Jump to content

hrinky

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

640 profile views
  1. Thanks Kevin, No AdwCleaner log popped up when I rebooted, so I just went and found two text files in the AdwCleaner/Logs folder. I attached them both. Everything else is attached. The MSRT log only goes through April 30th as far as I can tell, but the scan results said no malicious software detected. I'll let you know if the issues persist. I'll be busy changing all my passwords in the meantime. - KateAdwCleaner[C00].txtmrtlog.txtAdwCleaner[S00].txtFixlog.txt
  2. I was able to get Windows Defender to start, but when I ran Malwarebytes at 12:09pm I had 0 threats and this report I'm sending from 4:47 had 47 threats. I've done nothing on my computer in those 4 hours. Files attached. Thanks, Kate Addition.txt FRST.txt malwarebytes scan report.txt
  3. I can't start my Security Center Service on my machine. When I go to Security Center Properties , I set Startup Type as Automatic (Delayed Start), but the Start button is not available to click. I have been bombarded with Trojans according to my Malwarebytes Premium that is currently running. I know I have been hacked pretty badly and am pretty sure my McAfee was hacked as well because I kept getting alerts from Malwarebytes citing a McAfee folder as the source, so I removed that (bye bye subscription money), and now I have absolutely no AV on my machine. I'd like to clean install McAfee again, but I'm not sure if I'll just end up with another compromised McAfee product. My computer is doing crazy things. So is my phone for that matter, which is also running Malwarebytes Premium. I need to get this malware out of my system, but the last Malwarebytes scan I ran reported zero threats. Help!
  4. Thanks so much for your time. I'll see if things run smoothly for the next little while. If I never see Yahoo again it will be too soon.
  5. Well, everything seemed to load correctly that time. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2014 01Ran by hrinky at 2014-01-12 17:23:00 Run:2Running from C:\Users\hrinky\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************CHR Extension: (HelperApps ) - C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgeokclehepckaodmhdbgonfpddejg\5.0.0.0_0 [2014-01-01]CHR Extension: (AT_Nintea) - C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0 [2013-12-04]***************** C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgeokclehepckaodmhdbgonfpddejg => Moved successfully. "C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf" directory move: Could not move "C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\Cached Theme.pak" => Scheduled to move on reboot.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\manifest.json => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUY2YYDDA => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUY3IYDDA => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYrsIEDA => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYspYDDA => Moved successfully.Could not move "C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf" directory. => Scheduled to move on reboot. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-12 17:24:29)<= "C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf\2_0\Cached Theme.pak" => File could not move."C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcpkpkbafcgpdnfhjdnckameaflpfbf" => Directory could not move. ==== End of Fixlog ====
  6. I do not recognize those extensions. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2014 01Ran by hrinky at 2014-01-12 17:11:53 Run:1Running from C:\Users\hrinky\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {532D783B-0DF1-422F-A45B-369081B6A9B9} URL = SearchScopes: HKCU - {9B5873D6-013E-456E-BD97-B44446D040F6} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741SearchScopes: HKCU - {DC0356F5-D7DB-4EBE-A3EA-39B017E1E49F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}SearchScopes: HKCU - {ECCF36E4-FFC3-4D31-B7A5-8019EB3BDF8E} URL = http://search.findwide.com/serp?guid={3487A8E4-C54D-452D-ADF6-657B2BDA3B09}&action=default_search&serpv=22&k={searchTerms}BHO: HelperApps - {9309F1DB-7211-3137-EFB3-660AB52218E6} - C:\Program Files (x86)\HelperApps\petn64.dll ()BHO: TidyNetwork - {9A01FDC7-653A-3602-F0B2-0D0AB52218E6} - C:\Program Files (x86)\TidyNetwork\petn64.dll No FileToolbar: HKLM - FindWide Toolbar - {F88A658F-32ED-4E49-93A7-86B65D6064AA} - C:\Users\hrinky\AppData\Local\TNT2\Profiles\10741\passport64.dll No FileCHR Extension: (MyWordTool) - C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 [2014-01-01]CHR Extension: (FindWide Toolbar) - C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfcpgabeneekkilikdmkambiniogobj\1.0.0.0_0 [2014-01-01]CHR Extension: (TidyNetwork ) - C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpmffeloojanbfpjigpdmgdblaocmhl\5.0.0.0_0 [2014-01-01]CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-12-11]CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-10-30] ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{532D783B-0DF1-422F-A45B-369081B6A9B9} => Key deleted successfully.HKCR\CLSID\{532D783B-0DF1-422F-A45B-369081B6A9B9} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B5873D6-013E-456E-BD97-B44446D040F6} => Key deleted successfully.HKCR\CLSID\{9B5873D6-013E-456E-BD97-B44446D040F6} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC0356F5-D7DB-4EBE-A3EA-39B017E1E49F} => Key deleted successfully.HKCR\CLSID\{DC0356F5-D7DB-4EBE-A3EA-39B017E1E49F} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECCF36E4-FFC3-4D31-B7A5-8019EB3BDF8E} => Key deleted successfully.HKCR\CLSID\{ECCF36E4-FFC3-4D31-B7A5-8019EB3BDF8E} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9309F1DB-7211-3137-EFB3-660AB52218E6} => Key deleted successfully.HKCR\CLSID\{9309F1DB-7211-3137-EFB3-660AB52218E6} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A01FDC7-653A-3602-F0B2-0D0AB52218E6} => Key deleted successfully.HKCR\CLSID\{9A01FDC7-653A-3602-F0B2-0D0AB52218E6} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F88A658F-32ED-4E49-93A7-86B65D6064AA} => Value deleted successfully.HKCR\CLSID\{F88A658F-32ED-4E49-93A7-86B65D6064AA} => Key deleted successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfcpgabeneekkilikdmkambiniogobj => Moved successfully.C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpmffeloojanbfpjigpdmgdblaocmhl => Moved successfully. ==== End of Fixlog ====
