dmh1987

Members

View Profile See their activity

Posts
10
Joined
March 16, 2014
Last visited
March 18, 2014

Reputation

0 Neutral

Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Awesome! Thanks for all the help
- March 18, 2014
- 19 replies
dmh1987

MrCharlie
Thanks so much for the help MrCharlie. Awesome dogs by the way!
- March 18, 2014
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.80 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Gmer Malwarebytes Anti-Malware version 1.75.0.1300 Java SE Runtime Environment 6 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.3.300.265 Flash Player out of Date! Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
- March 18, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Seems to be working fine now. Thanks for your help. Are there any final steps or is that all?
- March 17, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Log below: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01Ran by Hotshot at 2014-03-17 21:06:27 Run:1Running from C:\Users\Hotshot\Desktop\fixBoot Mode: Normal ============================================== Content of fixlist:*****************HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ieSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {FCC664E8-590D-4C6E-80E9-182048FC8908} URL = http://uk.search.yah...&type=599486&p={searchTerms}BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileToolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileCHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No FileCHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No FileCHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll No FileCHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No FileCHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No FileCHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No FileCHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No FileCHR Plugin: (Default Plug-in) - default_plugin No FileAlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2AlternateDataStreams: C:\Users\Hotshot\Desktop\grade transcript david harshaw.jpg:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Desktop\graduation certificate_david harshaw.jpg:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Desktop\USB dump:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\applications:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\Dissertation stuff:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\Flat - Gardners Cresecent:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\H.m.d.4x05.Brought by www.OnlineMoviesTime.Com.avi:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\Jules's USB:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\LGUSBModemDriver_WHQL_ML_Ver_4.9.4_IFXG_NP:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\LimeWire:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\My Digital Editions:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\My Downloads:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\My Received Files:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\New Folder:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (2):Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (3):Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (4):Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (5):Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\samsung:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\SelfMV:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\student loan:Roxio EMC StreamAlternateDataStreams: C:\Users\Hotshot\Documents\TPIFA:Roxio EMC StreamC:\ProgramData\PKP_DLes.DATC:\ProgramData\PKP_DLet.DATC:\ProgramData\PKP_DLev.DAT ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCC664E8-590D-4C6E-80E9-182048FC8908} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{FCC664E8-590D-4C6E-80E9-182048FC8908} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll not found.C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll not found.C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll not found.C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll not found.C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL not found.C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.C:\Users\Hotshot\Desktop\grade transcript david harshaw.jpg => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Desktop\graduation certificate_david harshaw.jpg => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Desktop\USB dump => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\applications => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\Dissertation stuff => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\Flat - Gardners Cresecent => ":Roxio EMC Stream" ADS removed successfully."C:\Users\Hotshot\Documents\H.m.d.4x05.Brought by www.OnlineMoviesTime.Com.avi" => ":Roxio EMC Stream" ADS not found.C:\Users\Hotshot\Documents\Jules's USB => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\LGUSBModemDriver_WHQL_ML_Ver_4.9.4_IFXG_NP => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\LimeWire => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\My Digital Editions => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\My Downloads => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\My Received Files => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\New Folder => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\New Folder (2) => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\New Folder (3) => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\New Folder (4) => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\New Folder (5) => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\samsung => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\SelfMV => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\student loan => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Hotshot\Documents\TPIFA => ":Roxio EMC Stream" ADS removed successfully.C:\ProgramData\PKP_DLes.DAT => Moved successfully.C:\ProgramData\PKP_DLet.DAT => Moved successfully.C:\ProgramData\PKP_DLev.DAT => Moved successfully. ==== End of Fixlog ====
