20outrlook.com/
HKU\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-55534762-144992477-3993507944-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: YouGovPulse -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\John\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll (Wakoopa)
BHO-x32: YouGovPulse -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\John\AppData\Local\Wakoopa Shared\WakoopaBHO.dll (Wakoopa)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\o8k7zoad.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (YouGovPulse) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmjiafgnihnlimabppljbikhfekllem [2015-01-10]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-12-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31984 2013-07-30] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-11] () [File not signed]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 17:37 - 2015-01-30 17:38 - 00009888 _____ () C:\Users\John\Downloads\FRST.txt
2015-01-30 17:37 - 2015-01-30 17:37 - 02130432 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-01-30 17:29 - 2015-01-30 17:29 - 00002272 _____ () C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
2015-01-30 17:29 - 2015-01-30 17:29 - 00001194 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
2015-01-30 17:29 - 2015-01-30 17:29 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-30 17:29 - 2015-01-30 17:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2015-01-30 17:29 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM9311.dll
2015-01-30 17:23 - 2015-01-30 17:23 - 00000000 ____D () C:\Users\John\AppData\Local\Hewlett-Packard
2015-01-30 17:23 - 2015-01-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-30 17:22 - 2015-01-30 17:22 - 05197824 _____ () C:\Users\John\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi
2015-01-30 02:56 - 2015-01-30 02:57 - 00002534 _____ () C:\Users\John\Desktop\Rkill.txt
2015-01-30 02:56 - 2015-01-30 02:56 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.com
2015-01-30 02:51 - 2015-01-30 02:51 - 00000632 _____ () C:\Users\John\Downloads\JRT.txt
2015-01-30 02:48 - 2015-01-30 02:48 - 00000632 _____ () C:\Users\John\Desktop\JRT.txt
2015-01-30 01:31 - 2015-01-30 01:32 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2015-01-30 01:22 - 2015-01-30 01:23 - 02194432 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2015-01-30 01:14 - 2015-01-30 01:14 - 04176437 _____ () C:\Users\John\Downloads\tdsskiller.zip
2015-01-30 01:07 - 2015-01-30 01:08 - 01707939 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2015-01-30 01:02 - 2015-01-30 02:34 - 00016440 _____ () C:\Users\John\Downloads\Result.txt
2015-01-30 01:00 - 2015-01-30 01:00 - 00401920 _____ (Farbar) C:\Users\John\Downloads\MiniToolBox.exe
2015-01-26 16:31 - 2015-01-26 16:31 - 00002397 _____ () C:\Users\Public\Desktop\Civilization III Complete Edition.lnk
2015-01-26 16:31 - 2015-01-26 16:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2015-01-26 16:25 - 2015-01-26 16:25 - 00000000 ____D () C:\Program Files (x86)\Firaxis Games
2015-01-26 16:01 - 2015-01-26 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-26 15:28 - 2015-01-30 17:37 - 00000000 ____D () C:\FRST
2015-01-26 15:21 - 2015-01-29 17:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 15:20 - 2015-01-26 16:00 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 15:20 - 2015-01-26 15:20 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 15:20 - 2015-01-26 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 15:20 - 2015-01-26 15:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 15:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 15:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 15:19 - 2015-01-26 15:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 13:38 - 2015-01-26 13:38 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-26 12:28 - 2015-01-26 12:28 - 00271600 _____ () C:\Windows\Minidump\012615-11731-01.dmp
2015-01-26 12:04 - 2015-01-26 12:54 - 303092975 _____ () C:\Windows\MEMORY.DMP
2015-01-26 12:04 - 2015-01-26 12:28 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 12:04 - 2015-01-26 12:04 - 00271600 _____ () C:\Windows\Minidump\012615-23992-01.dmp
2015-01-26 00:57 - 2015-01-26 00:57 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-26 00:31 - 2015-01-26 00:49 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-01-25 22:44 - 2015-01-25 22:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-25 22:22 - 2015-01-25 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-25 22:22 - 2015-01-25 22:22 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-25 22:21 - 2015-01-26 11:43 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-25 22:21 - 2015-01-26 11:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-25 22:04 - 2015-01-25 22:24 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2015-01-25 21:38 - 2015-01-26 11:45 - 00000000 ___SD () C:\ComboFix
2015-01-25 21:38 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-25 21:38 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-25 21:38 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-25 21:38 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-25 21:38 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-25 21:38 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-25 21:38 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-25 21:38 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-25 21:36 - 2015-01-26 11:45 - 00000000 ____D () C:\Windows\erdnt
2015-01-25 21:36 - 2015-01-26 11:43 - 00000000 ____D () C:\Qoobox
2015-01-25 21:34 - 2015-01-30 02:54 - 00000000 ____D () C:\AdwCleaner
2015-01-14 04:44 - 2015-01-14 04:44 - 00017320 _____ () C:\Users\John\Downloads\Voucher.htm
