Jump to content

dst12345

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dst12345
    Nothing popped up overnight, looks good so far. Here is checkup.txt Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader XI Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. dst12345
    Here are the logs, so far so good. Will not know if the offending pup is gone until it runs overnight, here are logs: # AdwCleaner v2.306 - Logfile created 07/29/2013 at 19:40:30 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Family - LIVING # Boot Mode : Normal # Running from : C:\Users\Family\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : APNMCP ***** [Files / Folders] ***** File Deleted : C:\Windows\Tasks\DSite.job Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\AskPartnerNetwork Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Family\AppData\Local\Temp\APN Folder Deleted : C:\Users\Family\AppData\Roaming\DSite ***** [Registry] ***** Key Deleted : HKCU\Software\AskPartnerNetwork Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Somoto Toolbar Key Deleted : HKLM\Software\AskPartnerNetwork Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [6258 octets] - [29/07/2013 19:09:25] AdwCleaner[s1].txt - [6378 octets] - [29/07/2013 19:40:30] ########## EOF - C:\AdwCleaner[s1].txt - [6438 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.8 (07.29.2013:2) OS: Windows 7 Home Premium x64 Ran by Family on Mon 07/29/2013 at 19:46:37.00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Family\appdata\locallow\somototoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\somototoolbar" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 07/29/2013 at 19:51:08.75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Family :: LIVING [administrator] Protection: Enabled 7/29/2013 7:55:36 PM mbam-log-2013-07-29 (19-55-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231430 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Family\AppData\Local\Temp\is357113909\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. (end)
  3. dst12345
    Don't see anything I want to keep, in fact I see some things that I tried to uninstall... # AdwCleaner v2.306 - Logfile created 07/29/2013 at 19:09:25 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Family - LIVING # Boot Mode : Normal # Running from : C:\Users\Family\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : APNMCP ***** [Files / Folders] ***** File Found : C:\Windows\Tasks\DSite.job Folder Found : C:\Program Files (x86)\AskPartnerNetwork Folder Found : C:\Program Files (x86)\Ilivid Folder Found : C:\ProgramData\APN Folder Found : C:\ProgramData\AskPartnerNetwork Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Family\AppData\Local\Temp\APN Folder Found : C:\Users\Family\AppData\Roaming\DSite ***** [Registry] ***** Key Found : HKCU\Software\AskPartnerNetwork Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Somoto Toolbar Key Found : HKLM\Software\AskPartnerNetwork Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\Software\systweak Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Tarma Installer Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [6141 octets] - [29/07/2013 19:09:25] ########## EOF - C:\AdwCleaner[R1].txt - [6201 octets] ##########
  4. dst12345
    If I leave my browser open (typically overnight) I receive a pop under with "Sponsorship" on the tab. The webpage has a link which wants to direct me to "Update media player HD (required)" DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by Family at 16:52:01 on 2013-07-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4484 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Sammsoft Toolbar: {5853442D-5637-006A-76A7-7A786E7484D7} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Sammsoft Toolbar: {5853442D-5637-006A-76A7-7A786E7484D7} - uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" StartupFolder: C:\Users\Family\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-20 77952] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-20 37504] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-20 202752] R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-7-29 168400] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456] R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-20 244624] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-1 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-1 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-1 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-20 1014624] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-20 346144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-30 57856] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 SaiH053C;SaiH053C;C:\Windows\System32\drivers\SaiH053C.sys [2007-5-1 171144] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-2-21 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-25 1255736] . =============== Created Last 30 ================ . 2013-07-13 02:55:00 -------- d-----w- C:\Users\Family\AppData\Local\ElevatedDiagnostics 2013-07-11 10:45:51 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-11 10:45:51 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-06 14:19:21 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E7D083E-E014-44DF-87FA-0EB2EE403CFA}\mpengine.dll 2013-07-01 22:38:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-01 22:37:11 -------- d-----w- C:\ProgramData\AskPartnerNetwork 2013-07-01 22:37:11 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork 2013-07-01 22:36:36 -------- d-----w- C:\ProgramData\APN 2013-07-01 22:35:34 -------- d-----w- C:\Users\Family\AppData\Local\Programs . ==================== Find3M ==================== . 2013-06-20 00:52:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-20 00:52:29 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-20 00:52:28 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-12 12:06:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 12:06:58 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 16:52:39.17 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.