Jump to content

Jenno

Members
  • Posts

    9
  • Joined

  • Last visited

Posts posted by Jenno

  1.  Results of screen317's Security Check version 0.99.80  

     Windows 7 Service Pack 1 x64 (UAC is enabled)  

     Internet Explorer 11  

    ``````````````Antivirus/Firewall Check:`````````````` 

     Windows Firewall Enabled!  

    Microsoft Security Essentials   

     Antivirus up to date!  

    `````````Anti-malware/Other Utilities Check:````````` 

     Malwarebytes Anti-Malware version 1.75.0.1300  

     Java 7 Update 51  

     Adobe Flash Player 12.0.0.77  

     Adobe Reader 10.1.9 Adobe Reader out of Date!  

     Mozilla Firefox 24.0 Firefox out of Date!  

     Google Chrome 33.0.1750.146  

     Google Chrome 33.0.1750.154  

    ````````Process Check: objlist.exe by Laurent````````  

     Microsoft Security Essentials MSMpEng.exe 

     Microsoft Security Essentials msseces.exe 

     Malwarebytes Anti-Malware mbamservice.exe  

     Malwarebytes Anti-Malware mbamgui.exe  

     Malwarebytes' Anti-Malware mbamscheduler.exe   

    `````````````````System Health check````````````````` 

     Total Fragmentation on Drive C: 4% 

    ````````````````````End of Log`````````````````````` 
  2. Here is my Roguekiller File also: 

    RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
     
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Adam Jennings [Admin rights]
    Mode : Scan -- Date : 03/13/2014 22:19:41
    | ARK || FAK || MBR |
     
    ¤¤¤ Bad processes : 0 ¤¤¤
     
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
     
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
     
    ¤¤¤ Startup Entries : 0 ¤¤¤
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ Browser Addons : 0 ¤¤¤
     
    ¤¤¤ Particular Files / Folders: ¤¤¤
     
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
     
    ¤¤¤ External Hives: ¤¤¤
     
    ¤¤¤ Infection :  ¤¤¤
     
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts
     
     
    127.0.0.1       localhost
     
     
    ¤¤¤ MBR Check: ¤¤¤
     
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050A7E380 SATA Disk Device +++++
    --- User ---
    [MBR] 8e0564afd3fce2d9e6f55993a225ea75
    [bSP] 5a9dc81069b736c6ab27b3015b1cc071 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457131 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 936613888 | Size: 19505 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
     
    Finished : << RKreport[0]_S_03132014_221941.txt >>
  3. Hi Again MrC, thank you for your patience.

     

    I cannot figure out how to attach the log so I will copy and paste it within here

    First is my  DDS: 

     DDS (Ver_2012-11-20.01) - NTFS_AMD64 

    Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
    Run by Adam Jennings at 21:58:42 on 2014-03-13
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5600.2456 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\alg.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\World of Warcraft\Wow-64.exe
    C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Adam Jennings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\1435553502D2024435C4D2E4535355 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\14E2A4 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\244584572643D284648415 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\2456C6B696E6F5933403933443 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{132BD046-06B3-48CE-9CA9-8952C3FACADB}\35B4951333730333 : DHCPNameServer = 192.168.0.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adam Jennings\AppData\Roaming\Mozilla\Firefox\Profiles\ls18bu35.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo!
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-1-24 72216]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-7-10 134696]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-7-10 615976]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-7-10 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-10 39976]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
    R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-7-10 293480]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-10 685160]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-10 56448]
    R4 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
    S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 SmbDrvAMDASF;SmbDrvAMDASF;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-3-27 26384]
    S3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-3-27 27408]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-25 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-03-13 21:33:15 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D33BC54-F8A3-4F28-A142-D6624434DF90}\mpengine.dll
    2014-03-13 21:15:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-03-13 21:15:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-11 20:53:06 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-03-11 20:50:38 -------- d-----w- C:\Program Files\ATI Technologies
    2014-03-11 19:01:05 -------- d-----w- C:\_OTL
    2014-03-10 20:32:17 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-08 10:23:07 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6F6C960-DC66-4AF8-B5A7-D3231953B4AD}\gapaengine.dll
    2014-03-07 11:35:01 -------- d-----w- C:\Users\Adam Jennings\AppData\Local\Skype
    2014-03-07 11:34:40 -------- d-----r- C:\Program Files (x86)\Skype
    2014-03-06 23:57:54 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-06 23:42:51 98816 ----a-w- C:\Windows\sed.exe
    2014-03-06 23:42:51 256000 ----a-w- C:\Windows\PEV.exe
    2014-03-06 23:42:51 208896 ----a-w- C:\Windows\MBR.exe
    2014-02-28 19:50:29 -------- d-----w- C:\Windows\Migration
    2014-02-13 19:49:22 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 19:49:22 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-13 19:48:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-13 19:48:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-13 19:48:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-02-13 19:48:00 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-02-13 19:48:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2014-02-13 19:48:00 235224 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2014-02-12 21:16:06 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 21:16:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 21:16:04 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-12 21:16:04 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    .
    ==================== Find3M  ====================
    .
    2014-03-13 21:10:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-13 21:10:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-01-20 13:35:10 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2014-01-20 13:35:06 35656 ----a-w- C:\Windows\System32\LMIport.dll
    2014-01-20 13:35:04 92488 ----a-w- C:\Windows\System32\LMIinit.dll
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-18 21:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 22:00:58.24 ===============
     
