Jump to content

Yahoo Spigot infection

dmh1987

By dmh1987
in Resolved Malware Removal Logs

 Share

Recommended Posts

dmh1987

dmh1987

Posted
Posted

Hi

 

My browser home pages defaulted to Yahoo with Spigot in the address bar. Read in a few places about this being an issue and nothing I've done has been able to remove it.

 

I ran dss and the results of the 2 logs are below:

 

dss:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533
Run by Hotshot at 12:17:36 on 2014-03-16
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1300 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uWinlogon: Shell = explorer.exe,c:\users\hotshot\appdata\roaming\dwm.exe
uWindows: Load = c:\users\hotshot\appdata\local\temp\csrss.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [sunJavaUpdateSched] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{60EEEAC0-F670-4F87-8C77-54CAC674AE1A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C08A8DE6-DAA9-4161-B6E5-39F5D736C048} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2007-1-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2007-1-1 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-6 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-6 410784]
R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\adobe\elements 12 organizer\PhotoshopElementsFileAgent.exe [2013-9-3 181152]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-6 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-6 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-5-27 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-5-27 19008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-4 83168]
S3 phc700;USB PC Camera (SPC700NC);c:\windows\system32\drivers\phc700.sys [2011-9-11 644864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-4 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s [?]
.
=============== Created Last 30 ================
.
2014-03-16 12:13:11 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1fed040b-67db-484e-9b13-9614e9e4dd7b}\mpengine.dll
2014-03-11 18:57:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-09 17:51:26 -------- d-----w- c:\users\hotshot\appdata\roaming\uTorrent
2014-02-22 07:39:49 -------- d-----w- c:\windows\Migration
2014-02-20 19:35:05 -------- d-----w- c:\users\hotshot\appdata\roaming\TuneUp Software
2014-02-20 19:32:19 -------- d-----w- c:\programdata\TuneUp Software
2014-02-20 19:32:14 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-20 19:32:14 -------- d--h--w- c:\programdata\Common Files
2014-02-20 19:31:51 -------- d-----w- c:\users\hotshot\appdata\roaming\AnvSoft
2014-02-20 19:31:11 -------- d-----w- c:\users\hotshot\appdata\roaming\OpenCandy
2014-02-20 19:23:20 -------- d-----w- c:\users\hotshot\appdata\roaming\AVS4YOU
2014-02-20 19:21:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2014-02-20 19:21:43 -------- d-----w- c:\programdata\AVS4YOU
2014-02-20 19:21:43 -------- d-----w- c:\program files\common files\AVSMedia
2014-02-20 19:17:54 -------- d-----w- c:\program files\Level Quality Watcher
2014-02-15 11:32:38 -------- d-----w- C:\old hard drive
.
==================== Find3M  ====================
.
2014-02-09 11:11:32 106496 ----a-w- c:\windows\system32\ATL71.DLL
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-28 16:31:48 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-01-28 16:31:48 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:18:21.78 ===============
 
attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 27/05/2008 19:50:34
System Uptime: 16/03/2014 11:12:40 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0RN474
Processor: Intel® Core2 Duo CPU     E4600  @ 2.40GHz | Socket 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 83.995 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 353.891 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 5.664 GiB free.
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 12
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
avast! Free Antivirus
AVG 2011
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Dell Support Center (Support Software)
DivX Converter
DivX Setup
EDocs
Elements 12 Organizer
Firebird 2.0.3
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PRO Network Connections 12.1.11.0
iTunes
Java SE Runtime Environment 6
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mouse Suite for Desktop Computers
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nikon File Uploader 2
Nikon Message Center 2
Picture Control Utility
PSE12 STI Installer
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD DE
Roxio Update Manager
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SavingsBull
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Sonic CinePlayer Decoder Pack
SPC 700NC PC Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
ViewNX 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
16/03/2014 11:24:30, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2726929).
16/03/2014 11:21:02, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Publisher 2003 (KB2810047).
16/03/2014 11:20:55, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB2293428).
16/03/2014 11:20:55, Error: Microsoft-Windows-Dhcp-Client [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001FC65C4703.  The following error occurred:  The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
16/03/2014 11:20:47, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).
16/03/2014 11:20:39, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB980373).
16/03/2014 11:20:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2817480).
16/03/2014 11:20:24, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 (KB2449798).
16/03/2014 11:20:15, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2543854).
16/03/2014 11:20:06, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB975051).
16/03/2014 11:19:58, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
16/03/2014 11:19:48, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2687626).
16/03/2014 11:19:40, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).
16/03/2014 11:19:30, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2817474).
16/03/2014 11:19:21, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760574).
16/03/2014 11:19:13, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760494).
16/03/2014 11:19:05, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2539581).
16/03/2014 11:18:58, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2825621).
16/03/2014 11:18:50, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2535812).
16/03/2014 11:18:43, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB978551).
16/03/2014 11:18:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Excel 2003 (KB2810048).
16/03/2014 11:18:25, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2493523).
16/03/2014 11:18:17, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289163).
16/03/2014 11:18:11, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2288613).
16/03/2014 11:18:03, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2850047).
16/03/2014 11:17:54, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2863866).
16/03/2014 11:15:03, Error: Microsoft-Windows-PrintSpooler [72]  - Windows could not initialize printer Lexmark 4300 Series,0 because the print processor Lexmark 4300 Series Print Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
16/03/2014 11:13:47, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  netfilter
12/03/2014 18:33:05, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
12/03/2014 18:33:05, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/03/2014 18:32:02, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
12/03/2014 18:32:02, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/03/2014 19:01:29, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC NetBIOS netbt netfilter nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/03/2014 19:01:29, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/03/2014 19:00:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/03/2014 19:00:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/03/2014 19:00:21, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/03/2014 19:00:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/03/2014 18:17:19, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{60EEEAC0-F670-4F87-8C77-54CAC674AE1A} because another computer on the network has the same name.  The server could not start.
10/03/2014 19:47:18, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/03/2014 19:47:18, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/03/2014 19:47:18, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/03/2014 21:54:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
09/03/2014 10:06:08, Error: Service Control Manager [7000]  - The Level Quality Watcher service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
 
 
Any help greatly appreciated! 
Thanks

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted

Malwarebytes report:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.16.02
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hotshot :: HOTSHOT-PC [administrator]
 
16/03/2014 13:20:46
MBAM-log-2014-03-16 (14-19-18).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224112
Time elapsed: 7 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 4
HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
HKCU\Software\ndo8thb2ikwe (Malware.Trace) -> No action taken.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.
 
Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Hotshot\AppData\Local\Temp\csrss.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\Hotshot\AppData\Local\Temp\csrss.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Hotshot\AppData\Roaming\dwm.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer|WINID (Malware.Trace) -> Data: 1CAD298FA81C130 -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mplay32xe.exe (Trojan.Downloader) -> Data:  -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Users\Hotshot\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Hotshot\AppData\Roaming\OpenCandy\53F7757075BD414A9864F8153EB8F327 (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
 
Files Detected: 4
C:\Users\Hotshot\Downloads\AVIToMP4ConverterSetupD.exe (PUP.Adware.RKN) -> No action taken.
C:\Users\Hotshot\Downloads\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Hotshot\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
C:\Users\Hotshot\AppData\Roaming\OpenCandy\53F7757075BD414A9864F8153EB8F327\Trial-14.0.1000.90_en-GB_1004745_UK-15d.exe (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
 
Roguekiller report:
 
RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Hotshot [Admin rights]
Mode : Scan -- Date : 03/16/2014 15:29:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500630AS ATA Device +++++
--- User ---
[MBR] 7d0c0767eda73beafad60b177ee537be
[bSP] 143500e28e0f7628a019343ed6099823 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500630AS ATA Device +++++
--- User ---
[MBR] de3b5e8790bf6ce255a316343420b852
[bSP] 1a36389dad8a0d7e38580f4953cbb6d9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03162014_152932.txt >>
 
 
 
Thanks
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

The scan form MB shows: No action taken.
I hope you had MB delete all of the malware found, if not please go back and do so.

-----------------------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted

Thanks

 

I did delete the issues found by Malwarebytes.