2015-01-14 04:39 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:39 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:39 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:39 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:39 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:39 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:39 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:39 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:39 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:39 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:39 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:39 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 04:39 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 07:54 - 2015-01-26 16:32 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 07:54 - 2015-01-26 11:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-13 07:53 - 2015-01-13 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2015-01-12 14:05 - 2015-01-12 14:05 - 00001577 _____ () C:\DelFix.txt
2015-01-10 10:44 - 2015-01-26 11:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouGovPulse
2015-01-10 10:44 - 2015-01-26 11:43 - 00000000 ____D () C:\Users\John\AppData\Local\YouGovPulse
2015-01-10 10:44 - 2015-01-10 10:44 - 00000000 ____D () C:\Users\John\AppData\Local\Wakoopa Shared
2015-01-10 08:10 - 2015-01-26 11:43 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore
2015-01-09 10:30 - 2015-01-09 10:06 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-09 10:05 - 2015-01-09 10:05 - 00001052 _____ () C:\EamClean.log
2015-01-07 23:09 - 2015-01-07 23:09 - 00000000 ____D () C:\feff28e8cecdc0577758d41daa3c39
2015-01-07 23:04 - 2015-01-07 23:04 - 00001827 _____ () C:\anti-malware.txt
2015-01-07 22:31 - 2015-01-12 14:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 06:00 - 2015-01-07 06:00 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-07 05:43 - 2015-01-11 11:49 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-07 05:43 - 2015-01-07 05:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-07 05:38 - 2015-01-26 11:45 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-06 04:11 - 2014-11-21 08:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-06 04:11 - 2014-11-21 07:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-06 04:10 - 2014-11-21 08:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-06 04:10 - 2014-11-21 08:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-06 04:10 - 2014-11-21 08:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-06 04:10 - 2014-11-21 08:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-06 04:10 - 2014-11-21 08:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-06 04:10 - 2014-11-21 08:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-06 04:10 - 2014-11-21 07:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-06 04:10 - 2014-11-21 07:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-06 04:10 - 2014-11-21 07:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-06 04:10 - 2014-11-21 07:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-06 04:10 - 2014-11-21 07:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-06 04:10 - 2014-11-21 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-06 04:10 - 2014-11-21 07:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-06 04:10 - 2014-11-21 07:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-06 04:10 - 2014-11-21 06:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-06 04:10 - 2014-11-21 06:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-06 04:10 - 2014-11-21 06:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-06 04:10 - 2014-11-21 06:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-06 04:10 - 2014-11-21 05:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-06 02:50 - 2015-01-06 02:50 - 00000000 ____D () C:\Windows\Panther
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 17:32 - 2014-11-14 14:48 - 00000000 ____D () C:\Users\John\AppData\Local\HP
2015-01-30 17:31 - 2014-11-12 13:30 - 01469735 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 17:29 - 2014-11-14 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-30 17:29 - 2014-11-14 14:49 - 00000000 ____D () C:\ProgramData\HP
2015-01-30 17:29 - 2014-11-14 14:49 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-30 17:23 - 2014-11-12 14:15 - 00059640 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 16:54 - 2014-11-13 16:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 16:54 - 2014-11-13 16:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 16:31 - 2009-07-14 04:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 16:31 - 2009-07-14 04:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 16:29 - 2014-11-12 14:41 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 16:29 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 16:24 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 16:24 - 2009-07-14 04:51 - 00046050 _____ () C:\Windows\setupact.log
2015-01-30 02:29 - 2010-11-21 03:47 - 00017864 _____ () C:\Windows\PFRO.log
2015-01-30 01:25 - 2014-11-12 14:44 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-30 01:25 - 2014-11-12 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-29 21:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-27 12:55 - 2014-11-13 16:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 12:06 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 12:57 - 2009-07-14 05:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-26 11:46 - 2014-11-12 13:30 - 00000000 ____D () C:\Users\John
2015-01-26 11:45 - 2014-11-13 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 11:45 - 2014-11-13 16:46 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-26 11:45 - 2014-11-13 16:46 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-26 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-26 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-26 00:55 - 2011-04-12 08:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-26 00:42 - 2014-11-12 15:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-25 22:24 - 2014-11-12 13:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
2015-01-16 04:46 - 2014-11-12 16:56 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 04:52 - 2014-11-12 15:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 05:30 - 2014-11-13 16:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 04:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-09 10:22 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-06 02:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-05 17:58 - 2014-11-12 13:42 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-05 17:58 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
 
