Spigot, Yahoo search Malware

[doublejay]

Hello, 

   I've taken all the steps listen in the forum about the Yahoo search malware that keeps opening in chrome. Here are the dds.scr logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 

Run by Chef at 13:11:59 on 2013-10-15

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7659.5358 [GMT -7:00]

.

AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Users\Chef\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3683DCE9-1CCC-4328-8DD7-265B6811EB2A} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-19 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-14 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-14 365568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]

R2 BackupService;BackupService;C:\Users\Chef\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2013-10-1 83512]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-9-19 2375168]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-15 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-15 701512]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-17 87168]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-9-19 46136]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-17 188544]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-15 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-9-19 337512]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-9-19 47232]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-19 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-19 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-19 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-23 1255736]

.

=============== Created Last 30 ================

.

2013-10-15 19:23:22 -------- d-----w- C:\Users\Chef\AppData\Roaming\Malwarebytes

2013-10-15 19:23:12 -------- d-----w- C:\ProgramData\Malwarebytes

2013-10-15 19:23:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-10-15 19:23:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-15 19:22:53 -------- d-----w- C:\Users\Chef\AppData\Local\Programs

2013-10-15 18:29:44 -------- d-----w- C:\AdwCleaner

2013-10-15 18:00:03 -------- d--h--w- C:\Users\Chef\AppData\Roaming\AVG2014

2013-10-15 17:59:30 -------- d--h--w- C:\Users\Chef\AppData\Roaming\TuneUp Software

2013-10-15 17:59:10 -------- d--h--w- C:\$AVG

2013-10-15 17:59:10 -------- d-----w- C:\ProgramData\AVG2014

2013-10-15 17:58:26 -------- d-----w- C:\Program Files (x86)\AVG

2013-10-15 17:55:42 -------- d--h--w- C:\Users\Chef\AppData\Local\MFAData

2013-10-15 17:55:42 -------- d--h--w- C:\Users\Chef\AppData\Local\Avg2014

2013-10-15 17:55:42 -------- d--h--w- C:\ProgramData\Common Files

2013-10-15 17:55:42 -------- d-----w- C:\ProgramData\MFAData

2013-10-15 17:13:58 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-15 02:05:58 -------- d--h--w- C:\Users\Chef\AppData\Roaming\uTorrent

2013-10-15 02:02:34 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D18B6DB4-2658-403B-ADA6-32BE9F38578B}\mpengine.dll

2013-10-15 02:01:40 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-10-15 02:01:11 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2013-10-02 18:06:02 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-10-01 18:41:52 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center

2013-10-01 18:11:54 -------- d-----w- C:\ProgramData\HPSS

2013-10-01 18:11:42 -------- d--h--w- C:\Users\Chef\AppData\Roaming\HP SimpleSave Application

2013-10-01 18:11:41 -------- d--h--w- C:\Users\Chef\AppData\Roaming\HPSS

2013-10-01 05:09:43 -------- d--h--w- C:\Users\Chef\AppData\Local\Apple Computer

2013-10-01 05:09:36 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-10-01 05:09:15 -------- d-----w- C:\Program Files\iPod

2013-10-01 05:09:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-10-01 05:09:14 -------- d-----w- C:\Program Files\iTunes

2013-10-01 05:09:14 -------- d-----w- C:\Program Files (x86)\iTunes

2013-10-01 05:08:27 -------- d--h--w- C:\Users\Chef\AppData\Local\Apple

2013-10-01 05:07:50 -------- d-----w- C:\Program Files\Bonjour

2013-10-01 05:07:50 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-10-01 05:02:13 -------- d--h--w- C:\Users\Chef\AppData\Local\HP

2013-09-30 16:16:43 -------- d--h--w- C:\Users\Chef\AppData\Roaming\LibreOffice

2013-09-30 16:14:35 -------- d-----w- C:\Program Files (x86)\LibreOffice 4

2013-09-28 07:45:06 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-09-26 04:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2013-09-25 06:01:00 -------- d--h--w- C:\Users\Chef\AppData\Local\Google

2013-09-25 06:00:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-25 06:00:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-25 06:00:12 -------- d--h--w- C:\Users\Chef\AppData\Local\Adobe

2013-09-24 06:34:56 -------- d--h--w- C:\Users\Chef\AppData\Local\Hewlett-Packard

2013-09-23 19:16:14 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-09-23 19:16:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-09-23 19:16:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-09-23 19:16:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-09-23 19:16:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-09-23 19:16:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-09-23 19:16:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-23 19:14:03 96768 ----a-w- C:\Windows\System32\fsutil.exe

2013-09-23 19:14:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2013-09-23 19:14:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2013-09-23 19:14:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2013-09-23 19:14:03 2565632 ----a-w- C:\Windows\System32\esent.dll

2013-09-23 19:14:03 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-09-23 19:14:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2013-09-23 19:14:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2013-09-23 19:14:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2013-09-23 19:14:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2013-09-23 19:12:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-09-23 19:12:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-09-23 19:09:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-09-23 19:09:52 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-09-23 18:57:51 -------- d-----w- C:\ProgramData\Synaptics

2013-09-23 18:52:31 -------- d-----w- C:\Windows\SysWow64\Wat

2013-09-23 18:52:31 -------- d-----w- C:\Windows\System32\Wat

2013-09-20 07:12:13 -------- d-----w- C:\Windows\System32\MRT

2013-09-20 06:59:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-09-20 06:59:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-09-20 06:59:41 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-09-20 06:33:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-09-20 06:33:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-09-20 06:33:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-09-20 06:33:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-09-20 06:33:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-09-20 06:33:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-09-20 06:33:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-09-20 06:29:10 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-09-20 06:26:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-09-20 06:26:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-09-20 06:26:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-09-20 06:26:50 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-09-20 06:26:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-09-20 06:22:28 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-09-20 06:21:59 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-09-20 06:20:59 395776 ----a-w- C:\Windows\System32\webio.dll

2013-09-20 06:10:35 67072 ----a-w- C:\Windows\splwow64.exe

2013-09-20 06:10:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-09-20 06:10:14 77312 ----a-w- C:\Windows\System32\packager.dll

2013-09-20 06:10:14 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-09-20 05:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree

2013-09-20 05:49:44 -------- d--h--w- C:\Users\Chef\AppData\Roaming\hpqLog

2013-09-20 05:48:58 -------- d-----w- C:\HP

2013-09-20 05:48:02 -------- d--h--w- C:\Users\Chef\AppData\Local\AuthenTec

2013-09-20 05:47:00 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2012

2013-09-20 05:46:04 -------- d-----w- C:\Program Files\Common Files\AuthenTec

2013-09-20 05:46:04 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec

2013-09-20 05:41:48 -------- d-----w- C:\d99b3ac3a35707bcae77

2013-09-20 05:41:45 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys

2013-09-20 05:40:37 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-09-20 05:38:46 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-09-20 05:37:14 180736 ----a-w- C:\Windows\System32\ifsutil.dll

2013-09-20 05:37:14 148992 ----a-w- C:\Windows\SysWow64\ifsutil.dll

2013-09-20 05:29:51 -------- d-----w- C:\Windows\Hewlett-Packard

2013-09-20 05:21:47 -------- d-----w- C:\Windows\SysWow64\sda

2013-09-20 05:21:18 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll

2013-09-20 05:21:18 337512 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys

2013-09-20 05:21:18 -------- d-----w- C:\Program Files (x86)\Realtek

2013-09-20 05:15:43 -------- d--h--w- C:\Users\Chef\AppData\Roaming\Synaptics

2013-09-20 05:13:14 -------- d-----w- C:\Program Files\Synaptics

2013-09-20 05:09:53 -------- d-----w- C:\Program Files\Validity Sensors

2013-09-20 05:08:11 -------- d--h--w- C:\Users\Chef\AppData\Local\AMD

2013-09-20 05:07:59 -------- d--h--w- C:\Users\Chef\AppData\Local\ATI

2013-09-20 05:04:54 0 ----a-w- C:\Windows\ativpsrm.bin

2013-09-20 05:01:59 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-09-20 05:01:57 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-09-20 05:01:57 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-09-20 05:01:03 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2013-09-20 05:01:03 -------- d-----w- C:\ProgramData\AMD

2013-09-20 05:00:57 47232 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2013-09-20 04:59:50 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-09-20 04:59:37 -------- d-----w- C:\Program Files\ATI Technologies

2013-09-20 04:59:35 -------- d-----w- C:\Program Files\ATI

2013-09-20 04:07:05 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

2013-09-20 04:06:13 -------- d-sh--w- C:\Windows\Installer

2013-09-20 03:11:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-09-20 03:11:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-09-20 03:11:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-09-20 03:07:25 220160 ----a-w- C:\Windows\System32\staco64.dll

2013-09-20 03:07:24 521728 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2013-09-20 03:07:23 652288 ------w- C:\Windows\System32\stapi64.dll

2013-09-20 03:07:23 431616 ----a-w- C:\Windows\System32\stcplx64.dll

2013-09-20 03:07:23 1500672 ----a-w- C:\Windows\System32\stapo64.dll

2013-09-20 03:07:18 -------- d-----w- C:\Program Files\IDT

2013-09-20 03:05:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-09-20 03:04:54 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-09-20 03:04:31 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-09-20 03:04:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-09-20 03:02:51 -------- d-----w- C:\ProgramData\Ralink Driver

2013-09-20 03:02:21 -------- d-----w- C:\SWSetup

2013-09-20 02:31:38 -------- d--h--w- C:\Users\Chef\AppData\Local\Diagnostics

2013-09-20 02:10:27 -------- d-----w- C:\Windows\Panther

.

==================== Find3M  ====================

.

2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-09 05:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-02 17:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-09-02 17:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-09-02 17:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-09-02 17:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-08-24 00:27:08 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2013-08-24 00:27:08 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2013-08-21 05:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-08-01 23:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 13:12:26.48 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 9/19/2013 7:26:21 PM

System Uptime: 10/15/2013 12:18:04 PM (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 358B

Processor: AMD A8-3500M APU with Radeon HD Graphics | Socket FS1 | 795/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 594 GiB total, 452.887 GiB free.

D: is CDROM ()

E: is FIXED (FAT32) - 2 GiB total, 1.985 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP48: 10/2/2013 11:06:12 AM - Installed HP Support Assistant

RP49: 10/2/2013 11:08:55 AM - Windows Modules Installer

RP50: 10/2/2013 11:09:41 AM - Windows Modules Installer

RP51: 10/14/2013 7:01:40 PM - Windows Update

RP52: 10/15/2013 10:00:24 AM - Windows Update

RP53: 10/15/2013 10:58:12 AM - Installed AVG 2014

RP54: 10/15/2013 10:58:40 AM - Installed AVG 2014

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

AMD APP SDK Runtime

AMD Fuel

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

AuthenTec TrueAPI

AVG 2014

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ESU for Microsoft Windows 7 SP1

Google Chrome

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Connection Manager

HP Customer Experience Enhancements

HP On Screen Display

HP Power Manager

HP Quick Launch

HP SimplePass 2012

HP Software Framework

HP Support Assistant

IDT Audio

iTunes

LibreOffice 4.1.1.2

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Mouse and Keyboard Center

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Ralink RT5390 802.11b/g/n WiFi Adapter

Realtek PCIE Card Reader

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Synaptics TouchPad Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Validity WBF DDK

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

VLC media player 2.1.0

WMV9/VC-1 Video Playback

.

==== Event Viewer Messages From Past Week ========

.

10/15/2013 12:17:18 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/15/2013 12:06:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/15/2013 12:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/15/2013 12:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/15/2013 12:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/15/2013 12:06:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/15/2013 12:06:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 12:06:19 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.

10/15/2013 11:35:10 AM, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/15/2013 11:35:09 AM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

10/15/2013 10:04:16 AM, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

10/14/2013 8:01:20 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.

.

==== End Of File ===========================

 

 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[doublejay]

Ok I've done the requested protocol. Here is the RK log:

 

RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Chef [Admin rights]

Mode : Scan -- Date : 10/16/2013 09:21:26

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS547564A9E384 SATA Disk Device +++++

--- User ---

[MBR] f5e7a2c70dcd987a98f1a92b785fade4

[bSP] 89a81fc00455c8f4be0dd10a2502d92b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 608322 Mo

2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1246050304 | Size: 2048 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10162013_092126.txt >>

RKreport[0]_S_10152013_120923.txt

[MrCharlie]

(Note: Chrome may have to be manually reset...see below)

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Chrome:

First make sure you have the latest version of Chrome:
Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update


Next:
Go to Tools > Clear Browser Data
Put a check next to all of these:

• Clear browsing history
• Clear download history
• Delete cookies and other site and plug-in data
• Empty the cache
• Click "Clear Browsing Data"
  
  -------------------------------
  
  Next:
  Click the Chrome menu on the browser toolbar.
  Select Settings.
  In the "Search" section, click Manage search engines.
  Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.
  Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
  
  -------------------------------------
  
  Click the Chrome menu .
  Select Settings.
  In the "On startup" section, select Open a specific page or set of pages.
  Click Set pages. (in blue to the right)
  Remove any unfamiliar pages.
  
  -----------------------
  
  Click the Chrome menu .
  Select Settings.
  In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.
  If the page isn't the home page you'd like to use, click Change and select your preferred page.
  
  -------------------------
  
  
  Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)
  
  Type the following into the address box and hit Enter:
  
  chrome:plugins
  
  Do the same for:
  
  chrome:extensions
  
  Let me know.....MrC

[doublejay]

Here is the ADWCleaner log: 

 

# AdwCleaner v3.007 - Report created 16/10/2013 at 12:17:08

# Updated 09/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Chef - CHEF-PC

# Running from : C:\Users\Chef\AppData\Local\Temp\dlm9CA6.tmp\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v0.0.0.0

 

 

-\\ Google Chrome v30.0.1599.69

 

[ File : C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [859 octets] - [15/10/2013 11:29:47]

AdwCleaner[R1].txt - [872 octets] - [15/10/2013 11:39:11]

AdwCleaner[R2].txt - [1007 octets] - [16/10/2013 12:15:48]

AdwCleaner[s0].txt - [921 octets] - [15/10/2013 11:31:05]

AdwCleaner[s1].txt - [932 octets] - [15/10/2013 11:43:27]

AdwCleaner[s2].txt - [930 octets] - [16/10/2013 12:17:08]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [989 octets] ##########

 

 

Here is the Malwarebytes log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.15.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Chef :: CHEF-PC [administrator]

 

Protection: Enabled

 

10/16/2013 12:23:04 PM

mbam-log-2013-10-16 (12-23-04).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195390

Time elapsed: 4 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

[doublejay]

Also, I tried the steps for Chrome. The step of managing search engines seems to have done the trick. I deleted the yahoo search engine and now everything is normal. Also, looking at my plugins, there was only one that I didn't recognize, called Native Client, here is the info on that:

 

Native Client (Disabled)

Name: Native Client

Version:  

Location: C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll

Type: PPAPI (in-process)

  Enable

MIME types: MIME type Description File extensions application/x-nacl Native Client Executable .

 

I went ahead and disabled it, do you think I should re-enable it? I'm not sure what it does. 

 

Also, thank you very much for your help! This is an outstanding forum and you have done a wonderful job! 

[MrCharlie]

Native Client is OK to (it's in my Chrome also)

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[doublejay]

Here is the security check log:

 

 Results of screen317's Security Check version 0.99.74  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus 2014   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 AVG avgwdsvc.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[MrCharlie]

Looks Good......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.