CrackerJacks Posted January 8, 2015 ID:927420 Share Posted January 8, 2015 Hello. Recently I had some nasty malware and its causing my computer to run very slowly, I could use some help from a expert. Oh I also need help enabling the malicious web protection as it refuses to be enabled when I press "Fix Now". Hope someone could help me out here. Link to post Share on other sites More sharing options...
CrackerJacks Posted January 8, 2015 Author ID:927424 Share Posted January 8, 2015 Just a update malicious web protection was randomly enabled now, so I no longer need help with that. I still need help with the other problem, just a lil update Link to post Share on other sites More sharing options...
kevinf80 Posted January 8, 2015 ID:927453 Share Posted January 8, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Next, Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes select "Report", log will open. Close the program > Don't Fix anything!Post back the report which should also be located here: C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP Let me see those logs in your next reply... Thank you, Kevin... Link to post Share on other sites More sharing options...
CrackerJacks Posted January 8, 2015 Author ID:927478 Share Posted January 8, 2015 Thank you for the help, and I have no piracy I know about on my computer, if you happen to see some notify me and I will gladly remove it as I am unaware that its on my computer. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015Ran by Jack Bogart (administrator) on JACKBOGART-HP on 07-01-2015 21:37:04Running from C:\Users\Jack Bogart\DownloadsLoaded Profiles: Jack Bogart & (Available profiles: Jack Bogart)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Stronghold Online Backup) C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [sMessaging] => C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-14] (Sophos Limited)HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-28] (Razer Inc.)HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1970584 2014-12-12] (APN)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [LightShot] => C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exeHKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GameServer33] => "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exeHKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [ikmsoft] => regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" <===== ATTENTIONHKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GoogleChromeAutoLaunch_5CC83006F824133D17F3FB678FCC5D39] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Jack Bogart\AppData\Local\Temp\sotoxiu\svictiw\wow.dll ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightShot] => C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exeHKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GameServer33] => "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exeHKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ikmsoft] => regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" <===== ATTENTIONHKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_5CC83006F824133D17F3FB678FCC5D39] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1URLSearchHook: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No FileURLSearchHook: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No FileSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM-x32 -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20130104193728063&tb_oid=04-01-2013&tb_mrud=04-01-2013 SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No FileToolbar: HKLM - No Name - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No FileToolbar: HKLM-x32 - No Name - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No FileToolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No FileFF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jack Bogart\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jack Bogart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jack Bogart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FFFF HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF Chrome: =======CHR Profile: C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30]CHR Extension: (Google Docs) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-30]CHR Extension: (Google Drive) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-30]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30]CHR Extension: (YouTube) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]CHR Extension: (Google Search) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-30]CHR Extension: (Google Sheets) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30]CHR Extension: (Google Wallet) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30]CHR Extension: (Gmail) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-30]CHR Extension: (Space Planet) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-10-30]CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACKBO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-08]CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30]CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathCHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACKBO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-08]CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30]CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathCHR HKLM-x32\...\Chrome\Extension: [cbnocfnjkmlljbfgpkbhefnlpbiemhif] - C:\Users\Jack Bogart\AppData\Roaming\OneTab\OneTab.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-23] (APN LLC.)R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-04-24] (Sophos Limited)R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-08-22] (Sophos Limited)R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-14] (Sophos Limited)R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2013-08-22] (Sophos Limited)R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-14] (Sophos Limited)S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-14] (Sophos Limited)U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\ \...