  7. Chrome. It's even happening on secure websites (banking etc..). My google search page keeps giving me a Yahoo results page, which is also driving me nuts. Addition.txt FRST.txt
  8. Here is the MWB log. It only found 1 PUP to remove, but even on my navigation back to this forum site, I clicked on the link and got re-directed to some google.offer-net site that my antivirus blocked as malicious. Every time this happens (it happens whether I'm trying to open an email or a search result), I close the redirected link and then next time I click on it it opens fine. Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.12.05 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476hrinky :: HRINKY-OSU [administrator] Protection: Enabled 1/12/2014 2:53:55 PMmbam-log-2014-01-12 (14-53-55).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 383063Time elapsed: 35 minute(s), 44 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\hrinky\AppData\Local\Microsoft\Windows\INetCache\IE\Z15A8UAB\Setup[1].exe (PUP.Optional.Albrecto.A) -> Quarantined and deleted successfully. (end)
  9. Running the MWB full scan now, here is the AdwCleaner Report # AdwCleaner v3.017 - Report created 12/01/2014 at 14:46:21 # Updated 12/01/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : hrinky - HRINKY-OSU # Running from : C:\Users\hrinky\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\ProgramData\Search Protection Folder Deleted : C:\Program Files (x86)\TidyNetwork Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner Folder Deleted : C:\Program Files (x86)\Common Files\Spigot Folder Deleted : C:\Users\hrinky\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\hrinky\AppData\Roaming\optimizer pro Folder Deleted : C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj Folder Deleted : C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Folder Deleted : C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp File Deleted : C:\Users\hrinky\Desktop\Optimizer Pro.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16384 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\hrinky\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5152 octets] - [12/01/2014 14:40:52] AdwCleaner[s0].txt - [4860 octets] - [12/01/2014 14:46:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4920 octets] ##########
  10. could not run dds (I'm on W8) I uninstalled my P2P software, ran Malwarebytes which found one Pup.Optiona.Conduit.A (It's been finding quite a few of these lately). I removed that and ran RogueKiller 64bit log below RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : hrinky [Admin rights]Mode : Scan -- Date : 01/12/2014 14:09:45| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V2][sUSP PATH] HelperApps Update : C:\Users\hrinky\AppData\Local\HelperApps\petnupdate.exe - CID=JollyWalletTEST NAME=HelperApps AUTOGUID={9309F1DB-7211-3137-EFB3-660AB52218E6} [-][x][x][x] -> FOUND[V2][sUSP PATH] TidyNetwork Update : C:\Users\hrinky\AppData\Local\TidyNetwork\petnupdate.exe - CID=TRUS26 AUTOGUID={9A01FDC7-653A-3602-F0B2-0D0AB52218E6} [x][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100H +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_01122014_140945.txt >>
  11. Lately when I try to click on links on any website I get redirected to some kind of malicious website, even when I'm trying to open an email. I keep getting popup ads playing at random times as well. I've run Malwarebytes, Adaware, Spybot S&D, and Norton and nothing seems to fix it. I ran Hijack This and it told me it could't run, but then it produced a log file anyway. Posted below. Any help would be appreciated Logfile of Trend Micro HijackThis v2.0.5Scan saved at 12:38:48 PM, on 1/12/2014Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.16384) Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files (x86)\Toshiba\System Setting\TssSrv.exeC:\Program Files (x86)\Unified Remote\RemoteServer.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\hrinky\Downloads\HijackThis (2).exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJBR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-08&ent=hp&u=898BA5E7503E1740E2294952CD4C5649R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJBR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJBR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBAR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dllF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dllO2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dllO2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLLO2 - BHO: HelperApps - {9309F1DB-7211-3137-EFB3-660AB52218E6} - C:\Program Files (x86)\HelperApps\petn.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dllO3 - Toolbar: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dllO3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllO4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"O4 - HKCU\..\Run: [unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dllO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppIntegrationService - TODO: <Company name> - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exeO23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeO23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exeO23 - Service: Norton Anti-Theft (NAT) - Symantec Corporation - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\Toshiba\Teco\TecoService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe --End of file - 14496 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.