Jump to content

Dlink redirect virus

historybuff77
 Share

Recommended Posts

historybuff77

historybuff77

Posted
  • Author
Posted

Hi Gringo,

Here are the reports. Everything is working fine except Internet Explorer. My Internet connection works, just not with that browser.

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.03.07

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

User :: LAPTOP-PC [administrator]

2013-06-03 1:01:07 PM

mbar-log-2013-06-03 (13-01-07).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 244390

Time elapsed: 32 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-06-03 13:37:55

-----------------------------

13:37:55.825 OS Version: Windows x64 6.2.9200

13:37:55.826 Number of processors: 4 586 0x1001

13:37:55.827 ComputerName: LAPTOP-PC UserName: User

13:37:55.829 Initialze error 1

13:39:13.120 AVAST engine defs: 13060301

13:43:52.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039

13:43:52.250 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11

13:43:52.259 Disk 0 MBR read successfully

13:43:52.262 Disk 0 MBR scan

13:43:52.268 Disk 0 unknown MBR code

13:43:52.280 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1

13:43:52.286 Disk 0 scanning C:\Windows\system32\drivers

13:43:52.289 Service scanning

13:43:53.053 Modules scanning

13:43:53.058 Disk 0 trace - called modules:

13:43:53.070 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

13:43:53.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ed6060]

13:43:53.078 3 CLASSPNP.SYS[fffff88000b31fea] -> nt!IofCallDriver -> [0xfffffa8008336b10]

13:43:53.084 5 hpdskflt.sys[fffff88001c78339] -> nt!IofCallDriver -> [0xfffffa8007d69a00]

13:43:53.090 7 amd_xata.sys[fffff8800134c634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa8007db87f0]

13:43:53.095 AVAST engine scan C:\Windows

13:43:53.100 AVAST engine scan C:\Windows\system32

13:43:53.105 AVAST engine scan C:\Windows\system32\drivers

13:43:53.110 AVAST engine scan C:\Users\User

13:43:53.116 AVAST engine scan C:\ProgramData

13:43:53.121 Scan finished successfully

13:44:03.419 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"

13:44:03.424 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Link to post
Share on other sites
  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello historybuff77

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Thanks. I will retry tonight once I'm home.

One thing I have noticed, and I don't know if it's related to the issues I was having with malware before, is this: "TiWorker.exe Windows Modules Installer Worker" sometimes taking up 99% of my Disk usage in my Task Manager. This has been happening over the last few days since I've done a Windows update. Is it something to be concerned about?

Thanks again.

Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Hello,

I followed the steps in the link and deleted browsing history and all the rest of the boxes. Internet Explorer still does not work and the Internet Options link still appears in grayscale when I try to do the first steps you suggested. Not sure what to do. I tried a full reinstall of IE before and it still wasn't working.

Thanks.

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello historybuff77

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports

Gringo

Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Hi Gringo,

 

The rootkit tool was run and found nothing, but IE still doesn't work (other browsers do). It looks like Firewall and Windows Update is working (although it said a maintenance operation was in progress). Here's my log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-03 13:37:55
-----------------------------
13:37:55.825    OS Version: Windows x64 6.2.9200 
13:37:55.826    Number of processors: 4 586 0x1001
13:37:55.827    ComputerName: LAPTOP-PC  UserName: User
13:37:55.829    Initialze error 1 
13:39:13.120    AVAST engine defs: 13060301
13:43:52.247    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
13:43:52.250    Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11
13:43:52.259    Disk 0 MBR read successfully
13:43:52.262    Disk 0 MBR scan
13:43:52.268    Disk 0 unknown MBR code
13:43:52.280    Disk 0 Partition 1 00     EE          GPT            715404 MB offset 1
13:43:52.286    Disk 0 scanning C:\Windows\system32\drivers
13:43:52.289    Service scanning
13:43:53.053    Modules scanning
13:43:53.058    Disk 0 trace - called modules:
13:43:53.070    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
13:43:53.074    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ed6060]
13:43:53.078    3 CLASSPNP.SYS[fffff88000b31fea] -> nt!IofCallDriver -> [0xfffffa8008336b10]
13:43:53.084    5 hpdskflt.sys[fffff88001c78339] -> nt!IofCallDriver -> [0xfffffa8007d69a00]
13:43:53.090    7 amd_xata.sys[fffff8800134c634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa8007db87f0]
13:43:53.095    AVAST engine scan C:\Windows
13:43:53.100    AVAST engine scan C:\Windows\system32
13:43:53.105    AVAST engine scan C:\Windows\system32\drivers
13:43:53.110    AVAST engine scan C:\Users\User
13:43:53.116    AVAST engine scan C:\ProgramData
13:43:53.121    Scan finished successfully
13:44:03.419    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:44:03.424    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-21 17:29:29
-----------------------------
17:29:29.951    OS Version: Windows x64 6.2.9200 
17:29:29.951    Number of processors: 4 586 0x1001
17:29:29.953    ComputerName: LAPTOP-PC  UserName: User
17:29:30.454    Initialze error 1 
17:31:07.017    AVAST engine defs: 13062102
17:31:17.357    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
17:31:17.359    Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11
17:31:17.380    Disk 0 MBR read successfully
17:31:17.382    Disk 0 MBR scan
17:31:17.399    Disk 0 unknown MBR code
17:31:17.403    Disk 0 Partition 1 00     EE          GPT            715404 MB offset 1
17:31:17.417    Disk 0 scanning C:\Windows\system32\drivers
17:31:17.420    Service scanning
17:31:18.086    Modules scanning
17:31:18.093    Disk 0 trace - called modules:
17:31:18.123    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
17:31:18.130    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800819a060]
17:31:18.138    3 CLASSPNP.SYS[fffff88001401fea] -> nt!IofCallDriver -> [0xfffffa80080f0b10]
17:31:18.149    5 hpdskflt.sys[fffff88001c02339] -> nt!IofCallDriver -> [0xfffffa8007da9b20]
17:31:18.154    7 amd_xata.sys[fffff880012a8634] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa8007dcb7f0]
17:31:18.160    AVAST engine scan C:\Windows
17:31:18.170    AVAST engine scan C:\Windows\system32
17:31:18.175    AVAST engine scan C:\Windows\system32\drivers
17:31:18.180    AVAST engine scan C:\Users\User
17:31:18.186    AVAST engine scan C:\ProgramData
17:31:18.190    Scan finished successfully
17:31:31.245    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:31:31.286    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
 
Thanks!
Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello historybuff77

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Hi Gringo,

 

Here's the RK report. I'm attaching the other. Still no luck with IE working.

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 06/22/2013 11:21:37
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SATA Disk Device +++++
--- User ---
[MBR] 9c9b2669875350b52edfd94c450c6197
[bSP] 1f18f6bde0f1cc21fbbaaa1891dbc946 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_06222013_112137.txt >>
RKreport[0]_S_06222013_112104.txt
 
 
 

TDSSKiller.2.8.16.0_22.06.2013_11.03.28_log.txt

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.
  • Run Malwarebytes

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

    Click OK to either and let MBAM proceed with the disinfection process.

    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Download HijackThis

    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
    Gringo
Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Hi Gringo,

 

I ran the scans and my logs are below. IE is still not working. It opens a window when I click on it but there doesn't appear to be any connectivity to the web or even an error message. My other browsers work. This only reason I would like IE to work is that it's the default program for some software that links to 'help pages' online and I don't know how to access those pages on other browsers since the web address doesn't appear when the window opens. I've reinstalled it before without it working. Should I try again?

 

Thanks for all of your help with this.

 

Here are my logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.27.05
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
User :: LAPTOP-PC [administrator]
 
2013-06-27 9:32:34 AM
mbam-log-2013-06-27 (09-32-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214708
Time elapsed: 5 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:31 AM, on 2013-06-27
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem22.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11030 bytes
 
Link to post
Share on other sites
historybuff77

historybuff77

Posted
  • Author
Posted

Hi Gringo,

 

One other thing. I've noticed this file pops up on Norton while I'm browsing even though I don't know that I've downloaded anything. It's happened a couple of times. Not sure if this is normal:

 

Filename: pepflashplayer.dll
Full Path: c:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.94\pepflashplayer.dll
 
____________________________
 
Details
Stability Unknown,  Very Few Users,  Very New,  Good
 
Origin
Downloaded from Unknown
 
Activity
Actions performed: Suspicious actions performed: None
 
____________________________
 
 
Developers Adobe Systems Incorporated
Version 11.8.800.94
Identified 2013-06-27 at 2:42:42 PM
Last Used Not Available
Startup Item No
 
____________________________
 
 
Unknown
This program crash history is not known.
 
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
 
Very New
This file was released less than 1 week  ago.
 
Good
Norton has given this file a good rating.
 
 
____________________________
 
 
 
Source File:
pepflashplayer.dll
 
____________________________
 
 
File Thumbprint - SHA:
bd721fe5d119de32576ac734c32b6cb6fabd0fe626360a2f07593058a0f8a82e
File Thumbprint - MD5:
Not available
Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello

Still do not know what to do with IE - that one has me stumped

Pepflashplayer.dll is an internal component of Google Chrome.

color=red]:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.