==================== Files in the root of some directories =======
 
2015-01-30 17:29 - 2015-01-30 17:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-12 13:42 - 2014-11-12 13:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 09:51
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 01 February 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your log.

This one looks like a typing error.

HKU\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn%20uk%20-%20outrlook.com/

You are referencing outRlook.com and not outlook.com
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

If the problem persists continue

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#3 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 01 February 2015 - 11:48 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/1/2015
Scan Time: 4:20:49 PM
Logfile: file.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.01.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321885
Time Elapsed: 6 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

still no change.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 01 February 2015 - 02:30 PM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If the probleme persists continue with this scan.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#5 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 01 February 2015 - 05:15 PM

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : John [Administrator]
Mode : Delete -- Date : 02/01/2015  22:14:45
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://msn%20uk%20-%20outrlook.com/  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://msn%20uk%20-%20outrlook.com/  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10636F70-F92F-416E-9511-925AF5AB6E95} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{10636F70-F92F-416E-9511-925AF5AB6E95} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{10636F70-F92F-416E-9511-925AF5AB6E95} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> Replaced ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deleted
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-9YN162 SCSI Disk Device +++++
--- User ---
[MBR] 07c40b90ba46157bc26f3bb0dd73af81
[BSP] 4fb4bd0e5683a1a010ce932305da3fb9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_01072015_061409.log - RKreport_DEL_01082015_105531.log - RKreport_SCN_01072015_061316.log - RKreport_SCN_01072015_061338.log
RKreport_SCN_01072015_061505.log - RKreport_SCN_01072015_061640.log - RKreport_SCN_01082015_063633.log - RKreport_SCN_01082015_063644.log
RKreport_SCN_01082015_063648.log - RKreport_SCN_01082015_063702.log - RKreport_SCN_01082015_063707.log - RKreport_SCN_01082015_063712.log
RKreport_SCN_01082015_063716.log - RKreport_SCN_01082015_063719.log - RKreport_SCN_01082015_063905.log - RKreport_SCN_01082015_105520.log
RKreport_SCN_01092015_234015.log - RKreport_SCN_01092015_234020.log - RKreport_SCN_01092015_234026.log - RKreport_SCN_01092015_234036.log
RKreport_SCN_01092015_234048.log - RKreport_SCN_01092015_234054.log - RKreport_SCN_01092015_234100.log - RKreport_SCN_01092015_234105.log
RKreport_SCN_01102015_033904.log - RKreport_SCN_01102015_104824.log - RKreport_SCN_01112015_114913.log - RKreport_SCN_02012015_221348.log


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 02 February 2015 - 08:43 AM

How is the computer running now?

#7 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 02 February 2015 - 01:38 PM

It is still the same.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 03 February 2015 - 08:25 AM

Reset your HOSTS file.

Refer to this Microsoft page and select the Fix it button.
https://support.microsoft.com/kb/972034

Restart the computer normally.


Lets see what we can find in the Registry.

Please run the Farbar Recovery Scan Tool. Enter seektoexplore in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 03 February 2015 - 01:11 PM

Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by John at 2015-02-03 18:10:53
Running from C:\Users\John\Downloads
Boot Mode: Normal
 
================== Search Registry: "seektoexplore" ===========
 
 
====== End Of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 03 February 2015 - 02:13 PM

What is the exact issue with this computer.

#11 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 03 February 2015 - 04:00 PM

I get my e-mails blocked from both sending and receiving, blocked from visiting some webpages, programmes on-line disturbed and sent to seektoexplore webpages rather than Google.  I can find absolutely nothing on my computer that should not be there.  I have a check list if anything is wrong with my computer.  I check msconfig, regedit and task manager and then check downloads, programs and a few things in settings but have found nothing.  Checking them a lot gives me a very good idea of what should be there.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 04 February 2015 - 08:23 AM

What do you use as your e-mail program? (outlook, Windows Live email, Gmail)

There could be a malformed message in your folders. Delete any that you do not want to keep.

#13 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 04 February 2015 - 02:45 PM

I use Sky e-mail.  Removed all I do not need to keep.  I found a few viruses in my task manager and removed them but things still the same.  Thanks for your help.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 05 February 2015 - 09:25 AM


I suggest you contact them and see if they can identify the problem.
https://contactus.sky.com/uk

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 AM

Posted 11 February 2015 - 08:38 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users