Jump to content

Spigot, Yahoo search Malware


Recommended Posts

Hello, 

   I've taken all the steps listen in the forum about the Yahoo search malware that keeps opening in chrome. Here are the dds.scr logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Chef at 13:11:59 on 2013-10-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7659.5358 [GMT -7:00]
.
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Users\Chef\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3683DCE9-1CCC-4328-8DD7-265B6811EB2A} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-19 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-14 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-14 365568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 BackupService;BackupService;C:\Users\Chef\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2013-10-1 83512]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-9-19 2375168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-15 701512]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-17 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-9-19 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-17 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-15 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-9-19 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-9-19 47232]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-23 1255736]
.
=============== Created Last 30 ================
.
2013-10-15 19:23:22 -------- d-----w- C:\Users\Chef\AppData\Roaming\Malwarebytes
2013-10-15 19:23:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-15 19:23:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-15 19:23:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-15 19:22:53 -------- d-----w- C:\Users\Chef\AppData\Local\Programs
2013-10-15 18:29:44 -------- d-----w- C:\AdwCleaner
2013-10-15 18:00:03 -------- d--h--w- C:\Users\Chef\AppData\Roaming\AVG2014
2013-10-15 17:59:30 -------- d--h--w- C:\Users\Chef\AppData\Roaming\TuneUp Software
2013-10-15 17:59:10 -------- d--h--w- C:\$AVG
2013-10-15 17:59:10 -------- d-----w- C:\ProgramData\AVG2014
2013-10-15 17:58:26 -------- d-----w- C:\Program Files (x86)\AVG
2013-10-15 17:55:42 -------- d--h--w- C:\Users\Chef\AppData\Local\MFAData
2013-10-15 17:55:42 -------- d--h--w- C:\Users\Chef\AppData\Local\Avg2014
2013-10-15 17:55:42 -------- d--h--w- C:\ProgramData\Common Files
2013-10-15 17:55:42 -------- d-----w- C:\ProgramData\MFAData
2013-10-15 17:13:58 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-15 02:05:58 -------- d--h--w- C:\Users\Chef\AppData\Roaming\uTorrent
2013-10-15 02:02:34 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D18B6DB4-2658-403B-ADA6-32BE9F38578B}\mpengine.dll
2013-10-15 02:01:40 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-15 02:01:11 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-02 18:06:02 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-10-01 18:41:52 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-10-01 18:11:54 -------- d-----w- C:\ProgramData\HPSS
2013-10-01 18:11:42 -------- d--h--w- C:\Users\Chef\AppData\Roaming\HP SimpleSave Application
2013-10-01 18:11:41 -------- d--h--w- C:\Users\Chef\AppData\Roaming\HPSS
2013-10-01 05:09:43 -------- d--h--w- C:\Users\Chef\AppData\Local\Apple Computer
2013-10-01 05:09:36 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-10-01 05:09:15 -------- d-----w- C:\Program Files\iPod
2013-10-01 05:09:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 05:09:14 -------- d-----w- C:\Program Files\iTunes
2013-10-01 05:09:14 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-01 05:08:27 -------- d--h--w- C:\Users\Chef\AppData\Local\Apple
2013-10-01 05:07:50 -------- d-----w- C:\Program Files\Bonjour
2013-10-01 05:07:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-10-01 05:02:13 -------- d--h--w- C:\Users\Chef\AppData\Local\HP
2013-09-30 16:16:43 -------- d--h--w- C:\Users\Chef\AppData\Roaming\LibreOffice
2013-09-30 16:14:35 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
2013-09-28 07:45:06 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-09-26 04:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-25 06:01:00 -------- d--h--w- C:\Users\Chef\AppData\Local\Google
2013-09-25 06:00:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 06:00:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-25 06:00:12 -------- d--h--w- C:\Users\Chef\AppData\Local\Adobe
2013-09-24 06:34:56 -------- d--h--w- C:\Users\Chef\AppData\Local\Hewlett-Packard
2013-09-23 19:16:14 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-23 19:16:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-23 19:16:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-23 19:16:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-23 19:16:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-23 19:16:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-23 19:16:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-23 19:14:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-09-23 19:14:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-09-23 19:14:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-09-23 19:14:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-09-23 19:14:03 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-09-23 19:14:03 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-09-23 19:14:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-09-23 19:14:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-09-23 19:14:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-09-23 19:14:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-09-23 19:12:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-09-23 19:12:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-09-23 19:09:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-23 19:09:52 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-23 18:57:51 -------- d-----w- C:\ProgramData\Synaptics
2013-09-23 18:52:31 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-23 18:52:31 -------- d-----w- C:\Windows\System32\Wat
2013-09-20 07:12:13 -------- d-----w- C:\Windows\System32\MRT
2013-09-20 06:59:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-20 06:59:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-20 06:59:41 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-20 06:33:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-20 06:33:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-20 06:33:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-20 06:33:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-20 06:33:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-20 06:33:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-20 06:33:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-20 06:29:10 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-20 06:26:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-20 06:26:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-20 06:26:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-20 06:26:50 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-20 06:26:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-20 06:22:28 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-09-20 06:21:59 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-20 06:20:59 395776 ----a-w- C:\Windows\System32\webio.dll