     
    Second is my Attach: 
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/09/2012 20:24:38
    System Uptime: 13/03/2014 19:45:50 (3 hours ago)
    .
    Motherboard: Hewlett-Packard |  | 18DE
    Processor: AMD A6-4455M APU with Radeon HD Graphics    | Socket FT1 | 2100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 308.097 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 2.07 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer: 
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP198: 13/02/2014 19:47:17 - Windows Modules Installer
    RP199: 14/02/2014 22:04:18 - Windows Update
    RP200: 15/02/2014 13:02:45 - Removed LogMeIn
    RP201: 15/02/2014 13:05:54 - Removed TortoiseSVN 1.8.4.24972 (64 bit)
    RP202: 15/02/2014 13:10:03 - Removed Apple Application Support
    RP203: 15/02/2014 13:18:33 - Removed iTunes
    RP204: 16/02/2014 01:07:40 - Windows Update
    RP205: 19/02/2014 21:05:15 - Windows Update
    RP206: 23/02/2014 19:23:32 - Windows Update
    RP207: 26/02/2014 20:19:51 - Windows Update
    RP210: 02/03/2014 10:30:00 - Windows Update
    RP211: 05/03/2014 21:39:01 - Windows Update
    RP213: 09/03/2014 14:29:11 - Windows Update
    RP214: 11/03/2014 20:33:10 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    RP215: 11/03/2014 20:35:04 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    RP217: 13/03/2014 21:09:53 - Windows Modules Installer
    RP218: 13/03/2014 21:31:37 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader X (10.1.9) MUI
    Adobe Shockwave Player 11.6
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In 
    AMD Wireless Display v3.0
    Apple Software Update
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    Broadcom Bluetooth Software
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Counter-Strike: Global Offensive
    Counter-Strike: Source
    Curse Client
    CyberLink YouCam
    Dota 2
    ESU for Microsoft Windows 7 SP1
    Google Chrome
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.2.2.3
    HP 3D DriveGuard
    HP Auto
    HP CoolSense
    HP Customer Experience Enhancements
    HP Documentation
    HP Launch Box
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Recovery Manager
    HP Security Assistant
    HP Setup
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Java 7 Update 51
    Java Auto Updater
    Logitech Gaming Software
    Logitech Gaming Software 8.35
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    opensource
    PlayReady PC Runtime x86
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Skype™ 6.14
    Steam
    swMSM
    Synaptics Pointing Device Driver
    TeamSpeak 3 Client
    Ventrilo Client for Windows x64
    Windows Live Mesh ActiveX Control for Remote Connections
    World of Warcraft
    World of Warcraft Public Test
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/03/2014 21:14:56, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    11/03/2014 20:50:42, Error: Service Control Manager [7000]  - The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
    11/03/2014 19:42:13, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  NetworkX
    11/03/2014 19:42:09, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
    11/03/2014 19:42:03, Error: Service Control Manager [7000]  - The Crypkey License service failed to start due to the following error:  The system cannot find the file specified.
    11/03/2014 19:40:57, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  4. Hi there, 

    I recently downloaded an application and managed to obtain this annoying infection!

    Now I have followed the steps on a previous post earlier this year from MrC, using OTL...

     

    Now, according to his steps and using OTL it should have been removed, unfortunately though it seems that it hasn't when I open up another Google chrome browser, please help! unsure of what to do next!

    Please see attached my log:

     

    All processes killed
    ========== OTL ==========
    Prefs.js: "Yahoo" removed from browser.search.defaultenginename
    Prefs.js: "chr-greentree_ff&ilc=12&type=800236" removed from browser.search.param.yahoo-fr
    Prefs.js: "Yahoo" removed from browser.search.selectedEngine
    Prefs.js: "http://search.yahoo....=spigot-yhp-ff" removed from browser.startup.homepage
    Prefs.js: "http://search.yahoo....type=800236&p=" removed from keyword.URL
    ========== COMMANDS ==========
     
    [EMPTYJAVA]
     
    User: Adam Jennings
    ->Java cache emptied: 0 bytes
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: Adam Jennings
    ->Temp folder emptied: 36335 bytes
    ->Temporary Internet Files folder emptied: 677188 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6833650 bytes
    ->Flash cache emptied: 0 bytes
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
    ->Temp folder emptied: 0 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2356 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 7.00 mb
     
     
    [EMPTYFLASH]
     
    User: Adam Jennings
    ->Flash cache emptied: 0 bytes
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 03112014_194057
     
    Files\Folders moved on Reboot...
    C:\Users\Adam Jennings\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Adam Jennings\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
     
    PendingFileRenameOperations files...
     
    Registry entries deleted on Reboot...
     
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.