- March 17, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Hi FRST log below, addition log attached thanks Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01Ran by Hotshot (administrator) on HOTSHOT-PC on 17-03-2014 18:36:51Running from C:\Users\Hotshot\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Microsoft Corporation) C:\Windows\system32\msiexec.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE(Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2007-01-01] (AVAST Software)HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4452352 2007-07-23] (Realtek Semiconductor)HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)HKU\S-1-5-21-1226976259-2068338941-445209694-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-1226976259-2068338941-445209694-1000\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1046944 2013-09-03] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ieSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {FCC664E8-590D-4C6E-80E9-182048FC8908} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No FileCHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No FileCHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll No FileCHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No FileCHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No FileCHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No FileCHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No FileCHR Extension: (YouTube) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]CHR Extension: (Google Search) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]CHR Extension: (Google Wallet) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-12-22]CHR Extension: (Gmail) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-01-01] (AVAST Software)S4 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project)S4 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project)S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-01-01] (AVAST Software)R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2007-01-01] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-01-01] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2007-01-01] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2007-01-01] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2007-01-01] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2007-01-01] ()S3 phc700; C:\Windows\System32\DRIVERS\phc700.sys [644864 2006-10-16] ()S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 catchme; \??\C:\Users\Hotshot\AppData\Local\Temp\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 LVcKap; system32\DRIVERS\LVcKap.sys [X]S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X]S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]S1 netfilter; system32\drivers\netfilter.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 18:36 - 2014-03-17 18:37 - 00013042 _____ () C:\Users\Hotshot\Downloads\FRST.txt2014-03-17 18:36 - 2014-03-17 18:36 - 00000000 ____D () C:\FRST2014-03-17 18:35 - 2014-03-17 18:35 - 01145856 _____ (Farbar) C:\Users\Hotshot\Downloads\FRST.exe2014-03-16 17:45 - 2014-03-16 17:45 - 00011357 _____ () C:\ComboFix.txt2014-03-16 17:36 - 2014-03-16 17:45 - 00000000 ____D () C:\ComboFix2014-03-16 17:35 - 2014-03-16 17:35 - 00000855 _____ () C:\Users\Hotshot\Desktop\CFScript.txt - Shortcut.lnk2014-03-16 16:44 - 2014-03-16 17:45 - 00000000 ____D () C:\Qoobox2014-03-16 16:44 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe2014-03-16 16:44 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe2014-03-16 16:44 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-03-16 16:44 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-03-16 16:44 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-03-16 16:44 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe2014-03-16 16:44 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe2014-03-16 16:44 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe2014-03-16 16:43 - 2014-03-16 16:54 - 00000000 ____D () C:\Windows\erdnt2014-03-16 16:34 - 2014-03-16 16:35 - 05190279 ____R (Swearware) C:\Users\Hotshot\Desktop\ComboFix.exe2014-03-16 16:32 - 2014-03-16 16:32 - 00005149 _____ () C:\Users\Hotshot\Desktop\AdwCleaner[s0].txt2014-03-16 16:15 - 2014-03-16 16:28 - 00000000 ____D () C:\AdwCleaner2014-03-16 16:14 - 2014-03-16 16:14 - 01950720 _____ () C:\Users\Hotshot\Downloads\AdwCleaner.exe2014-03-16 15:29 - 2014-03-16 15:29 - 00003003 _____ () C:\Users\Hotshot\Desktop\RKreport[0]_S_03162014_152932.txt2014-03-16 14:26 - 2014-03-16 15:29 - 00000000 ____D () C:\Users\Hotshot\Desktop\RK_Quarantine2014-03-16 14:26 - 2014-03-16 14:26 - 03901952 _____ () C:\Users\Hotshot\Downloads\RogueKiller.exe2014-03-16 13:13 - 2014-03-16 13:13 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-16 13:13 - 2014-03-16 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-03-16 13:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-16 13:12 - 2014-03-16 13:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hotshot\Downloads\mbam-setup-1.75.0.1300.exe2014-03-16 12:18 - 2014-03-16 12:19 - 00017541 _____ () C:\Users\Hotshot\Desktop\attach.txt2014-03-16 12:18 - 2014-03-16 12:19 - 00010012 _____ () C:\Users\Hotshot\Desktop\dds.txt2014-03-16 12:16 - 2014-03-16 12:17 - 00688992 ____R (Swearware) C:\Users\Hotshot\Downloads\dds (1).scr2014-03-16 12:16 - 2014-03-16 12:16 - 00000079 _____ () C:\Windows\wininit.ini2014-03-16 12:13 - 2013-11-13 00:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-03-11 21:13 - 2014-03-11 21:13 - 00000680 _____ () C:\Users\Hotshot\AppData\Local\d3d9caps.dat2014-03-11 18:57 - 2014-03-16 13:01 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-03-11 18:47 - 2014-03-11 18:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Hotshot\Downloads\spybot-2.2.exe2014-03-09 17:51 - 2014-03-09 21:54 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\uTorrent2014-03-09 17:50 - 2014-03-09 17:51 - 01853008 _____ (BitTorrent Inc.) C:\Users\Hotshot\Downloads\uTorrent(2).exe2014-03-08 14:38 - 2014-03-08 14:39 - 24654088 _____ (Mozilla) C:\Users\Hotshot\Downloads\Firefox_Setup_27.0.1.exe2014-02-26 19:43 - 2014-02-26 19:43 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setuperr.log2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setupact.log2014-02-21 07:16 - 2014-03-17 18:29 - 00113480 _____ () C:\Windows\PFRO.log2014-02-20 21:59 - 2014-02-20 21:59 - 00055864 _____ () C:\Users\Hotshot\Documents\cc_20140220_215904.reg2014-02-20 19:35 - 2014-02-20 19:35 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\TuneUp Software2014-02-20 19:32 - 2014-02-20 19:35 - 00000000 ____D () C:\ProgramData\TuneUp Software2014-02-20 19:32 - 2014-02-20 19:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\Documents\Any Video Converter2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AnvSoft2014-02-20 19:30 - 2014-02-20 19:30 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Hotshot\Downloads\avc-free.exe2014-02-20 19:23 - 2014-02-20 19:23 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AVS4YOU2014-02-20 19:21 - 2014-02-20 21:29 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia2014-02-20 19:21 - 2014-02-20 19:23 - 00000000 ____D () C:\ProgramData\AVS4YOU2014-02-20 19:21 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll2014-02-20 19:19 - 2014-02-20 19:20 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\Hotshot\Downloads\AVSVideoConverter.exe2014-02-20 19:13 - 2014-02-20 19:15 - 00930440 _____ (CNET Download.com) C:\Users\Hotshot\Downloads\cbsidlm-cbsi176-Free_AVI_to_MP4_Converter-ORG-75891861.exe2014-02-20 19:10 - 2014-02-20 20:43 - 00016896 _____ () C:\Users\Hotshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-15 11:32 - 2014-02-15 14:34 - 00000000 ____D () C:\old hard drive2014-02-15 10:16 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-15 10:16 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-15 10:16 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-15 10:16 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-15 10:16 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-15 10:16 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-15 10:16 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-02-15 10:16 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-15 10:16 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-15 10:16 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-15 10:16 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-15 10:16 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-15 10:16 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-15 10:16 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-15 10:16 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-02-15 10:16 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= 2014-03-17 18:37 - 2014-03-17 18:36 - 00013042 _____ () C:\Users\Hotshot\Downloads\FRST.txt2014-03-17 18:36 - 2014-03-17 18:36 - 00000000 ____D () C:\FRST2014-03-17 18:36 - 2011-01-26 18:30 - 01929684 _____ () C:\Windows\WindowsUpdate.log2014-03-17 18:35 - 2014-03-17 18:35 - 01145856 _____ (Farbar) C:\Users\Hotshot\Downloads\FRST.exe2014-03-17 18:31 - 2008-05-30 14:53 - 00000000 ____D () C:\Users\Hotshot\AppData\Local\Adobe2014-03-17 18:30 - 2011-12-22 22:30 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-17 18:29 - 2014-02-21 07:16 - 00113480 _____ () C:\Windows\PFRO.log2014-03-17 18:29 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-17 18:29 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-03-17 18:29 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-03-16 22:29 - 2011-12-22 22:30 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-16 22:29 - 2006-11-02 13:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-03-16 17:45 - 2014-03-16 17:45 - 00011357 _____ () C:\ComboFix.txt2014-03-16 17:45 - 2014-03-16 17:36 - 00000000 ____D () C:\ComboFix2014-03-16 17:45 - 2014-03-16 16:44 - 00000000 ____D () C:\Qoobox2014-03-16 17:43 - 2006-11-02 10:23 - 00000215 _____ () C:\Windows\system.ini2014-03-16 17:36 - 2009-11-07 14:09 - 00000000 ____D () C:\Program Files\QuickTime2014-03-16 17:35 - 2014-03-16 17:35 - 00000855 _____ () C:\Users\Hotshot\Desktop\CFScript.txt - Shortcut.lnk2014-03-16 16:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default2014-03-16 16:55 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public2014-03-16 16:54 - 2014-03-16 16:43 - 00000000 ____D () C:\Windows\erdnt2014-03-16 16:35 - 2014-03-16 16:34 - 05190279 ____R (Swearware) C:\Users\Hotshot\Desktop\ComboFix.exe2014-03-16 16:32 - 2014-03-16 16:32 - 00005149 _____ () C:\Users\Hotshot\Desktop\AdwCleaner[s0].txt2014-03-16 16:28 - 2014-03-16 16:15 - 00000000 ____D () C:\AdwCleaner2014-03-16 16:14 - 2014-03-16 16:14 - 01950720 _____ () C:\Users\Hotshot\Downloads\AdwCleaner.exe2014-03-16 15:29 - 2014-03-16 15:29 - 00003003 _____ () C:\Users\Hotshot\Desktop\RKreport[0]_S_03162014_152932.txt2014-03-16 15:29 - 2014-03-16 14:26 - 00000000 ____D () C:\Users\Hotshot\Desktop\RK_Quarantine2014-03-16 14:26 - 2014-03-16 14:26 - 03901952 _____ () C:\Users\Hotshot\Downloads\RogueKiller.exe2014-03-16 13:13 - 2014-03-16 13:13 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-16 13:13 - 2014-03-16 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-03-16 13:12 - 2014-03-16 13:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hotshot\Downloads\mbam-setup-1.75.0.1300.exe2014-03-16 13:06 - 2014-02-08 13:48 - 00118168 _____ () C:\Users\Hotshot\AppData\Local\GDIPFONTCACHEV1.DAT2014-03-16 13:02 - 2006-11-02 12:47 - 01482584 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-16 13:01 - 2014-03-11 18:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-03-16 13:01 - 2009-06-11 15:38 - 00000000 ____D () C:\Program Files\WinRAR2014-03-16 12:43 - 2011-12-22 22:31 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-16 12:19 - 2014-03-16 12:18 - 00017541 _____ () C:\Users\Hotshot\Desktop\attach.txt2014-03-16 12:19 - 2014-03-16 12:18 - 00010012 _____ () C:\Users\Hotshot\Desktop\dds.txt2014-03-16 12:17 - 2014-03-16 12:16 - 00688992 ____R (Swearware) C:\Users\Hotshot\Downloads\dds (1).scr2014-03-16 12:16 - 2014-03-16 12:16 - 00000079 _____ () C:\Windows\wininit.ini2014-03-16 12:16 - 2010-04-05 12:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-03-16 12:15 - 2009-05-26 10:55 - 00000000 ____D () C:\Program Files\Spotify2014-03-16 12:15 - 2008-12-01 13:22 - 00000000 ____D () C:\Program Files\RegScrubVistaXP2014-03-16 12:15 - 2008-11-30 12:33 - 00000000 ____D () C:\Program Files\CCleaner2014-03-11 21:13 - 2014-03-11 21:13 - 00000680 _____ () C:\Users\Hotshot\AppData\Local\d3d9caps.dat2014-03-11 18:57 - 2014-03-11 18:47 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Hotshot\Downloads\spybot-2.2.exe2014-03-10 