basicuser49 Posted February 19, 2014 ID:793704 Share Posted February 19, 2014 I, too, seem to have rushed through the download of IObit and not realized that I was getting this malware, or whatever it is. I have just deleted the Slick Savings and IObit Apps Toolbar v 8.7 using uninstall, but still have redirects on all my browsers to ...spigot-yhp-ch. I would really appreciate some help ridding my computer of this; looks like there are a number of experts who have successfully helped members. I will, however, need to be walked through the steps. Using Windows 7, 64-bit.Thank you so much for helping! Link to post Share on other sites More sharing options...
labman Posted February 19, 2014 ID:793714 Share Posted February 19, 2014 I am currently going through the same thing - I feel your pain. Link to post Share on other sites More sharing options...
MrCharlie Posted February 19, 2014 ID:793767 Share Posted February 19, 2014 @labman, stop posting in other peoples topics...now!-------------------@basicuser49,Welcome to the forum, please start HEREPost back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)(please don't put logs in code or quotes and use the default font)(Please don't forget to run the RogueKiller scan below)General Forum P2P/Piracy Warning:1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Failure to remove such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsWhich system am I using?Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes and use the default font)MrCNote:Please read all of my instructions completely including these.Make sure system restore is turned on and running, please create a new restore pointMake sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
basicuser49 Posted February 20, 2014 Author ID:793982 Share Posted February 20, 2014 Thanks very much for looking at this!! If I do something incorrectly, it is unintentional - I will do my utmost to follow your instructions to the letter. Here are the contents of the two files, dds and attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 1/2/2010 6:59:23 PMSystem Uptime: 2/19/2014 8:33:53 PM (2 hours ago).Motherboard: ASRock | | G965M-SProcessor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPUSocket | 2592/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 146.118 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart C4700 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart C4700 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: Microsoft PS/2 MouseDevice ID: ACPI\PNP0F03\4&1D814FD4&0Manufacturer: MicrosoftName: Microsoft PS/2 MousePNP Device ID: ACPI\PNP0F03\4&1D814FD4&0Service: i8042prt.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Photosmart C4700 seriesDevice ID: ROOT\IMAGE\0001Manufacturer: HPName: Photosmart C4700 seriesPNP Device ID: ROOT\IMAGE\0001Service: StillCam.Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}Description: Standard PS/2 KeyboardDevice ID: ACPI\PNP0303\4&1D814FD4&0Manufacturer: (Standard keyboards)Name: Standard PS/2 KeyboardPNP Device ID: ACPI\PNP0303\4&1D814FD4&0Service: i8042prt.==== System Restore Points ===================.RP916: 2/12/2014 12:36:23 PM - Installed RapportRP917: 2/12/2014 2:42:03 PM - Windows UpdateRP918: 2/12/2014 5:02:10 PM - Installed RapportRP919: 2/16/2014 10:35:31 AM - Windows UpdateRP920: 2/19/2014 8:33:48 AM - Removed IObit Apps Toolbar v8.7.RP921: 2/19/2014 11:36:33 AM - Installed RapportRP922: 2/19/2014 8:38:20 PM - Installed Rapport.==== Installed Programs ======================.123 Free Solitaire 2009 v7.264 Bit HP CIO Components Installer7-Zip 9.20 (x64 edition)Acrobat.comAdobe AIRAdobe Community HelpAdobe Digital EditionsAdobe Download AssistantAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Flash Professional CS5.5Adobe Photoshop CS5.1Adobe Reader X (10.1.9)Adobe Shockwave Player 12.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAptana Studio 3ATI Catalyst Install ManagerBlackBerry Desktop Software 6.0.1BMW Performance ScreensaverBMW Screensaver Screen SaverBonjourBufferChmC4700CamStudio OSS Desktop RecorderCamtasia Studio 8Catalyst Control Center InstallProxyCitrix Authentication ManagerCitrix ReceiverCitrix Receiver (HDX Flash Redirection)Citrix Receiver InsideCitrix Receiver UpdaterCitrix Receiver(Aero)Citrix Receiver(DV)Citrix Receiver(USB)Coupon Printer for WindowsCursorFXDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDevice Doctor v2.1DeviceDiscoveryEasyWorship 2009Evernote v. 4.6.6ffdshow [rev 1723] [2007-12-24]FileZilla Client 3.7.3Fitbit ConnectFlyingBit Password KeeperFree Word Excel PowerPoint to Pdf Converter 5.5Garmin Communicator PluginGarmin USB DriversGarmin WebUpdaterGenie Backup AssistantGoogle ChromeGoogle EarthGoogle Update HelperGPBaseService2Hauppauge WinTV 7Hauppauge WinTV Infrared RemoteHauppauge WinTV SchedulerHP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6HP Print Projects 1.0HP Product DetectionHP Smart Web Printing 4.60HP Solution Center 14.0HPPhotoGadgethpPrintProjectsHPProductAssistantHPSSupplyhpWLPGInstalleriCloudInkscape 0.48.2iTunesJava 7 Update 25Java Auto UpdaterJava 6 Update 35KoboLinkedIn Outlook ConnectorMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMCEBrowserMerriam Websters Spell JamMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Live Add-in 1.5Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Social Connector Provider for Facebook 32-bitMicrosoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft Save as PDF Add-in for 2007 Microsoft Office programsMicrosoft Search Enhancement PackMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Sync Framework 2.0 Core Components (x64) ENUMicrosoft Sync Framework 2.0 Provider Services (x64) ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorldWide TelescopeMicrosoft XNA Framework Redistributable 4.0Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86MobileMe Control PanelMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMr SmoothMr Smooth v1.0MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Network64Notepad++Online Plug-inPDF Settings CS5PlayReady PC Runtime amd64PS_AIO_06_C4700_SW_MinQuickTimeQuickTransferRapportReadon TV Movie Radio Player 7.2.0.0Realtek Ethernet Controller Driver For Windows Vista and LaterRuneScape Launcher 1.0.1RuneScape Launcher 1.2SafariScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSelf-service Plug-inService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionShop for HP SuppliesSmartWebPrintingSolutionCenterSpelling Dictionaries Support For Adobe Reader 9StatusswMSMSyncToy 2.1 (x64)ToolboxTrayAppTVersity Codec Pack 1.4TVersity Media Server 1.9.2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817369) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817396) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2837583) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2837595) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687567) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2775360) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVirtualDJ Home FREEVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Visual C++ 8.0 Runtime Setup Package (x64)Visual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 Redistributablesweb-radio ToolbarWebRegWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Live SyncWinZip 14.5Yahoo! Install ManagerZinio Reader 4.==== Event Viewer Messages From Past Week ========.2/19/2014 8:41:22 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).2/19/2014 8:39:21 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-21409935352/19/2014 8:39:21 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-21409935352/19/2014 8:39:21 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.2/19/2014 8:37:38 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).2/19/2014 8:37:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd2/19/2014 8:34:55 PM, Error: Service Control Manager [7000] - The CIR Receiver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.2/19/2014 8:34:41 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the path specified.2/19/2014 8:34:06 PM, Error: volmgr [46] - Crash dump initialization failed!2/19/2014 8:34:01 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).2/19/2014 8:33:59 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.2/19/2014 10:58:00 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.2/17/2014 4:50:31 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.2/16/2014 5:02:03 PM, Error: Service Control Manager [7031] - The Fitbit Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.2/16/2014 11:13:56 PM, Error: Service Control Manager [7031] - The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.2/13/2014 4:13:02 PM, Error: Service Control Manager [7034] - The Fitbit Connect Service service terminated unexpectedly. It has done this 3 time(s).2/12/2014 5:03:17 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.2/12/2014 4:59:32 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.2/12/2014 12:36:08 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2Run by Owner at 21:55:42 on 2014-02-19Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3263.1618 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Program Files (x86)\WinTV\Extend\WinTVExtender.exeC:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXEC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Users\Brent\AppData\Local\TVersity\Media Server\MediaServer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\Citrix\ICA Client\redirector.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Citrix\Receiver\Receiver.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k swprvC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\splwow64.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservedURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllEB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startupmRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -TCP: NameServer = 192.168.0.1TCP: Interfaces\{561E1423-13F4-4B99-B7E4-8742B3B9AA02} : NameServer = 8.8.8.8TCP: Interfaces\{561E1423-13F4-4B99-B7E4-8742B3B9AA02} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{74340FA0-6E39-4C9B-86C8-5BFFB86C5388} : DHCPNameServer = 64.71.255.198 64.71.255.253Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: intu-qt2009 - <Clsid value has no data>Handler: linkscanner - <Clsid value has no data>SSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} -x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: intu-qt2009 - <Clsid value has no data>x64-Handler: linkscanner - <Clsid value has no data>x64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xkcu5770.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dllFF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dllFF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dllFF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2014-02-17 11:53; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FFFF - ExtSQL: !HIDDEN! 2010-06-13 18:10; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.request.max-start-delay - 0FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: browser.turbo.enabled - trueFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.chrome.favicons - falseFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.cache.memory.capacity - 65536FF - user.js: content.notify.ontimer - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.switch.threshold - 750000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-1-26 236248]R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-6-30 588048]R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-2-13 228760]R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-2-13 357272]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-3 203776]R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]R2 Hauppauge WinTV Extender;Hauppauge WinTV Extender;C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [2011-1-31 67584]R2 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2010-9-6 602624]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-19 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-19 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-19 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-27 239616]S2 !SASCORE;SAS Core Service; [x]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 hcw10cir;CIR Receiver;C:\Windows\System32\drivers\hcw10cir.sys [2013-4-12 46080]S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-2-17 2151200]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\System32\drivers\hcw10bda.sys [2013-4-12 650352]S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-1-11 38912]S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-1-11 1631488]S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-1-11 1634176]S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-2-20 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-3 1255736].=============== File Associations ===============.FileExt: .js: JSFile="C:\Users\Owner\AppData\Local\Aptana Studio 3\AptanaStudio3.exe" "%1".=============== Created Last 30 ================.2014-02-19 20:46:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-02-19 14:00:36 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53C35A25-A670-4FC5-9882-829522C7EE8E}\mpengine.dll2014-02-19 00:40:02 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-02-18 09:20:02 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D761A7B4-D6DA-447F-B923-E2741738DA60}\gapaengine.dll2014-02-17 21:50:39 -------- d-----w- C:\ProgramData\ProductData2014-02-17 21:49:45 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot2014-02-17 15:34:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.12014-02-17 15:34:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZinioReader42014-01-27 01:55:36 -------- d-----w- C:\ProgramData\FitbitConnect2014-01-27 01:55:36 -------- d-----w- C:\Program Files (x86)\Fitbit Connect.==================== Find3M ====================.2014-02-05 18:24:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 18:24:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 22:00:02.19 =============== Here is the RogueKiller report: RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Owner [Admin rights]Mode : Scan -- Date : 02/19/2014 22:26:29| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++--- User ---[MBR] 751df808719d17827bebc068e2d336ea[bSP] 1b11bbc7b3cc5a697fa859783a5f82e8 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_02192014_222629.txt >> Thanks again. If there is anything I missed please let me know. Link to post Share on other sites More sharing options...
MrCharlie Posted February 20, 2014 ID:793990 Share Posted February 20, 2014 OK...Be back in the AM, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted February 20, 2014 ID:794145 Share Posted February 20, 2014 Please start with this: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Last................. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 21, 2014 Author ID:794477 Share Posted February 21, 2014 AdwCleanerR0.txtIf you don't mind, I'm posting the results one step at a time. I'm not sure if there is anything on the AdwCleaner report that I should be keeping. The folders related to web-radio, Systweak and AVG Security Toolbar in particular (which I don't think we use anymore). Absolutely no idea if anything in the registry should be kept. The hamachi and similar were probably from my teenager... And don't know about the browser files (preferences?)Thanks for your help!! Link to post Share on other sites More sharing options...
MrCharlie Posted February 21, 2014 ID:794485 Share Posted February 21, 2014 It's all "crap-ware" get rid of it. "preferences" are just listed in the report and won't be deleted. MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 21, 2014 Author ID:794500 Share Posted February 21, 2014 Here is the log from Malwarebytes. I did the scan yesterday before I submitted this topic, hoping it would clear things up but it didn't. Everything is still in Quarantine, haven't removed anything yet. mbam-log-2014-02-19 (15-47-14).txt Link to post Share on other sites More sharing options...
MrCharlie Posted February 21, 2014 ID:794507 Share Posted February 21, 2014 OK, you cleaned all what AdwCleaner found...correct? Run these now: Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.and...... Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 22, 2014 Author ID:794965 Share Posted February 22, 2014 Hi again. Yes, I removed everything found by AdwCleaner. I tried to find the two files created by FRST, but I couldn't access them - C:\Users\Owner|AppData\Local|Microsoft\Windows\Temporary Internet Files\.... tells me I don't have access, and I'm to contact owner/administrator of which I am both. So instead I saved the notepad files to my documents directory and hope this works for you. If not, please advise.Thanks again for being patient. This is way out of my comfort zone. Attach.txtFRST.txt Link to post Share on other sites More sharing options...
basicuser49 Posted February 22, 2014 Author ID:794987 Share Posted February 22, 2014 Here are the results from the Junkware Removal Tool. JRT.txt I hope I am doing this all correctly. Please advise if you see that anything doesn't look right. Thanks so much. Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2014 ID:794988 Share Posted February 22, 2014 I need to see the Addition.txt from FRST, you posted the Attach.txt from DDS. MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 22, 2014 Author ID:794995 Share Posted February 22, 2014 Addition.txt Sorry about that. Here is the file. Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2014 ID:795001 Share Posted February 22, 2014 CHR HomePage: http://ca.search.yahoo.com/?type=198484&fr=spigot-yhp-chCHR RestoreOnStartup: "http://ca.search.yahoo.com/?type=198484&fr=spigot-yhp-ch"CHR DefaultSearchKeyword: yahoo.com searchCHR DefaultSearchProvider: YahooCHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=198484&p={searchTerms} You have to manually change Chromes home and search pages:https://support.google.com/chrome/answer/2765944?hl=en ---------------------Download the attached fixlist.txt to the same folder as FRST.Run FRST.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.Let me know how it is, MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 23, 2014 Author ID:795290 Share Posted February 23, 2014 Great, Google Chrome was fixed up first using the instructions in the link - thanks. So sorry, but I don't see the attachment fixlist.txt. More directions please? Link to post Share on other sites More sharing options...
MrCharlie Posted February 23, 2014 ID:795295 Share Posted February 23, 2014 Here it is, MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 23, 2014 Author ID:795449 Share Posted February 23, 2014 I ran it last night and IE is good - no more home page hijack!!! I know you have more clean up for me to do from reading other threads. I have some obligations that mean I won't be available for a few days. Can I complete that part of the process on Thursday? Can't say enough about how helpful you have been. Thanks again. Link to post Share on other sites More sharing options...
MrCharlie Posted February 23, 2014 ID:795452 Share Posted February 23, 2014 OK...... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
basicuser49 Posted February 23, 2014 Author ID:795486 Share Posted February 23, 2014 Will do on Thursday. Shutting down machine until then. Very sorry but ran out of time...be back soon. One question to clarify, you want me to cut and paste the contents of checkup.txt into my next post, correct? Link to post Share on other sites More sharing options...
MrCharlie Posted February 23, 2014 ID:795496 Share Posted February 23, 2014 Yes, that's the only way you can properly read the log, MrC Link to post Share on other sites More sharing options...
basicuser49 Posted March 1, 2014 Author ID:797997 Share Posted March 1, 2014 Sorry for the delay - here are the results. Results of screen317's Security Check version 0.99.79 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java 7 Update 25 Java version out of Date! Adobe Flash Player 12.0.0.70 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox 22.0 Firefox out of Date! Google Chrome 32.0.1700.107 Google Chrome 33.0.1750.117 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted March 1, 2014 ID:798068 Share Posted March 1, 2014 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Windows 7 x64 (UAC is enabled)Out of date service pack!! <-----please visit Windows Update for this-----------------------------------Java™ 6 Update 35 <-----uninstall from your add/remove programsJava 7 Update 25 <----update, should be Update 51Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff".------------------------------Adobe Flash Player 12.0.0.70 Flash Player out of Date! <---this is OK--------------------------------Adobe Reader 9 Adobe Reader out of Date! <---please uninstallAdobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).------------------------------Mozilla Firefox 22.0 Firefox out of Date! <----please check for an update if available.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter. (it may look like CF is re-installing but it's not)This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------Please download OTC to your desktop. (This will clean up most of the tools and logs)http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete. (right click.....Delete)IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.Note:If you used FRST and can't delete the quarantine folder:Download the fixlist.txt to the same folder as FRST.exe.Run FRST.exe and click Fix only once and waitThat will delete the quarantine folder created by FRST.The rest you can manually delete.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2014 Root Admin ID:798825 Share Posted March 3, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts