Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Salus Virus Help


  • This topic is locked This topic is locked
4 replies to this topic

#1 acircle

acircle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 25 February 2015 - 04:38 PM

I hope this is the right spot for htis please tell me if I need to repost elsewhere..

 

I am stuck with Salus I have run Adwcleaner, combofix, malwarebytes and spybots&d

 

it's still giving me fits along with the virus telling me to call an 800 number for removal instructions, ummm I'm at a loss...need help.

 

this is the log from rkill

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/25/2015 12:25:45 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\Ati2evxx.exe (PID: 916) [WD-HEUR]
 * C:\WINDOWS\system32\Ati2evxx.exe (PID: 1448) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 03/26/2009 01:58 PM : 362bc5af8eaf712832c58cc13ae05750 [NoSig]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/25/2015 12:26:53 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)
 

 

 

The log from checkup

 Results of screen317's Security Check version 0.99.97  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (36.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

the log from the toolbox

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Owner (administrator) on 25-02-2015 at 12:28:51
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection 4 (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : owner-4302ca3a7

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : attlocal.net



Ethernet adapter Local Area Connection 4:



        Connection-specific DNS Suffix  . : attlocal.net

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-19-D1-66-F9-BF

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.5

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Wednesday, February 25, 2015 6:29:40 AM

        Lease Expires . . . . . . . . . . : Thursday, February 26, 2015 6:29:40 AM

Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.224.33, 74.125.224.38, 74.125.224.34, 74.125.224.36
      74.125.224.40, 74.125.224.41, 74.125.224.46, 74.125.224.35, 74.125.224.39
      74.125.224.32, 74.125.224.37



Pinging google.com [74.125.224.38] with 32 bytes of data:



Reply from 74.125.224.38: bytes=32 time=24ms TTL=55

Reply from 74.125.224.38: bytes=32 time=23ms TTL=55



Ping statistics for 74.125.224.38:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 23ms, Maximum = 24ms, Average = 23ms

Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=97ms TTL=48

Reply from 98.138.253.109: bytes=32 time=95ms TTL=48



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 95ms, Maximum = 97ms, Average = 96ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 66 f9 bf ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.5      1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.5     192.168.1.5      20
      192.168.1.5  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.5     192.168.1.5      20
        224.0.0.0        240.0.0.0      192.168.1.5     192.168.1.5      20
  255.255.255.255  255.255.255.255      192.168.1.5     192.168.1.5      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2015 11:06:08 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (02/25/2015 11:06:08 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (02/25/2015 11:06:08 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (02/08/2015 01:55:31 PM) (Source: MsiInstaller) (User: OWNER-4302CA3A7)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (08/30/2014 10:26:47 PM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (08/14/2014 10:33:22 AM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.


System errors:
=============
Error: (02/25/2015 00:25:56 PM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 06:42:15 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Diskeeper service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The UMVPFSrv service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 09:56:38 AM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/24/2015 00:16:01 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde
SISAGP
siside


Microsoft Office Sessions:
=========================
Error: (05/26/2014 09:37:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75430 seconds with 840 seconds of active time.  This session ended with a crash.



=========================== Installed Programs ============================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.561-081201a1-072281E-ATI - )
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Diskeeper Professional Premier Edition (HKLM\...\{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}) (Version: 10.0.593 - Diskeeper Corporation)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
K-Lite Mega Codec Pack 1.53 (HKLM\...\KLiteCodecPack_is1) (Version: 1.53 - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Medical Terminology -  A Programmed Systems Approach (HKLM\...\Medical Terminology -  A Programmed Systems Approach_is1) (Version:  - Delmar Learning)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6201 - Realtek Semiconductor Corp.)
Saver2 (HKLM\...\Saver2) (Version: 1.3.2 - ZZJ)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC)
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version:  - )
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956096) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BC0B6553-7271-4D52-A076-E9A4780611E8}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2037.89 MB
Available physical RAM: 1474.3 MB
Total Pagefile: 4956.22 MB
Available Pagefile: 4514.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.26 GB) (Free:4.97 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-4302CA3A7

Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

24-01-2015 01:46:32 System Checkpoint
25-01-2015 03:02:44 System Checkpoint
26-01-2015 06:16:41 System Checkpoint
27-01-2015 07:05:45 System Checkpoint
28-01-2015 10:17:23 System Checkpoint
29-01-2015 13:52:46 System Checkpoint
30-01-2015 14:05:11 System Checkpoint
31-01-2015 15:38:18 System Checkpoint
01-02-2015 16:30:49 System Checkpoint
02-02-2015 16:45:10 System Checkpoint
03-02-2015 17:05:48 System Checkpoint
05-02-2015 07:51:09 System Checkpoint
05-02-2015 22:03:36 Installed Windows XP KB942288-v3.
05-02-2015 22:04:12 LavasoftWeCompanion
05-02-2015 22:23:58 LavasoftWeCompanion
05-02-2015 22:25:06 Removed Renesas Electronics USB 3.0 Host Controller Driver
06-02-2015 23:49:24 System Checkpoint
08-02-2015 02:20:44 System Checkpoint
08-02-2015 22:08:53 Removed Pro PC Cleaner
09-02-2015 23:16:21 System Checkpoint
11-02-2015 06:56:33 System Checkpoint
11-02-2015 11:00:44 Software Distribution Service 3.0
12-02-2015 11:37:45 System Checkpoint
13-02-2015 12:20:43 System Checkpoint
14-02-2015 12:40:39 System Checkpoint
16-02-2015 08:07:08 System Checkpoint
17-02-2015 09:54:30 System Checkpoint
18-02-2015 12:27:37 System Checkpoint
19-02-2015 12:47:08 System Checkpoint
20-02-2015 13:20:54 System Checkpoint
21-02-2015 13:31:24 System Checkpoint
22-02-2015 13:39:40 System Checkpoint
23-02-2015 14:39:46 System Checkpoint
24-02-2015 17:11:44 System Checkpoint
25-02-2015 17:30:45 System Checkpoint

**** End of log ****
 

 

what else do I need to run or post or do...help...



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:05 AM

Posted 25 February 2015 - 08:50 PM

Hello, having run ComboFix... post that log with the others above in a new topic here..

Virus, Trojan, Spyware, and Malware Removal Logs

Let me know if that went well.

Edited by boopme, 26 February 2015 - 11:17 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 acircle

acircle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 26 February 2015 - 02:34 AM

I ran Adwcleaner yesterday this is the log file from that program

 

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 09:53:06
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - OWNER-4302CA3A7
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : tStLibG

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Owner\Desktop\Goodgame Empire.lnk
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\WINDOWS\system32\drivers\netfilter.sys
File Found : C:\WINDOWS\system32\drivers\tStLibG.sys
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\All Users\Application Data\264c84a6d44ab27b
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FLV Player
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\globalUpdate
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Pro_PC_Cleaner
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\Owner\My Documents\ProPCCleaner
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apgkjeighnlpcdndeokibicheeneehcg
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch
Folder Found : C:\Program Files\BrowseMark
Folder Found : C:\Program Files\FLV Player
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\Shop For Rewards
Folder Found : C:\WINDOWS\FLV Player

***** [ Scheduled tasks ] *****

Task Found : pcreg
Task Found : ProPCCleaner_Popup
Task Found : RegistryDr_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:14145;hxxps=127.0.0.1:14145
Key Found : HKCU\Software\Adknowledge
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
Key Found : HKCU\Software\ProPCCleanerConfig
Key Found : HKCU\Software\ProPCCleanerLanguage
Key Found : HKCU\Software\SaveDailyDeals
Key Found : HKCU\Software\USyndication
Key Found : HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{787D3F9B-69C6-427C-BF55-4419F932474A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0902EBD9-C5B4-4400-8CF1-7ACA8E8805D9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\dlQUE
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
Key Found : HKLM\SOFTWARE\NpApp
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CrashMon]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://tikotin.com

-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN98918890131178947&ctid=CT3101810&UM=2
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20111146,18047,0,0,6434&p={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCyC0Fzy0B0FtB0DyEyDtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzztD0EtDyByEtDtGzz0CtCyCtGzy0EyDtAtGtA0D0B0BtGyCtAyDtA0BtC0F0EyEtD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDzy0ByB0B0EzytGzy0CyB0BtGyBtA0CtAtG0C0B0D0EtGtD0AtC0F0DtBzyyB0D0F0E0A2Q&cr=1553854479&ir=
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326229&octid=EB_ORIGINAL_CTID&ISID=MF1EDF907-2229-41BB-AD5B-6863E694643E&SearchSource=58&CUI=&UM=2&UP=SPA311726A-37BA-4E70-AEE8-E4B71BD2DE5A&q={searchTerms}&SSPV=
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCyC0Fzy0B0FtB0DyEyDtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyC0CtAyDtCtG0B0DyC0FtG0B0EtAyBtGyD0DzyyCtGyBtBzzyD0AyByB0F0CyD0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyEzyyE0B0EzztGzyyB0AtBtGyEzytAyDtGzz0BtDyEtG0CtCtA0AtCyDyC0AyB0A0BtD2Q&cr=962774957&ir=
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCyC0Fzy0B0FtB0DyEyDtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyC0CtAyDtCtG0B0DyC0FtG0B0EtAyBtGyD0DzyyCtGyBtBzzyD0AyByB0F0CyD0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyEzyyE0B0EzztGzyyB0AtBtGyEzytAyDtGzz0BtDyEtG0CtCtA0AtCyDyC0AyB0A0BtD2Q&cr=962774957&ir=

-\\ Comodo Dragon v


-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [9681 bytes] - [26/04/2014 10:33:30]
AdwCleaner[R1].txt - [16830 bytes] - [24/02/2015 09:53:06]
AdwCleaner[S0].txt - [9568 bytes] - [26/04/2014 10:35:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [16949 bytes] ##########
 



#4 acircle

acircle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 26 February 2015 - 02:40 AM

I'm not sure where the log file lives for spybot s&d but when I find it I wil post it.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 26 February 2015 - 08:31 AM


I have moved (split away) your Combofix log to the Virus, Trojan, Spyware, and Malware Removal Logs forum (here) as they are not permitted in this forum.

Please go here, click on the Follow this topic button in the upper right corner and select Immediate Notification to subscribe to that topic so you are notified when a helper replies.

Now that your new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the information or any log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers but your topic will be reviewed and answered as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

I advise checking your new topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users