19:47 - 2008-05-31 22:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-03-10 19:47 - 2008-05-31 22:46 - 00000000 ____D () C:\Program Files\Adobe2014-03-10 19:47 - 2008-05-27 19:11 - 00000000 ____D () C:\ProgramData\Adobe2014-03-09 21:54 - 2014-03-09 17:51 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\uTorrent2014-03-09 21:51 - 2007-01-01 22:35 - 00000000 ____D () C:\Windows\pss2014-03-09 17:51 - 2014-03-09 17:50 - 01853008 _____ (BitTorrent Inc.) C:\Users\Hotshot\Downloads\uTorrent(2).exe2014-03-08 14:39 - 2014-03-08 14:38 - 24654088 _____ (Mozilla) C:\Users\Hotshot\Downloads\Firefox_Setup_27.0.1.exe2014-02-27 20:40 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-02-27 18:39 - 2006-11-02 10:33 - 00744336 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-26 19:43 - 2014-02-26 19:43 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setuperr.log2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setupact.log2014-02-21 07:35 - 2009-11-20 20:19 - 00000000 ____D () C:\Users\Hotshot\Downloads\The Strokes - Is This It2014-02-21 07:31 - 2012-10-18 19:29 - 00000000 ____D () C:\Users\Hotshot\Downloads\The Black Keys - El Camino2014-02-20 21:59 - 2014-02-20 21:59 - 00055864 _____ () C:\Users\Hotshot\Documents\cc_20140220_215904.reg2014-02-20 21:29 - 2014-02-20 19:21 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia2014-02-20 20:43 - 2014-02-20 19:10 - 00016896 _____ () C:\Users\Hotshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-20 19:35 - 2014-02-20 19:35 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\TuneUp Software2014-02-20 19:35 - 2014-02-20 19:32 - 00000000 ____D () C:\ProgramData\TuneUp Software2014-02-20 19:32 - 2014-02-20 19:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\Documents\Any Video Converter2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AnvSoft2014-02-20 19:30 - 2014-02-20 19:30 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Hotshot\Downloads\avc-free.exe2014-02-20 19:23 - 2014-02-20 19:23 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AVS4YOU2014-02-20 19:23 - 2014-02-20 19:21 - 00000000 ____D () C:\ProgramData\AVS4YOU2014-02-20 19:20 - 2014-02-20 19:19 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\Hotshot\Downloads\AVSVideoConverter.exe2014-02-20 19:15 - 2014-02-20 19:13 - 00930440 _____ (CNET Download.com) C:\Users\Hotshot\Downloads\cbsidlm-cbsi176-Free_AVI_to_MP4_Converter-ORG-75891861.exe2014-02-15 14:34 - 2014-02-15 11:32 - 00000000 ____D () C:\old hard drive2014-02-15 11:56 - 2010-08-13 20:27 - 00000000 ____D () C:\Users\Hotshot\Downloads\Mumford and Sons Sigh No More-20092014-02-15 11:50 - 2012-10-18 19:27 - 00000000 ____D () C:\Users\Hotshot\Downloads\Muse - The 2nd Law -20122014-02-15 11:43 - 2008-10-16 12:50 - 00000000 ____D () C:\Users\Hotshot\Downloads\Metallica - Death Magnetic [2008]2014-02-15 10:31 - 2014-02-08 13:23 - 00000000 ____D () C:\Windows\system32\MRT2014-02-15 10:27 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete:====================C:\ProgramData\PKP_DLes.DATC:\ProgramData\PKP_DLet.DATC:\ProgramData\PKP_DLev.DAT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-17 18:35 ==================== End Of Log ============================Addition.txt
- March 17, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Results from combofix: ComboFix 14-03-13.01 - Hotshot 16/03/2014 17:37:23.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1849 [GMT 0:00]Running from: c:\users\Hotshot\Desktop\ComboFix.exeCommand switches used :: c:\users\Hotshot\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))..2014-03-16 17:43 . 2014-03-16 17:43 -------- d-----w- c:\users\Hotshot\AppData\Local\temp2014-03-16 17:43 . 2014-03-16 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp2014-03-16 16:22 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6736C44-2919-432F-BFD1-002015423A5B}\mpengine.dll2014-03-16 16:15 . 2014-03-16 16:28 -------- d-----w- C:\AdwCleaner2014-03-16 13:13 . 2014-03-16 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-16 13:13 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-11 18:57 . 2014-03-16 13:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-09 17:51 . 2014-03-09 21:54 -------- d-----w- c:\users\Hotshot\AppData\Roaming\uTorrent2014-02-26 19:43 . 2014-02-26 19:43 -------- d-----w- c:\programdata\WindowsSearch2014-02-22 07:39 . 2014-02-22 07:39 -------- d-----w- c:\windows\Migration2014-02-20 19:35 . 2014-02-20 19:35 -------- d-----w- c:\users\Hotshot\AppData\Roaming\TuneUp Software2014-02-20 19:32 . 2014-02-20 19:35 -------- d-----w- c:\programdata\TuneUp Software2014-02-20 19:32 . 2014-02-20 19:32 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2014-02-20 19:32 . 2014-02-20 19:32 -------- d--h--w- c:\programdata\Common Files2014-02-20 19:31 . 2014-02-20 19:31 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AnvSoft2014-02-20 19:23 . 2014-02-20 19:23 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AVS4YOU2014-02-20 19:21 . 2014-02-20 21:29 -------- d-----w- c:\program files\Common Files\AVSMedia2014-02-20 19:21 . 2014-02-20 19:23 -------- d-----w- c:\programdata\AVS4YOU2014-02-20 19:21 . 2012-03-23 19:59 24576 ----a-w- c:\windows\system32\msxml3a.dll2014-02-15 11:32 . 2014-02-15 14:34 -------- d-----w- C:\old hard drive...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-09 11:13 . 2014-02-09 11:13 57344 ----a-r- c:\users\Hotshot\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe2014-02-09 11:11 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL2014-01-28 16:31 . 2014-01-28 16:31 773968 ----a-w- c:\windows\system32\msvcr100.dll2014-01-28 16:31 . 2014-01-28 16:31 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-12-18 06:13 . 2009-10-03 08:12 231584 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2007-01-01 00:18 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"CAHeadless"="c:\program files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1046944].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2007-01-01 3767096]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnkbackup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin710.exe.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin710.exe.lnkbackup=c:\windows\pss\TrayMin710.exe.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]2009-05-21 10:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2014-01-20 16:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]2012-09-26 11:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]2012-09-28 11:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]2012-09-28 11:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]2012-09-28 11:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]2006-10-16 09:18 344064 ----a-w- c:\windows\vphc700.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-09-03 181152]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-16 12:39 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29].2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.HKCU-Run-swg - (no file)HKCU-Run-DellSupportCenter - (no file)HKCU-Run-Sony Ericsson PC Suite - (no file)HKCU-Run-BBC Alerts - (no file)HKCU-Run-hkvbaptp - (no file)HKLM-Run-SunJavaUpdateSched - (no file)MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exeMSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\vid.exeMSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exeMSConfigStartUp-phc710 - c:\windows\vphc710.exeMSConfigStartUp-PMX Daemon - ICO.EXEMSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-03-16 17:43Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.0.6002 Disk: ST3500630AS rev.3.ADG -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-0 .device: opened successfullyuser: MBR read successfullykernel: MBR read successfullyuser != kernel MBR !!! .**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-03-16 17:45:26ComboFix-quarantined-files.txt 2014-03-16 17:45ComboFix2.txt 2014-03-16 16:55.Pre-Run: 87,437,623,296 bytes freePost-Run: 87,433,867,264 bytes free.- - End Of File - - 6AAA8AC6EF7877D6FE1F5591C9F432A35C616939100B85E558DA92B899A0FC36 Thanks
- March 16, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Thanks I did delete the issues found by Malwarebytes. Deleted everything from the Adwcleaner too. The log for it is here: # AdwCleaner v3.022 - Report created 16/03/2014 at 16:28:28# Updated 13/03/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)# Username : Hotshot - HOTSHOT-PC# Running from : C:\Users\Hotshot\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codecFolder Deleted : C:\Program Files\Level Quality WatcherFolder Deleted : C:\Program Files\myfree codecFolder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}Folder Deleted : C:\Users\Hotshot\AppData\LocalLow\boost_interprocess ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : HKCU\Software\Myfree CodecKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\Software\Myfree CodecKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodecKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC BackupKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBABKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEBKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982AKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1DKey Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1DKey Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4988 octets] - [16/03/2014 16:15:16]AdwCleaner[s0].txt - [5009 octets] - [16/03/2014 16:28:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5069 octets] ########## Combofix log: ComboFix 14-03-13.01 - Hotshot 16/03/2014 16:45:56.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1883 [GMT 0:00]Running from: c:\users\Hotshot\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\cleansweep .exec:\cleansweep .exe\config.binD:\install.exe..((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))..2014-03-16 16:22 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6736C44-2919-432F-BFD1-002015423A5B}\mpengine.dll2014-03-16 16:15 . 2014-03-16 16:28 -------- d-----w- C:\AdwCleaner2014-03-16 13:13 . 2014-03-16 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-16 13:13 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-11 18:57 . 2014-03-16 13:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-09 17:51 . 2014-03-09 21:54 -------- d-----w- c:\users\Hotshot\AppData\Roaming\uTorrent2014-02-26 19:43 . 2014-02-26 19:43 -------- d-----w- c:\programdata\WindowsSearch2014-02-22 07:39 . 2014-02-22 07:39 -------- d-----w- c:\windows\Migration2014-02-20 19:35 . 2014-02-20 19:35 -------- d-----w- c:\users\Hotshot\AppData\Roaming\TuneUp Software2014-02-20 19:32 . 2014-02-20 19:35 -------- d-----w- c:\programdata\TuneUp Software2014-02-20 19:32 . 2014-02-20 19:32 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2014-02-20 19:32 . 2014-02-20 19:32 -------- d--h--w- c:\programdata\Common Files2014-02-20 19:31 . 2014-02-20 19:31 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AnvSoft2014-02-20 19:23 . 2014-02-20 19:23 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AVS4YOU2014-02-20 19:21 . 2014-02-20 21:29 -------- d-----w- c:\program files\Common Files\AVSMedia2014-02-20 19:21 . 2014-02-20 19:23 -------- d-----w- c:\programdata\AVS4YOU2014-02-20 19:21 . 2012-03-23 19:59 24576 ----a-w- c:\windows\system32\msxml3a.dll2014-02-15 11:32 . 2014-02-15 14:34 -------- d-----w- C:\old hard drive...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-09 11:13 . 2014-02-09 11:13 57344 ----a-r- c:\users\Hotshot\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe2014-02-09 11:11 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL2014-01-28 16:31 . 2014-01-28 16:31 773968 ----a-w- c:\windows\system32\msvcr100.dll2014-01-28 16:31 . 2014-01-28 16:31 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-12-18 06:13 . 2009-10-03 08:12 231584 ------w- c:\windows\system32\MpSigStub.exe.<pre>c:\program files\Common Files\Real\Update_OB\realsched .exec:\program files\Dell Support Center\bin\sprtcmd .exec:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exec:\program files\Java\jre1.6.0\bin\jusched .exec:\program files\QuickTime\qttask .exec:\program files\Windows Live\Messenger\msnmsgr .exec:\windows\System32\hkcmd .exec:\windows\System32\igfxpers .exec:\windows\System32\igfxtray .exe</pre>.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2007-01-01 00:18 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="" [N/A]"DellSupportCenter"="" [N/A]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"Sony Ericsson PC Suite"="" [N/A]"BBC Alerts"="" [N/A]"hkvbaptp"="" [N/A]"CAHeadless"="c:\program files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1046944].