 

Deleted everything from the Adwcleaner too. The log for it is here:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 16:28:28
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Hotshot - HOTSHOT-PC
# Running from : C:\Users\Hotshot\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Users\Hotshot\AppData\LocalLow\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16533
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4988 octets] - [16/03/2014 16:15:16]
AdwCleaner[s0].txt - [5009 octets] - [16/03/2014 16:28:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5069 octets] ##########
 
 
Combofix log:
 
ComboFix 14-03-13.01 - Hotshot 16/03/2014  16:45:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1883 [GMT 0:00]
Running from: c:\users\Hotshot\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleansweep .exe
c:\cleansweep .exe\config.bin
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-16 to 2014-03-16  )))))))))))))))))))))))))))))))
.
.
2014-03-16 16:22 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6736C44-2919-432F-BFD1-002015423A5B}\mpengine.dll
2014-03-16 16:15 . 2014-03-16 16:28 -------- d-----w- C:\AdwCleaner
2014-03-16 13:13 . 2014-03-16 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 13:13 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 18:57 . 2014-03-16 13:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-09 17:51 . 2014-03-09 21:54 -------- d-----w- c:\users\Hotshot\AppData\Roaming\uTorrent
2014-02-26 19:43 . 2014-02-26 19:43 -------- d-----w- c:\programdata\WindowsSearch
2014-02-22 07:39 . 2014-02-22 07:39 -------- d-----w- c:\windows\Migration
2014-02-20 19:35 . 2014-02-20 19:35 -------- d-----w- c:\users\Hotshot\AppData\Roaming\TuneUp Software
2014-02-20 19:32 . 2014-02-20 19:35 -------- d-----w- c:\programdata\TuneUp Software
2014-02-20 19:32 . 2014-02-20 19:32 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-20 19:32 . 2014-02-20 19:32 -------- d--h--w- c:\programdata\Common Files
2014-02-20 19:31 . 2014-02-20 19:31 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AnvSoft
2014-02-20 19:23 . 2014-02-20 19:23 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AVS4YOU
2014-02-20 19:21 . 2014-02-20 21:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2014-02-20 19:21 . 2014-02-20 19:23 -------- d-----w- c:\programdata\AVS4YOU
2014-02-20 19:21 . 2012-03-23 19:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2014-02-15 11:32 . 2014-02-15 14:34 -------- d-----w- C:\old hard drive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 11:13 . 2014-02-09 11:13 57344 ----a-r- c:\users\Hotshot\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2014-02-09 11:11 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2014-01-28 16:31 . 2014-01-28 16:31 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-01-28 16:31 . 2014-01-28 16:31 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-18 06:13 . 2009-10-03 08:12 231584 ------w- c:\windows\system32\MpSigStub.exe
.
<pre>c:\program files\Common Files\Real\Update_OB\realsched .exec:\program files\Dell Support Center\bin\sprtcmd .exec:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exec:\program files\Java\jre1.6.0\bin\jusched .exec:\program files\QuickTime\qttask  .exec:\program files\Windows Live\Messenger\msnmsgr    .exec:\windows\System32\hkcmd .exec:\windows\System32\igfxpers .exec:\windows\System32\igfxtray .exe</pre>
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2007-01-01 00:18 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="" [N/A]
"DellSupportCenter"="" [N/A]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite"="" [N/A]
"BBC Alerts"="" [N/A]
"hkvbaptp"="" [N/A]
"CAHeadless"="c:\program files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1046944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="" [N/A]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2007-01-01 3767096]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin710.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin710.exe.lnk
backup=c:\windows\pss\TrayMin710.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-20 16:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-09-26 11:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-09-28 11:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-09-28 11:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-09-28 11:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
c:\program files\Logitech\Logitech Vid\vid.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
c:\program files\Logitech\Logitech WebCam Software\LWS.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]
2006-10-16 09:18 344064 ----a-w- c:\windows\vphc700.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc710]
c:\windows\vphc710.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-09-03 181152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 12:39 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-Adobe Digital Editions - c:\users\hotshot\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-16 16:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\Hotshot\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500630AS rev.3.ADG -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-0 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-16  16:55:11
ComboFix-quarantined-files.txt  2014-03-16 16:55
.
Pre-Run: 87,478,702,080 bytes free
Post-Run: 87,414,509,568 bytes free
.
- - End Of File - - E65C03BDF4CA4696A0680DC699AFBA12
5C616939100B85E558DA92B899A0FC36
 
 
Thanks again
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted

Results from combofix:

 

ComboFix 14-03-13.01 - Hotshot 16/03/2014  17:37:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1849 [GMT 0:00]
Running from: c:\users\Hotshot\Desktop\ComboFix.exe
Command switches used :: c:\users\Hotshot\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-16 to 2014-03-16  )))))))))))))))))))))))))))))))
.
.
2014-03-16 17:43 . 2014-03-16 17:43 -------- d-----w- c:\users\Hotshot\AppData\Local\temp
2014-03-16 17:43 . 2014-03-16 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-16 16:22 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6736C44-2919-432F-BFD1-002015423A5B}\mpengine.dll
2014-03-16 16:15 . 2014-03-16 16:28 -------- d-----w- C:\AdwCleaner
2014-03-16 13:13 . 2014-03-16 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 13:13 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 18:57 . 2014-03-16 13:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-09 17:51 . 2014-03-09 21:54 -------- d-----w- c:\users\Hotshot\AppData\Roaming\uTorrent
2014-02-26 19:43 . 2014-02-26 19:43 -------- d-----w- c:\programdata\WindowsSearch
2014-02-22 07:39 . 2014-02-22 07:39 -------- d-----w- c:\windows\Migration
2014-02-20 19:35 . 2014-02-20 19:35 -------- d-----w- c:\users\Hotshot\AppData\Roaming\TuneUp Software
2014-02-20 19:32 . 2014-02-20 19:35 -------- d-----w- c:\programdata\TuneUp Software
2014-02-20 19:32 . 2014-02-20 19:32 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-20 19:32 . 2014-02-20 19:32 -------- d--h--w- c:\programdata\Common Files
2014-02-20 19:31 . 2014-02-20 19:31 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AnvSoft
2014-02-20 19:23 . 2014-02-20 19:23 -------- d-----w- c:\users\Hotshot\AppData\Roaming\AVS4YOU
2014-02-20 19:21 . 2014-02-20 21:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2014-02-20 19:21 . 2014-02-20 19:23 -------- d-----w- c:\programdata\AVS4YOU
2014-02-20 19:21 . 2012-03-23 19:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2014-02-15 11:32 . 2014-02-15 14:34 -------- d-----w- C:\old hard drive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 11:13 . 2014-02-09 11:13 57344 ----a-r- c:\users\Hotshot\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2014-02-09 11:11 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2014-01-28 16:31 . 2014-01-28 16:31 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-01-28 16:31 . 2014-01-28 16:31 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-18 06:13 . 2009-10-03 08:12 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2007-01-01 00:18 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CAHeadless"="c:\program files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1046944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2007-01-01 3767096]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin710.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin710.exe.lnk
backup=c:\windows\pss\TrayMin710.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 10:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-20 16:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-09-26 11:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-09-28 11:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-09-28 11:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-09-28 11:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]
2006-10-16 09:18 344064 ----a-w- c:\windows\vphc700.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-09-03 181152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 12:39 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 22:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - (no file)
HKCU-Run-DellSupportCenter - (no file)
HKCU-Run-Sony Ericsson PC Suite - (no file)
HKCU-Run-BBC Alerts - (no file)
HKCU-Run-hkvbaptp - (no file)
HKLM-Run-SunJavaUpdateSched - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\vid.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
MSConfigStartUp-phc710 - c:\windows\vphc710.exe
MSConfigStartUp-PMX Daemon - ICO.EXE
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-16 17:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500630AS rev.3.ADG -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-0 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-16  17:45:26
ComboFix-quarantined-files.txt  2014-03-16 17:45
ComboFix2.txt  2014-03-16 16:55
.
Pre-Run: 87,437,623,296 bytes free
Post-Run: 87,433,867,264 bytes free
.
- - End Of File - - 6AAA8AC6EF7877D6FE1F5591C9F432A3
5C616939100B85E558DA92B899A0FC36
 
 
Thanks
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, that looks good now.

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted

Hi

 

FRST log below, addition log attached

 

thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Hotshot (administrator) on HOTSHOT-PC on 17-03-2014 18:36:51
Running from C:\Users\Hotshot\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2007-01-01] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4452352 2007-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-1226976259-2068338941-445209694-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1226976259-2068338941-445209694-1000\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1046944 2013-09-03] (Adobe Systems Incorporated)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FCC664E8-590D-4C6E-80E9-182048FC8908} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Google Search) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Google Wallet) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-12-22]
CHR Extension: (Gmail) - C:\Users\Hotshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
========================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-01-01] (AVAST Software)
S4 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project)
S4 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-01-01] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2007-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2007-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2007-01-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2007-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2007-01-01] ()
S3 phc700; C:\Windows\System32\DRIVERS\phc700.sys [644864 2006-10-16] ()
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Hotshot\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap; system32\DRIVERS\LVcKap.sys [X]
S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-17 18:36 - 2014-03-17 18:37 - 00013042 _____ () C:\Users\Hotshot\Downloads\FRST.txt
2014-03-17 18:36 - 2014-03-17 18:36 - 00000000 ____D () C:\FRST
2014-03-17 18:35 - 2014-03-17 18:35 - 01145856 _____ (Farbar) C:\Users\Hotshot\Downloads\FRST.exe
2014-03-16 17:45 - 2014-03-16 17:45 - 00011357 _____ () C:\ComboFix.txt
2014-03-16 17:36 - 2014-03-16 17:45 - 00000000 ____D () C:\ComboFix
2014-03-16 17:35 - 2014-03-16 17:35 - 00000855 _____ () C:\Users\Hotshot\Desktop\CFScript.txt - Shortcut.lnk
2014-03-16 16:44 - 2014-03-16 17:45 - 00000000 ____D () C:\Qoobox
2014-03-16 16:44 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-16 16:44 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-16 16:44 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-16 16:44 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-16 16:44 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-16 16:44 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-16 16:44 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-16 16:44 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-16 16:43 - 2014-03-16 16:54 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 16:34 - 2014-03-16 16:35 - 05190279 ____R (Swearware) C:\Users\Hotshot\Desktop\ComboFix.exe
2014-03-16 16:32 - 2014-03-16 16:32 - 00005149 _____ () C:\Users\Hotshot\Desktop\AdwCleaner[s0].txt
2014-03-16 16:15 - 2014-03-16 16:28 - 00000000 ____D () C:\AdwCleaner
2014-03-16 16:14 - 2014-03-16 16:14 - 01950720 _____ () C:\Users\Hotshot\Downloads\AdwCleaner.exe
2014-03-16 15:29 - 2014-03-16 15:29 - 00003003 _____ () C:\Users\Hotshot\Desktop\RKreport[0]_S_03162014_152932.txt
2014-03-16 14:26 - 2014-03-16 15:29 - 00000000 ____D () C:\Users\Hotshot\Desktop\RK_Quarantine
2014-03-16 14:26 - 2014-03-16 14:26 - 03901952 _____ () C:\Users\Hotshot\Downloads\RogueKiller.exe
2014-03-16 13:13 - 2014-03-16 13:13 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-16 13:13 - 2014-03-16 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-16 13:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-16 13:12 - 2014-03-16 13:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hotshot\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-16 12:18 - 2014-03-16 12:19 - 00017541 _____ () C:\Users\Hotshot\Desktop\attach.txt
2014-03-16 12:18 - 2014-03-16 12:19 - 00010012 _____ () C:\Users\Hotshot\Desktop\dds.txt
2014-03-16 12:16 - 2014-03-16 12:17 - 00688992 ____R (Swearware) C:\Users\Hotshot\Downloads\dds (1).scr
2014-03-16 12:16 - 2014-03-16 12:16 - 00000079 _____ () C:\Windows\wininit.ini
2014-03-16 12:13 - 2013-11-13 00:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 21:13 - 2014-03-11 21:13 - 00000680 _____ () C:\Users\Hotshot\AppData\Local\d3d9caps.dat
2014-03-11 18:57 - 2014-03-16 13:01 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-11 18:47 - 2014-03-11 18:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Hotshot\Downloads\spybot-2.2.exe
2014-03-09 17:51 - 2014-03-09 21:54 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\uTorrent
2014-03-09 17:50 - 2014-03-09 17:51 - 01853008 _____ (BitTorrent Inc.) C:\Users\Hotshot\Downloads\uTorrent(2).exe
2014-03-08 14:38 - 2014-03-08 14:39 - 24654088 _____ (Mozilla) C:\Users\Hotshot\Downloads\Firefox_Setup_27.0.1.exe
2014-02-26 19:43 - 2014-02-26 19:43 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setupact.log
2014-02-21 07:16 - 2014-03-17 18:29 - 00113480 _____ () C:\Windows\PFRO.log
2014-02-20 21:59 - 2014-02-20 21:59 - 00055864 _____ () C:\Users\Hotshot\Documents\cc_20140220_215904.reg
2014-02-20 19:35 - 2014-02-20 19:35 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\TuneUp Software
2014-02-20 19:32 - 2014-02-20 19:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-20 19:32 - 2014-02-20 19:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\Documents\Any Video Converter
2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AnvSoft
2014-02-20 19:30 - 2014-02-20 19:30 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Hotshot\Downloads\avc-free.exe
2014-02-20 19:23 - 2014-02-20 19:23 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AVS4YOU
2014-02-20 19:21 - 2014-02-20 21:29 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-02-20 19:21 - 2014-02-20 19:23 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-02-20 19:21 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2014-02-20 19:19 - 2014-02-20 19:20 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\Hotshot\Downloads\AVSVideoConverter.exe
2014-02-20 19:13 - 2014-02-20 19:15 - 00930440 _____ (CNET Download.com) C:\Users\Hotshot\Downloads\cbsidlm-cbsi176-Free_AVI_to_MP4_Converter-ORG-75891861.exe
2014-02-20 19:10 - 2014-02-20 20:43 - 00016896 _____ () C:\Users\Hotshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-15 11:32 - 2014-02-15 14:34 - 00000000 ____D () C:\old hard drive
2014-02-15 10:16 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 10:16 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 10:16 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 10:16 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 10:16 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 10:16 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 10:16 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 10:16 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 10:16 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 10:16 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 10:16 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 10:16 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 10:16 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 10:16 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 10:16 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 10:16 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-17 18:37 - 2014-03-17 18:36 - 00013042 _____ () C:\Users\Hotshot\Downloads\FRST.txt
2014-03-17 18:36 - 2014-03-17 18:36 - 00000000 ____D () C:\FRST
2014-03-17 18:36 - 2011-01-26 18:30 - 01929684 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 18:35 - 2014-03-17 18:35 - 01145856 _____ (Farbar) C:\Users\Hotshot\Downloads\FRST.exe
2014-03-17 18:31 - 2008-05-30 14:53 - 00000000 ____D () C:\Users\Hotshot\AppData\Local\Adobe
2014-03-17 18:30 - 2011-12-22 22:30 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 18:29 - 2014-02-21 07:16 - 00113480 _____ () C:\Windows\PFRO.log
2014-03-17 18:29 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 18:29 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 18:29 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 22:29 - 2011-12-22 22:30 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 22:29 - 2006-11-02 13:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 17:45 - 2014-03-16 17:45 - 00011357 _____ () C:\ComboFix.txt
2014-03-16 17:45 - 2014-03-16 17:36 - 00000000 ____D () C:\ComboFix
2014-03-16 17:45 - 2014-03-16 16:44 - 00000000 ____D () C:\Qoobox
2014-03-16 17:43 - 2006-11-02 10:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-16 17:36 - 2009-11-07 14:09 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-16 17:35 - 2014-03-16 17:35 - 00000855 _____ () C:\Users\Hotshot\Desktop\CFScript.txt - Shortcut.lnk
2014-03-16 16:55 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-03-16 16:55 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-03-16 16:54 - 2014-03-16 16:43 - 00000000 ____D () C:\Windows\erdnt
2014-03-16 16:35 - 2014-03-16 16:34 - 05190279 ____R (Swearware) C:\Users\Hotshot\Desktop\ComboFix.exe
2014-03-16 16:32 - 2014-03-16 16:32 - 00005149 _____ () C:\Users\Hotshot\Desktop\AdwCleaner[s0].txt
2014-03-16 16:28 - 2014-03-16 16:15 - 00000000 ____D () C:\AdwCleaner
2014-03-16 16:14 - 2014-03-16 16:14 - 01950720 _____ () C:\Users\Hotshot\Downloads\AdwCleaner.exe
2014-03-16 15:29 - 2014-03-16 15:29 - 00003003 _____ () C:\Users\Hotshot\Desktop\RKreport[0]_S_03162014_152932.txt
2014-03-16 15:29 - 2014-03-16 14:26 - 00000000 ____D () C:\Users\Hotshot\Desktop\RK_Quarantine
2014-03-16 14:26 - 2014-03-16 14:26 - 03901952 _____ () C:\Users\Hotshot\Downloads\RogueKiller.exe
2014-03-16 13:13 - 2014-03-16 13:13 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-16 13:13 - 2014-03-16 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-16 13:12 - 2014-03-16 13:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hotshot\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-16 13:06 - 2014-02-08 13:48 - 00118168 _____ () C:\Users\Hotshot\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-16 13:02 - 2006-11-02 12:47 - 01482584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 13:01 - 2014-03-11 18:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-16 13:01 - 2009-06-11 15:38 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-16 12:43 - 2011-12-22 22:31 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 12:19 - 2014-03-16 12:18 - 00017541 _____ () C:\Users\Hotshot\Desktop\attach.txt
2014-03-16 12:19 - 2014-03-16 12:18 - 00010012 _____ () C:\Users\Hotshot\Desktop\dds.txt
2014-03-16 12:17 - 2014-03-16 12:16 - 00688992 ____R (Swearware) C:\Users\Hotshot\Downloads\dds (1).scr
2014-03-16 12:16 - 2014-03-16 12:16 - 00000079 _____ () C:\Windows\wininit.ini
2014-03-16 12:16 - 2010-04-05 12:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-16 12:15 - 2009-05-26 10:55 - 00000000 ____D () C:\Program Files\Spotify
2014-03-16 12:15 - 2008-12-01 13:22 - 00000000 ____D () C:\Program Files\RegScrubVistaXP
2014-03-16 12:15 - 2008-11-30 12:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-11 21:13 - 2014-03-11 21:13 - 00000680 _____ () C:\Users\Hotshot\AppData\Local\d3d9caps.dat
2014-03-11 18:57 - 2014-03-11 18:47 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Hotshot\Downloads\spybot-2.2.exe
2014-03-10 19:47 - 2008-05-31 22:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-10 19:47 - 2008-05-31 22:46 - 00000000 ____D () C:\Program Files\Adobe
2014-03-10 19:47 - 2008-05-27 19:11 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-09 21:54 - 2014-03-09 17:51 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\uTorrent
2014-03-09 21:51 - 2007-01-01 22:35 - 00000000 ____D () C:\Windows\pss
2014-03-09 17:51 - 2014-03-09 17:50 - 01853008 _____ (BitTorrent Inc.) C:\Users\Hotshot\Downloads\uTorrent(2).exe
2014-03-08 14:39 - 2014-03-08 14:38 - 24654088 _____ (Mozilla) C:\Users\Hotshot\Downloads\Firefox_Setup_27.0.1.exe
2014-02-27 20:40 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-27 18:39 - 2006-11-02 10:33 - 00744336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 19:43 - 2014-02-26 19:43 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 09:15 - 2014-02-21 09:15 - 00000000 _____ () C:\Windows\setupact.log
2014-02-21 07:35 - 2009-11-20 20:19 - 00000000 ____D () C:\Users\Hotshot\Downloads\The Strokes - Is This It
2014-02-21 07:31 - 2012-10-18 19:29 - 00000000 ____D () C:\Users\Hotshot\Downloads\The Black Keys - El Camino
2014-02-20 21:59 - 2014-02-20 21:59 - 00055864 _____ () C:\Users\Hotshot\Documents\cc_20140220_215904.reg
2014-02-20 21:29 - 2014-02-20 19:21 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-02-20 20:43 - 2014-02-20 19:10 - 00016896 _____ () C:\Users\Hotshot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-20 19:35 - 2014-02-20 19:35 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\TuneUp Software
2014-02-20 19:35 - 2014-02-20 19:32 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-20 19:32 - 2014-02-20 19:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\Documents\Any Video Converter
2014-02-20 19:31 - 2014-02-20 19:31 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AnvSoft
2014-02-20 19:30 - 2014-02-20 19:30 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Hotshot\Downloads\avc-free.exe
2014-02-20 19:23 - 2014-02-20 19:23 - 00000000 ____D () C:\Users\Hotshot\AppData\Roaming\AVS4YOU
2014-02-20 19:23 - 2014-02-20 19:21 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-02-20 19:20 - 2014-02-20 19:19 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\Hotshot\Downloads\AVSVideoConverter.exe
2014-02-20 19:15 - 2014-02-20 19:13 - 00930440 _____ (CNET Download.com) C:\Users\Hotshot\Downloads\cbsidlm-cbsi176-Free_AVI_to_MP4_Converter-ORG-75891861.exe
2014-02-15 14:34 - 2014-02-15 11:32 - 00000000 ____D () C:\old hard drive
2014-02-15 11:56 - 2010-08-13 20:27 - 00000000 ____D () C:\Users\Hotshot\Downloads\Mumford and Sons  Sigh No More-2009
2014-02-15 11:50 - 2012-10-18 19:27 - 00000000 ____D () C:\Users\Hotshot\Downloads\Muse - The 2nd Law -2012
2014-02-15 11:43 - 2008-10-16 12:50 - 00000000 ____D () C:\Users\Hotshot\Downloads\Metallica - Death Magnetic [2008]
2014-02-15 10:31 - 2014-02-08 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 10:27 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-17 18:35
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

AS: COMODO Defense+ (Disabled - Up to date) {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall (Disabled) {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

 

I see you have AVAST, Comodo and Defender on the system.

Having two or more anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

--------------------------------------------

You have to manually change Chromes home and search pages:

https://support.google.com/chrome/answer/2765944?hl=en

--------------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know how it is, MrC

Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted

Log below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Hotshot at 2014-03-17 21:06:27 Run:1
Running from C:\Users\Hotshot\Desktop\fix
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FCC664E8-590D-4C6E-80E9-182048FC8908} URL = http://uk.search.yah...&type=599486&p={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Hotshot\Desktop\grade transcript david harshaw.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Desktop\graduation certificate_david harshaw.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Desktop\USB dump:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\applications:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\Dissertation stuff:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\Flat - Gardners Cresecent:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\H.m.d.4x05.Brought by www.OnlineMoviesTime.Com.avi:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\Jules's USB:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\LGUSBModemDriver_WHQL_ML_Ver_4.9.4_IFXG_NP:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\LimeWire:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\My Digital Editions:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\My Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\My Received Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (4):Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\New Folder (5):Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\samsung:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\SelfMV:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\student loan:Roxio EMC Stream
AlternateDataStreams: C:\Users\Hotshot\Documents\TPIFA:Roxio EMC Stream
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCC664E8-590D-4C6E-80E9-182048FC8908} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FCC664E8-590D-4C6E-80E9-182048FC8908} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll not found.
C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll not found.
C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL not found.
C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Hotshot\Desktop\grade transcript david harshaw.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Desktop\graduation certificate_david harshaw.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Desktop\USB dump => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\applications => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\Dissertation stuff => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\Flat - Gardners Cresecent => ":Roxio EMC Stream" ADS removed successfully.
"C:\Users\Hotshot\Documents\H.m.d.4x05.Brought by www.OnlineMoviesTime.Com.avi" => ":Roxio EMC Stream" ADS not found.
C:\Users\Hotshot\Documents\Jules's USB => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\LGUSBModemDriver_WHQL_ML_Ver_4.9.4_IFXG_NP => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\LimeWire => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\My Digital Editions => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\My Downloads => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\My Received Files => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\New Folder => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\New Folder (2) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\New Folder (3) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\New Folder (4) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\New Folder (5) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\samsung => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\SelfMV => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\student loan => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Hotshot\Documents\TPIFA => ":Roxio EMC Stream" ADS removed successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
dmh1987

dmh1987

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.80  

 Windows Vista Service Pack 2 x86 (UAC is disabled!)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Gmer     

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java SE Runtime Environment 6 

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

  Adobe Flash Player 11.3.300.265 Flash Player out of Date!  

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1 % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ SE Runtime Environment 6 <-----please uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 51) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------

Uninstall:

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.3.300.265 Flash Player out of Date!

Flash Player:

Check for an update if available

Downloads are at the top of the page (uncheck the option for the McAfee Security Scan Plus)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.