\???\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-04-24] (Sophos Limited)S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-04-24] (Sophos Limited)S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-04-24] (Sophos Limited) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 21:37 - 2015-01-07 21:39 - 00032408 _____ () C:\Users\Jack Bogart\Downloads\FRST.txt2015-01-07 21:36 - 2015-01-07 21:37 - 00000000 ____D () C:\FRST2015-01-07 21:36 - 2015-01-07 21:36 - 02124288 _____ (Farbar) C:\Users\Jack Bogart\Downloads\FRST64.exe2015-01-07 21:34 - 2015-01-07 21:35 - 01115648 _____ (Farbar) C:\Users\Jack Bogart\Downloads\FRST.exe2015-01-07 16:59 - 2015-01-07 20:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-01-07 16:59 - 2015-01-07 16:59 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-07 16:59 - 2015-01-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-07 16:58 - 2015-01-07 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-07 16:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-01-07 16:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-01-07 16:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-01-07 16:51 - 2015-01-07 16:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jack Bogart\Downloads\mbam-setup-2.0.4.1028.exe2015-01-07 16:15 - 2015-01-07 16:15 - 00001150 _____ () C:\Users\Jack Bogart\Downloads\w7-wscsvc.zip2015-01-07 16:09 - 2015-01-07 16:10 - 00004264 _____ () C:\Users\Jack Bogart\Downloads\Security Center Service Fix.zip2015-01-07 16:09 - 2015-01-07 16:10 - 00004264 _____ () C:\Users\Jack Bogart\Downloads\Security Center Service Fix (1).zip2015-01-05 15:58 - 2015-01-05 15:58 - 00000000 ____D () C:\HP_TOOLS_mountHPSF2014-12-27 21:59 - 2014-12-27 21:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task2014-12-11 00:51 - 2014-12-11 00:51 - 00639856 _____ (ROBLOX Corporation) C:\Users\Jack Bogart\Downloads\RobloxPlayerLauncher (2).exe2014-12-11 00:23 - 2014-12-11 00:23 - 00000000 ____D () C:\Users\Jack Bogart\Downloads\Math Articles ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 21:21 - 2012-05-20 20:27 - 00000400 _____ () C:\Windows\Tasks\update-sys.job2015-01-07 21:21 - 2011-12-30 03:40 - 02022466 _____ () C:\Windows\WindowsUpdate.log2015-01-07 21:18 - 2009-07-13 23:51 - 00065179 _____ () C:\Windows\setupact.log2015-01-07 21:16 - 2011-07-25 14:31 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\CrashDumps2015-01-07 21:08 - 2011-12-24 18:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-07 20:58 - 2012-07-06 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-07 20:51 - 2012-05-20 20:27 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-1893334715-2077863899-3365213242-1000.job2015-01-07 20:22 - 2014-10-08 21:02 - 00000000 ___RD () C:\Users\Jack Bogart\Google Drive2015-01-07 20:22 - 2013-05-31 14:59 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2015-01-07 20:22 - 2013-05-06 16:20 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup2015-01-07 20:22 - 2012-08-17 13:37 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\Skype2015-01-07 20:22 - 2011-12-24 18:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-07 19:54 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-07 19:54 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-07 19:51 - 2009-07-14 00:13 - 00783226 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-07 19:47 - 2010-11-20 22:47 - 01287892 _____ () C:\Windows\PFRO.log2015-01-07 19:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-07 19:35 - 2013-09-08 23:39 - 00000000 ____D () C:\ProgramData\VirtualizedApplications2015-01-07 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system2015-01-07 18:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech2015-01-07 18:23 - 2012-07-16 12:54 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\CRE2015-01-07 18:23 - 2011-12-30 15:53 - 00000000 ____D () C:\Program Files (x86)\FoxTabFLVPlayer2015-01-07 17:53 - 2014-10-29 20:19 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\USmedia2015-01-07 16:58 - 2013-08-21 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-07 16:19 - 2013-09-14 20:57 - 00000000 _____ () C:\Windows\system32\vireng.log2015-01-06 21:39 - 2011-07-17 10:41 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AA1DB66-FCCC-45C3-B405-E805426D39B7}2015-01-06 16:14 - 2014-12-03 18:20 - 00000000 ____D () C:\Program Files\OBS2015-01-06 16:14 - 2014-12-03 18:20 - 00000000 ____D () C:\Program Files (x86)\OBS2015-01-05 15:41 - 2012-05-20 20:27 - 00000525 _____ () C:\Users\Jack Bogart\AppData\Local\UserProducts.xml2015-01-05 15:40 - 2012-05-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Skillbrains2014-12-28 21:00 - 2014-09-25 13:27 - 00000542 _____ () C:\Windows\Tasks\Weekly Scan.job2014-12-27 15:04 - 2011-07-17 10:31 - 00000000 ____D () C:\Users\Jack Bogart2014-12-27 14:25 - 2014-04-05 11:20 - 00000000 ____D () C:\Users\Jack Bogart\Desktop\Steam2014-12-27 14:25 - 2011-04-18 15:05 - 00000000 ____D () C:\ProgramData\RoxioNow2014-12-27 14:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-12-20 20:56 - 2012-04-02 17:22 - 00000000 ____D () C:\Users\Jack Bogart\Documents\Wizard1012014-12-18 16:35 - 2012-05-20 20:27 - 00003286 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-1893334715-2077863899-3365213242-10002014-12-15 21:09 - 2013-04-09 17:58 - 00000000 ____D () C:\Users\Jack Bogart\Documents\ROBLOX2014-12-15 20:44 - 2012-11-10 08:07 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2014-12-15 20:40 - 2012-11-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox2014-12-15 16:25 - 2011-10-10 16:28 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\.minecraft2014-12-11 23:15 - 2014-11-14 16:05 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-11 12:54 - 2012-08-17 13:37 - 00000000 ____D () C:\ProgramData\Skype2014-12-11 08:19 - 2014-01-14 21:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-12-11 