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="" [N/A]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2007-01-01 3767096]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnkbackup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin710.exe.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin710.exe.lnkbackup=c:\windows\pss\TrayMin710.exe.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2014-01-20 16:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]2012-09-26 11:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]2012-09-28 11:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]2012-09-28 11:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]2012-09-28 11:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]c:\program files\Logitech\Logitech Vid\vid.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]c:\program files\Logitech\Logitech WebCam Software\LWS.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]2006-10-16 09:18 344064 ----a-w- c:\windows\vphc700.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc710]c:\windows\vphc710.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]ICO.EXE [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]c:\program files\Spybot - Search & Destroy\TeaTimer.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-09-03 181152]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-16 12:39 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29].2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.SafeBoot-WudfPfSafeBoot-WudfRdAddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exeAddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exeAddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exeAddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exeAddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exeAddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exeAddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exeAddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exeAddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exeAddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exeAddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exeAddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exeAddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exeAddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exeAddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exeAddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exeAddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exeAddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exeAddRemove-Adobe Digital Editions - c:\users\hotshot\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-03-16 16:53Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\users\Hotshot\AppData\Local\Temp\catchme.dll 53248 bytes executable.scan completed successfullyhidden files: 1.**************************************************************************.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.0.6002 Disk: ST3500630AS rev.3.ADG -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-0 .device: opened successfullyuser: MBR read successfullykernel: MBR read successfullyuser != kernel MBR !!! .**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-03-16 16:55:11ComboFix-quarantined-files.txt 2014-03-16 16:55.Pre-Run: 87,478,702,080 bytes freePost-Run: 87,414,509,568 bytes free.- - End Of File - - E65C03BDF4CA4696A0680DC699AFBA125C616939100B85E558DA92B899A0FC36 Thanks again
- March 16, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Malwarebytes report: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.16.02 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Hotshot :: HOTSHOT-PC [administrator] 16/03/2014 13:20:46MBAM-log-2014-03-16 (14-19-18).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 224112Time elapsed: 7 minute(s), 52 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 4HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.HKCU\Software\ndo8thb2ikwe (Malware.Trace) -> No action taken.HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken. Registry Values Detected: 7HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Hotshot\AppData\Local\Temp\csrss.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\Hotshot\AppData\Local\Temp\csrss.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Hotshot\AppData\Roaming\dwm.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer|WINID (Malware.Trace) -> Data: 1CAD298FA81C130 -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Data: -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Data: -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mplay32xe.exe (Trojan.Downloader) -> Data: -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 3C:\Users\Hotshot\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Hotshot\AppData\Roaming\OpenCandy\53F7757075BD414A9864F8153EB8F327 (PUP.Optional.OpenCandy) -> No action taken.C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken. Files Detected: 4C:\Users\Hotshot\Downloads\AVIToMP4ConverterSetupD.exe (PUP.Adware.RKN) -> No action taken.C:\Users\Hotshot\Downloads\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Hotshot\Favorites\_favdata.dat (Malware.Trace) -> No action taken.C:\Users\Hotshot\AppData\Roaming\OpenCandy\53F7757075BD414A9864F8153EB8F327\Trial-14.0.1000.90_en-GB_1004745_UK-15d.exe (PUP.Optional.OpenCandy) -> No action taken. (end) Roguekiller report: RogueKiller V8.8.11 [Mar 14 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Hotshot [Admin rights]Mode : Scan -- Date : 03/16/2014 15:29:32| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500630AS ATA Device +++++--- User ---[MBR] 7d0c0767eda73beafad60b177ee537be[bSP] 143500e28e0f7628a019343ed6099823 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500630AS ATA Device +++++--- User ---[MBR] de3b5e8790bf6ce255a316343420b852[bSP] 1a36389dad8a0d7e38580f4953cbb6d9 : Windows Vista MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_03162014_152932.txt >> Thanks
- March 16, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 replied to dmh1987's topic in Resolved Malware Removal Logs

Sorry - posted twice in error
- March 16, 2014
- 19 replies
Yahoo Spigot infection

dmh1987 posted a topic in Resolved Malware Removal Logs

Hi My browser home pages defaulted to Yahoo with Spigot in the address bar. Read in a few places about this being an issue and nothing I've done has been able to remove it. I ran dss and the results of the 2 logs are below: dss: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16533Run by Hotshot at 12:17:36 on 2014-03-16Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1300 [GMT 0:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\RtHDVCpl.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\WLANExt.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\conime.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluWinlogon: Shell = explorer.exe,c:\users\hotshot\appdata\roaming\dwm.exeuWindows: Load = c:\users\hotshot\appdata\local\temp\csrss.exeBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [swg] <no file>mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [sunJavaUpdateSched] <no file>mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.0.1TCP: Interfaces\{60EEEAC0-F670-4F87-8C77-54CAC674AE1A} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{C08A8DE6-DAA9-4161-B6E5-39F5D736C048} : DHCPNameServer = 192.168.0.1Notify: igfxcui - igfxdev.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2007-1-1 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2007-1-1 180248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-6 775952]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-6 410784]R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\adobe\elements 12 organizer\PhotoshopElementsFileAgent.exe [2013-9-3 181152]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-6 67824]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-6 50344]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-5-27 18432]R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-5-27 19008]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-4 83168]S3 phc700;USB PC Camera (SPC700NC);c:\windows\system32\drivers\phc700.sys [2011-9-11 644864]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-4 181344]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s [?]S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s [?].=============== Created Last 30 ================.2014-03-16 12:13:11 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1fed040b-67db-484e-9b13-9614e9e4dd7b}\mpengine.dll2014-03-11 18:57:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-09 17:51:26 -------- d-----w- c:\users\hotshot\appdata\roaming\uTorrent2014-02-22 07:39:49 -------- d-----w- c:\windows\Migration2014-02-20 19:35:05 -------- d-----w- c:\users\hotshot\appdata\roaming\TuneUp Software2014-02-20 19:32:19 -------- d-----w- c:\programdata\TuneUp Software2014-02-20 19:32:14 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2014-02-20 19:32:14 -------- d--h--w- c:\programdata\Common Files2014-02-20 19:31:51 -------- d-----w- c:\users\hotshot\appdata\roaming\AnvSoft2014-02-20 19:31:11 -------- d-----w- c:\users\hotshot\appdata\roaming\OpenCandy2014-02-20 19:23:20 -------- d-----w- c:\users\hotshot\appdata\roaming\AVS4YOU2014-02-20 19:21:43 24576 ----a-w- c:\windows\system32\msxml3a.dll2014-02-20 19:21:43 -------- d-----w- c:\programdata\AVS4YOU2014-02-20 19:21:43 -------- d-----w- c:\program files\common files\AVSMedia2014-02-20 19:17:54 -------- d-----w- c:\program files\Level Quality Watcher2014-02-15 11:32:38 -------- d-----w- C:\old hard drive.==================== Find3M ====================.2014-02-09 11:11:32 106496 ----a-w- c:\windows\system32\ATL71.DLL2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb2014-01-28 16:31:48 773968 ----a-w- c:\windows\system32\msvcr100.dll2014-01-28 16:31:48 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 12:18:21.78 =============== attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 27/05/2008 19:50:34System Uptime: 16/03/2014 11:12:40 (1 hours ago).Motherboard: Dell Inc. | | 0RN474Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 1600/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 456 GiB total, 83.995 GiB free.D: is FIXED (NTFS) - 466 GiB total, 353.891 GiB free.E: is FIXED (NTFS) - 10 GiB total, 5.664 GiB free.F: is CDROM ()H: is RemovableI: is RemovableJ: is RemovableL: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.AC3Filter (remove only)Adobe Digital EditionsAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 12Adobe Shockwave Player 11Apple Application SupportApple Mobile Device SupportApple Software UpdateAvanquest updateavast! Free AntivirusAVG 2011BonjourBrowser Address Error RedirectorCompatibility Pack for the 2007 Office systemDell Getting Started GuideDell Support Center (Support Software)DivX ConverterDivX SetupEDocsElements 12 OrganizerFirebird 2.0.3Google ChromeGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® PRO Network Connections 12.1.11.0iTunesJava SE Runtime Environment 6Junk Mail filter updateMalwarebytes' Anti-MalwareMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office File Validation Add-InMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office Small Business Edition 2003Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMouse Suite for Desktop ComputersMSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyFreeCodecNikon File Uploader 2Nikon Message Center 2Picture Control UtilityPSE12 STI InstallerQuickTimeRealtek High Definition Audio DriverRoxio Activation ModuleRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio MyDVD DERoxio Update ManagerSafariSamsung KiesSAMSUNG USB Driver for Mobile PhonesSavingsBullSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Sonic CinePlayer Decoder PackSPC 700NC PC CameraUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)VC80CRTRedist - 8.0.50727.6195Veetle TV 0.9.18ViewNX 2Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Media Player Firefox Plugin.==== Event Viewer Messages From Past Week ========.16/03/2014 11:24:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2726929).16/03/2014 11:21:02, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Publisher 2003 (KB2810047).16/03/2014 11:20:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB2293428).16/03/2014 11:20:55, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001FC65C4703. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.16/03/2014 11:20:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).16/03/2014 11:20:39, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB980373).16/03/2014 11:20:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2817480).16/03/2014 11:20:24, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 (KB2449798).16/03/2014 11:20:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2543854).16/03/2014 11:20:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB975051).16/03/2014 11:19:58, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).16/03/2014 11:19:48, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2687626).16/03/2014 11:19:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).16/03/2014 11:19:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2817474).16/03/2014 11:19:21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760574).16/03/2014 11:19:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760494).16/03/2014 11:19:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2539581).16/03/2014 11:18:58, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2825621).16/03/2014 11:18:50, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2535812).16/03/2014 11:18:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB978551).16/03/2014 11:18:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Excel 2003 (KB2810048).16/03/2014 11:18:25, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2493523).16/03/2014 11:18:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289163).16/03/2014 11:18:11, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2288613).16/03/2014 11:18:03, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2850047).16/03/2014 11:17:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2863866).16/03/2014 11:15:03, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer Lexmark 4300 Series,0 because the print processor Lexmark 4300 Series Print Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.16/03/2014 11:13:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: netfilter12/03/2014 18:33:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.12/03/2014 18:33:05, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/03/2014 18:32:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.12/03/2014 18:32:02, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/03/2014 19:01:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC NetBIOS netbt netfilter nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv611/03/2014 19:01:29, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/03/2014 19:01:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.11/03/2014 19:00:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}11/03/2014 19:00:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/03/2014 19:00:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/03/2014 18:17:19, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{60EEEAC0-F670-4F87-8C77-54CAC674AE1A} because another computer on the network has the same name. The server could not start.10/03/2014 19:47:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.10/03/2014 19:47:18, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/03/2014 19:47:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}09/03/2014 21:54:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}09/03/2014 10:06:08, Error: Service Control Manager [7000] - The Level Quality Watcher service failed to start due to the following error: The system cannot find the file specified..==== End Of File =========================== Any help greatly appreciated! Thanks
- March 16, 2014
- 19 replies

Sign In

dmh1987

Posts

Joined

Last visited

Reputation

Yahoo Spigot infection

dmh1987

MrCharlie

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Yahoo Spigot infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information