2013-09-20 06:10:35 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-20 06:10:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-09-20 06:10:14 77312 ----a-w- C:\Windows\System32\packager.dll
2013-09-20 06:10:14 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-09-20 05:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2013-09-20 05:49:44 -------- d--h--w- C:\Users\Chef\AppData\Roaming\hpqLog
2013-09-20 05:48:58 -------- d-----w- C:\HP
2013-09-20 05:48:02 -------- d--h--w- C:\Users\Chef\AppData\Local\AuthenTec
2013-09-20 05:47:00 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2012
2013-09-20 05:46:04 -------- d-----w- C:\Program Files\Common Files\AuthenTec
2013-09-20 05:46:04 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec
2013-09-20 05:41:48 -------- d-----w- C:\d99b3ac3a35707bcae77
2013-09-20 05:41:45 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys
2013-09-20 05:40:37 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-09-20 05:38:46 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-09-20 05:37:14 180736 ----a-w- C:\Windows\System32\ifsutil.dll
2013-09-20 05:37:14 148992 ----a-w- C:\Windows\SysWow64\ifsutil.dll
2013-09-20 05:29:51 -------- d-----w- C:\Windows\Hewlett-Packard
2013-09-20 05:21:47 -------- d-----w- C:\Windows\SysWow64\sda
2013-09-20 05:21:18 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2013-09-20 05:21:18 337512 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2013-09-20 05:21:18 -------- d-----w- C:\Program Files (x86)\Realtek
2013-09-20 05:15:43 -------- d--h--w- C:\Users\Chef\AppData\Roaming\Synaptics
2013-09-20 05:13:14 -------- d-----w- C:\Program Files\Synaptics
2013-09-20 05:09:53 -------- d-----w- C:\Program Files\Validity Sensors
2013-09-20 05:08:11 -------- d--h--w- C:\Users\Chef\AppData\Local\AMD
2013-09-20 05:07:59 -------- d--h--w- C:\Users\Chef\AppData\Local\ATI
2013-09-20 05:04:54 0 ----a-w- C:\Windows\ativpsrm.bin
2013-09-20 05:01:59 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-09-20 05:01:57 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-09-20 05:01:57 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-09-20 05:01:03 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2013-09-20 05:01:03 -------- d-----w- C:\ProgramData\AMD
2013-09-20 05:00:57 47232 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2013-09-20 04:59:50 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-09-20 04:59:37 -------- d-----w- C:\Program Files\ATI Technologies
2013-09-20 04:59:35 -------- d-----w- C:\Program Files\ATI
2013-09-20 04:07:05 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2013-09-20 04:06:13 -------- d-sh--w- C:\Windows\Installer
2013-09-20 03:11:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-20 03:11:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-20 03:11:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-20 03:07:25 220160 ----a-w- C:\Windows\System32\staco64.dll
2013-09-20 03:07:24 521728 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2013-09-20 03:07:23 652288 ------w- C:\Windows\System32\stapi64.dll
2013-09-20 03:07:23 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2013-09-20 03:07:23 1500672 ----a-w- C:\Windows\System32\stapo64.dll
2013-09-20 03:07:18 -------- d-----w- C:\Program Files\IDT
2013-09-20 03:05:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-20 03:04:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-20 03:04:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-20 03:04:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-20 03:02:51 -------- d-----w- C:\ProgramData\Ralink Driver
2013-09-20 03:02:21 -------- d-----w- C:\SWSetup
2013-09-20 02:31:38 -------- d--h--w- C:\Users\Chef\AppData\Local\Diagnostics
2013-09-20 02:10:27 -------- d-----w- C:\Windows\Panther
.
==================== Find3M  ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-09 05:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-02 17:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 17:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 17:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 17:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-24 00:27:08 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-08-24 00:27:08 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-08-21 05:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 23:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 13:12:26.48 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2013 7:26:21 PM
System Uptime: 10/15/2013 12:18:04 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 358B
Processor: AMD A8-3500M APU with Radeon HD Graphics | Socket FS1 | 795/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 594 GiB total, 452.887 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 2 GiB total, 1.985 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 10/2/2013 11:06:12 AM - Installed HP Support Assistant
RP49: 10/2/2013 11:08:55 AM - Windows Modules Installer
RP50: 10/2/2013 11:09:41 AM - Windows Modules Installer
RP51: 10/14/2013 7:01:40 PM - Windows Update
RP52: 10/15/2013 10:00:24 AM - Windows Update
RP53: 10/15/2013 10:58:12 AM - Installed AVG 2014
RP54: 10/15/2013 10:58:40 AM - Installed AVG 2014
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
AMD APP SDK Runtime
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AuthenTec TrueAPI
AVG 2014
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ESU for Microsoft Windows 7 SP1
Google Chrome
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Connection Manager
HP Customer Experience Enhancements
HP On Screen Display
HP Power Manager
HP Quick Launch
HP SimplePass 2012
HP Software Framework
HP Support Assistant
IDT Audio
iTunes
LibreOffice 4.1.1.2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Synaptics TouchPad Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Validity WBF DDK
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.0
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
10/15/2013 12:17:18 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/15/2013 12:06:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/15/2013 12:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/15/2013 12:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/15/2013 12:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/15/2013 12:06:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/15/2013 12:06:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/15/2013 11:35:10 AM, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/15/2013 11:35:09 AM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
10/15/2013 10:04:16 AM, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
10/14/2013 8:01:20 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Ok I've done the requested protocol. Here is the RK log:

 

RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chef [Admin rights]
Mode : Scan -- Date : 10/16/2013 09:21:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS547564A9E384 SATA Disk Device +++++
--- User ---
[MBR] f5e7a2c70dcd987a98f1a92b785fade4
[bSP] 89a81fc00455c8f4be0dd10a2502d92b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 608322 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1246050304 | Size: 2048 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10162013_092126.txt >>
RKreport[0]_S_10152013_120923.txt
Link to post
Share on other sites

(Note: Chrome may have to be manually reset...see below)

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Chrome:

First make sure you have the latest version of Chrome:
Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update


Next:
Go to Tools > Clear Browser Data
Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
  • Click "Clear Browsing Data"

    -------------------------------

    Next:
    Click the Chrome menu on the browser toolbar.
    Select Settings.
    In the "Search" section, click Manage search engines.
    Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.
    Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

    -------------------------------------

    Click the Chrome menu .
    Select Settings.
    In the "On startup" section, select Open a specific page or set of pages.
    Click Set pages. (in blue to the right)
    Remove any unfamiliar pages.

    -----------------------

    Click the Chrome menu .
    Select Settings.
    In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.
    If the page isn't the home page you'd like to use, click Change and select your preferred page.

    -------------------------


    Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

    Type the following into the address box and hit Enter:

    chrome:plugins

    Do the same for:

    chrome:extensions

    Let me know.....MrC
Link to post
Share on other sites

Here is the ADWCleaner log: 

 

# AdwCleaner v3.007 - Report created 16/10/2013 at 12:17:08
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chef - CHEF-PC
# Running from : C:\Users\Chef\AppData\Local\Temp\dlm9CA6.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [859 octets] - [15/10/2013 11:29:47]
AdwCleaner[R1].txt - [872 octets] - [15/10/2013 11:39:11]
AdwCleaner[R2].txt - [1007 octets] - [16/10/2013 12:15:48]
AdwCleaner[s0].txt - [921 octets] - [15/10/2013 11:31:05]
AdwCleaner[s1].txt - [932 octets] - [15/10/2013 11:43:27]
AdwCleaner[s2].txt - [930 octets] - [16/10/2013 12:17:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [989 octets] ##########
 
 
Here is the Malwarebytes log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.15.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Chef :: CHEF-PC [administrator]
 
Protection: Enabled
 
10/16/2013 12:23:04 PM
mbam-log-2013-10-16 (12-23-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195390
Time elapsed: 4 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

Also, I tried the steps for Chrome. The step of managing search engines seems to have done the trick. I deleted the yahoo search engine and now everything is normal. Also, looking at my plugins, there was only one that I didn't recognize, called Native Client, here is the info on that:

 

Native Client (Disabled)
Name: Native Client
Version:  
Location: C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
Type: PPAPI (in-process)
  Enable
MIME types: MIME type Description File extensions application/x-nacl Native Client Executable .

 

I went ahead and disabled it, do you think I should re-enable it? I'm not sure what it does. 

 

Also, thank you very much for your help! This is an outstanding forum and you have done a wonderful job! 

Link to post
Share on other sites

Native Client is OK to (it's in my Chrome also)

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here is the security check log:

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Looks Good......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.