00:51 - 2012-11-09 20:26 - 00001363 _____ () C:\Users\Jack Bogart\Desktop\ROBLOX Player.lnk2014-12-10 02:07 - 2013-07-22 19:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-12-09 22:58 - 2012-07-06 23:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-12-09 22:58 - 2012-03-31 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-12-09 22:58 - 2012-03-03 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-12-08 14:21 - 2009-07-14 00:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXTZeroAccess:C:\Users\Jack Bogart\AppData\Local\Google\Desktop\InstallZeroAccess:C:\Program Files (x86)\Google\Desktop\Install Files to move or delete:====================C:\Users\Jack Bogart\alg.exeC:\Users\Jack Bogart\flashplayer.exeC:\Users\Jack Bogart\teamviewer.exe Some content of TEMP:====================C:\Users\Jack Bogart\AppData\Local\Temp\1871KrakenDevProps.dllC:\Users\Jack Bogart\AppData\Local\Temp\3rbcxaxm.dllC:\Users\Jack Bogart\AppData\Local\Temp\Creative Cloud Helper.exeC:\Users\Jack Bogart\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\Jack Bogart\AppData\Local\Temp\install_reader11_en_chra_awa_aih.exeC:\Users\Jack Bogart\AppData\Local\Temp\ochelper.exeC:\Users\Jack Bogart\AppData\Local\Temp\Offer.exeC:\Users\Jack Bogart\AppData\Local\Temp\offercast.exeC:\Users\Jack Bogart\AppData\Local\Temp\SkypeSetup.exeC:\Users\Jack Bogart\AppData\Local\Temp\tbVgra.dllC:\Users\Jack Bogart\AppData\Local\Temp\UNINSTALL.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-07 20:17 ==================== End Of Log ============================ Addition.txt The RougeKiller log will be in my next post as its taking a little while for it to scan so I hope you understand. I just dont want to lose these logs Link to post Share on other sites More sharing options...
CrackerJacks Posted January 8, 2015 Author ID:927487 Share Posted January 8, 2015 The RogueKiller scan finally finished. Dont know if you want me to attach it or to paste it so I shall do both for you. RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jack Bogart [Administrator]Mode : Scan -- Date : 01/07/2015 22:42:45 ¤¤¤ Processes : 2 ¤¤¤[Proc.Injected] dllhost.exe(9916) -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc][PUP] (SVC) APNMCP -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped ¤¤¤ Registry : 33 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SMessaging : "C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe" -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" -> Found[PUP] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" -> Found[PUP] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" -> Found[PUP] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" -> Found[PUP] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\ \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\ \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\ \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : \\?\globalroot\Device\HarddiskVolume2\Users\Jack Bogart\AppData\Local\Temp\sotoxiu\svictiw\wow.dll -> Found[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 2 ¤¤¤[ZeroAccess][Folder] Install -- C:\Users\Jack Bogart\AppData\Local\Google\Desktop\Install -> Found[ZeroAccess][Folder] Install -- C:\Program Files (x86)\Google\Desktop\Install -> Found ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 15 (Driver: Not loaded [0xc000036b]) ¤¤¤[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryExA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a554c0 (push dword 0x60a554c0|ret )[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryExW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a556c0 (push dword 0x60a556c0|ret )[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a551a0 (push dword 0x60a551a0|ret )[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a55330 (push dword 0x60a55330|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x377665c (push dword 0x377665c|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - DrawTextExW : Unknown @ 0x372b06c (push dword 0x372b06c|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x372cdbc (push dword 0x372cdbc|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x3730bdc (push dword 0x3730bdc|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) WS2_32.dll - WSASend : Unknown @ 0x3726ecc (push dword 0x3726ecc|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) WINMM.dll - waveOutOpen : Unknown @ 0x377172c (push dword 0x377172c|ret )[iAT:Inl(Tr.Zeus)] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x372bbbc (push dword 0x372bbbc|ret )[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a554c0 (push dword 0x60a554c0|ret )[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a55330 (push dword 0x60a55330|ret )[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a556c0 (push dword 0x60a556c0|ret )[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a551a0 (push dword 0x60a551a0|ret ) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] 275024b099280278ae1a8966bdc6bc2b[bSP] 02a405a9db7591c89699b61b85898ec5 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 596070 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1221160960 | Size: 14106 MB3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MBUser = LL1 ... OKUser != LL2 ... KO!--- LL2 ---[MBR] 05fb2a10ce9b420c646c26a072f49a14[bSP] cf21ac17dabc4b04b507ad4ae514da4b : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 MB2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 241713152 | Size: 800 MBRKreport_SCN_01072015_224245.log Link to post Share on other sites More sharing options...
kevinf80 Posted January 8, 2015 ID:927540 Share Posted January 8, 2015 Thanks for the logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... linkWhen the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply. Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 14, 2015 Root Admin ID:929313 Share Posted January 14, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts