Jump to content

Popdeals Chrome Extension won't go away - Rootkit suspected


Recommended Posts

I might have gotten rid of the root kit...or some of it. I had an program called Conime.exe running at startup and one of the MANY tools I've downloaded and tried got rid of that. Every single scanner I have says that my system is clean. But every single time I start up Chrome "Popdeals" is running. It isn't listed under extensions, but if I go to the Chrome Task Manager I can kill it there.

 

Attached are the logs from FRST64. I'm really frustrated. Plus, this is my wife's computer which I was using - not even my own.

 

(ps - I believe I did it when I was attempting to fix a bricked Nexus 7 2013 and I ended up going somewhere / downloading something that I didn't know what it was)

 

Thanks in advance. You'll be saving me so much stress!

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 


 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.
  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.
 


 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites
Here is the file. When I opened Chrome this time it wasn't popdeals but deals factor that was running instead now. And it was listed in the extensions of Chrome (unlike popdeals was) and I deleted it from the extensions in chrome.

 

Zoek.exe v5.0.0.0 Updated 17-March-2015

Tool run by Amy Wertsch on Tue 03/17/2015 at 19:36:24.35.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Amy Wertsch\Desktop\zoek (1).exe [scan all users]   [Deep Scan] [Auto Clean]

 

==== System Restore Info ======================

 

3/17/2015 7:43:51 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\CodeBlue deleted successfully

C:\PROGRA~2\Kingsoft deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\Google deleted successfully

C:\PROGRA~3\Google deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Amy Wertsch\AppData\Roaming\TP deleted successfully

C:\Users\Amy Wertsch\AppData\Local\EmieBrowserModeList deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-415702709-262161843-781179024-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully

HKEY_USERS\S-1-5-21-415702709-262161843-781179024-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully

HKEY_USERS\S-1-5-21-415702709-262161843-781179024-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-415702709-262161843-781179024-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully

 

==== Running Processes ======================

 

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Users\Amy Wertsch\Desktop\zoek (1).exe

C:\windows\SysWOW64\cmd.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\CodeBlue not found

C:\PROGRA~2\Kingsoft not found

C:\Users\Amy Wertsch\AppData\Roaming\Catalina Marketing Corp deleted

C:\Users\Amy Wertsch\AppData\Roaming\appdataFr3.bin deleted

C:\Users\Amy Wertsch\AppData\Local\LaunchHomeCenter.log deleted

C:\windows\SysNative\config\systemprofile\Searches deleted

C:\Users\Default\AppData\Roaming\gacutil.exe deleted

C:\Users\Default\AppData\Roaming\PnPutil.exe deleted

 

==== System Specs ======================

 

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3687 MB

CPU Info: AMD E-300 APU with Radeon HD Graphics

CPU Speed: 1326.2 MHz

Sound Card: Speakers (Conexant SmartAudio H | 

Display Adapters: AMD Radeon HD 6310 Graphics   | AMD Radeon HD 6310 Graphics   | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633J

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C:  284.4GB | Q:  0.0MB

Hard Disks - Free: C:  191.9GB | Q:  0.0MB

Manufacturer *: Insyde Corp.

BIOS Info: AT/AT COMPATIBLE | 12/20/11 | TOSINV - 3

Time Zone: Central Standard Time

Motherboard *: TOSHIBA Portable PC

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Internet Explorer Version: 11.0.9600.17691 

Mozilla Firefox version: 36.0.1 (x86 en-US)

Google Chrome version: 41.0.2272.89

Sun Java version: 1.7.0_71 (32-bit) 

Flash Player version: 16.0.0.305

 

==== Files Recently Created / Modified ======================

 

====== C:\windows ====

2015-03-17 03:11:42 AA745ADC0C307AE53F92C95A4846A263 325156842 ----a-w- C:\windows\MEMORY.DMP

2015-02-24 11:59:40 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe

2015-02-24 11:59:40 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe

2015-02-24 11:59:40 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe

2015-02-24 11:59:40 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe

2015-02-24 11:59:40 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe

====== C:\Users\AMYWER~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\windows\SysWOW64 =====

2015-03-10 20:59:46 FDF0B4DC83627A859D18EE439B8E5A26 47616 ----a-w- C:\windows\SysWOW64\ieetwproxystub.dll

2015-03-10 20:59:45 B8445B89D0EA5C2575C98EA7BD180C5C 30720 ----a-w- C:\windows\SysWOW64\iernonce.dll

2015-03-10 20:59:45 00F39165D6D14302618C20CDD7BB213A 76288 ----a-w- C:\windows\SysWOW64\mshtmled.dll

2015-03-10 20:59:44 6108ED659B5962DE73DACB3B04D86ED3 64000 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll

2015-03-10 20:59:42 B35C35C55FED3DD7F995C77F63CBC29B 1311232 ----a-w- C:\windows\SysWOW64\urlmon.dll

2015-03-10 20:59:42 8FDE1162C9DCF7B180AA702DD9EB6071 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-10 20:59:42 29EDBC5C381F1406A5262351E69BC87A 342696 ----a-w- C:\windows\SysWOW64\iedkcs32.dll

2015-03-10 20:59:41 AD1BA932AC31D2BC8C9105DA59BEA6BE 689152 ----a-w- C:\windows\SysWOW64\msfeeds.dll

2015-03-10 20:59:41 AD13E719AE506AA0E0BB5D49E0D5B44A 285696 ----a-w- C:\windows\SysWOW64\dxtrans.dll

2015-03-10 20:59:40 95CB6079B3E62D4301958023C2070A48 19720192 ----a-w- C:\windows\SysWOW64\mshtml.dll

2015-03-10 20:59:38 08B30EB9751858C1C369E8775492D732 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb

2015-03-10 20:59:37 BD838E2129623E8311720AA86C5DFBBF 62464 ----a-w- C:\windows\SysWOW64\iesetup.dll

2015-03-10 20:59:37 A41C85FDB2275FA9AAA821A118807FDB 710144 ----a-w- C:\windows\SysWOW64\ieapfltr.dll

2015-03-10 20:59:37 A34897A1A39316BDECCA3E61986F98F2 2052608 ----a-w- C:\windows\SysWOW64\inetcpl.cpl

2015-03-10 20:59:36 F5F730ED126DCFBEBDB9BB629BD482C4 620032 ----a-w- C:\windows\SysWOW64\jscript9diag.dll

2015-03-10 20:59:36 756B4F77945C61ADBE68150D7D2EC7A6 47104 ----a-w- C:\windows\SysWOW64\jsproxy.dll

2015-03-10 20:59:36 52B4DECDC70B8758380D37EA2CDD4254 2278400 ----a-w- C:\windows\SysWOW64\iertutil.dll

2015-03-10 20:59:35 988AB676FBF4484508BA134CAAB711EB 115712 ----a-w- C:\windows\SysWOW64\ieUnatt.exe

2015-03-10 20:59:34 BA10D970EB39913357B224F4473D535B 418304 ----a-w- C:\windows\SysWOW64\dxtmsft.dll

2015-03-10 20:59:34 AC35DA94A14679E8E515A44A8CF90804 478208 ----a-w- C:\windows\SysWOW64\ieui.dll

2015-03-10 20:59:33 E868396BC5F8957A9E39BD9A28EA814D 12827648 ----a-w- C:\windows\SysWOW64\ieframe.dll

2015-03-10 20:59:29 FC5FE9F2D140435FC95CB3EF6724EF0A 4300288 ----a-w- C:\windows\SysWOW64\jscript9.dll

2015-03-10 20:59:29 02C0770DA3BE9231EFAF7185EE51020C 1155072 ----a-w- C:\windows\SysWOW64\mshtmlmedia.dll

2015-03-10 20:59:28 EA6EA6912F27F05C61D8D747517EB47E 1888256 ----a-w- C:\windows\SysWOW64\wininet.dll

2015-03-10 20:59:28 BC9CE46C3F05CCC40F8F1EFC7E4B41C7 503296 ----a-w- C:\windows\SysWOW64\vbscript.dll

2015-03-10 20:59:27 B0B83B31853E15C619FDB91B64F8349A 168960 ----a-w- C:\windows\SysWOW64\msrating.dll

2015-03-10 20:58:15 965D6A2B30A95A9F7EF13653988D3D9F 299008 ----a-w- C:\windows\SysWOW64\atmfd.dll

2015-03-10 20:58:15 55273844B66D77A2F1A2213C17A9EA4A 34304 ----a-w- C:\windows\SysWOW64\atmlib.dll

2015-03-10 20:58:14 ABB358777FDF4AF51B2FE26137D2B8D4 70656 ----a-w- C:\windows\SysWOW64\fontsub.dll

2015-03-10 20:58:14 274F0540FD4C88FC845C94CA1569688A 10240 ----a-w- C:\windows\SysWOW64\dciman32.dll

2015-03-10 20:58:14 01D9C9A70323BC7E5835B92442DD7EC2 25600 ----a-w- C:\windows\SysWOW64\lpk.dll

2015-03-10 20:57:58 5B0C6247027FCF5A2E2F150E298D2FFA 3209728 ----a-w- C:\windows\SysWOW64\mf.dll

2015-03-10 20:57:57 B378B6A865C28CE5C1E23C35760A1199 11411968 ----a-w- C:\windows\SysWOW64\wmp.dll

2015-03-10 20:57:55 74264B7F57A16D25CB581C07964D324A 1174528 ----a-w- C:\windows\SysWOW64\crypt32.dll

2015-03-10 20:57:54 6C2D4DC5D2E271F4AE4016FD4587B0B2 3973048 ----a-w- C:\windows\SysWOW64\ntkrnlpa.exe

2015-03-10 20:57:54 2CFE69A0A8AFDA8DB9A773D728000BB7 3917760 ----a-w- C:\windows\SysWOW64\ntoskrnl.exe

2015-03-10 20:57:47 96DB6A923DEDB58FC7CBBF5CFF73314D 1329664 ----a-w- C:\windows\SysWOW64\quartz.dll

2015-03-10 20:57:44 DCC148408770F2D55B201F8FC26438A1 988160 ----a-w- C:\windows\SysWOW64\drmv2clt.dll

2015-03-10 20:57:44 98C1191C862B44567FCF3C18BAEE859E 519680 ----a-w- C:\windows\SysWOW64\qdvd.dll

2015-03-10 20:57:43 B7D2BB84C590F0AE9DA51DBB065A780E 1005056 ----a-w- C:\windows\SysWOW64\cryptui.dll

2015-03-10 20:57:43 003C51B9FE38287BA4E0E58D3AE080BD 744960 ----a-w- C:\windows\SysWOW64\blackbox.dll

2015-03-10 20:57:42 D5EC42139D6A6158CF188975C50B6A60 179200 ----a-w- C:\windows\SysWOW64\wintrust.dll

2015-03-10 20:57:42 3BAA4BAE71460C5CEB40D5E9339A61BC 103936 ----a-w- C:\windows\SysWOW64\cryptnet.dll

2015-03-10 20:57:41 833FCABCB5D95B1911BA6E62FC82AC04 617984 ----a-w- C:\windows\SysWOW64\wmdrmsdk.dll

2015-03-10 20:57:40 C5667EE72D7364BE81516C0707FEF724 354816 ----a-w- C:\windows\SysWOW64\mfplat.dll

2015-03-10 20:57:40 2D4814D567E5A85C473228BA772A7AFB 489984 ----a-w- C:\windows\SysWOW64\evr.dll

2015-03-10 20:57:39 BB73C907D1BD437B6C30F2C23BB089FC 406016 ----a-w- C:\windows\SysWOW64\drmmgrtn.dll

2015-03-10 20:57:39 49474B3E37969AF4B5C076F42B623AFF 143872 ----a-w- C:\windows\SysWOW64\cryptsvc.dll

2015-03-10 20:57:39 320A8699369C43CF53B2DB4538D17C52 504320 ----a-w- C:\windows\SysWOW64\msscp.dll

2015-03-10 20:57:36 70E96EBE87A38857619671FCB9C8EC7B 265216 ----a-w- C:\windows\SysWOW64\msnetobj.dll

2015-03-10 20:57:35 2D21189858856316D55EAD55DF4964C2 374784 ----a-w- C:\windows\SysWOW64\AudioEng.dll

2015-03-10 20:57:34 A56F4029FDCF4F817E78953CDA953E28 442880 ----a-w- C:\windows\SysWOW64\AUDIOKSE.dll

2015-03-10 20:57:34 08FF727297A97907AADED4BA86CF44E9 50176 ----a-w- C:\windows\SysWOW64\rrinstaller.exe

2015-03-10 20:57:33 E0AB9CA912398BE1AAD14FF7AD75C397 50688 ----a-w- C:\windows\SysWOW64\appidapi.dll

2015-03-10 20:57:33 AF47EAA4ADDA9AA221FB7647EE22BF53 103424 ----a-w- C:\windows\SysWOW64\mfps.dll

2015-03-10 20:57:32 50B8937A81360D16A5C772302BD32CFE 195584 ----a-w- C:\windows\SysWOW64\AudioSes.dll

2015-03-10 20:57:31 B54FD1991E659FD61EF1D34EC27AAECD 81408 ----a-w- C:\windows\SysWOW64\cryptsp.dll

2015-03-10 20:57:31 A4A2EFB40015B76467F09E6DC388BC26 43008 ----a-w- C:\windows\SysWOW64\srclient.dll

2015-03-10 20:57:31 49F4EE8DF752CFA159B99046CD1FDD2B 23040 ----a-w- C:\windows\SysWOW64\mfpmp.exe

2015-03-10 20:57:28 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\windows\SysWOW64\msdxm.ocx

2015-03-10 20:57:28 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\windows\SysWOW64\dxmasf.dll

2015-03-10 20:57:28 8B07DBA0D77346545C6359AC67DCB980 8192 ----a-w- C:\windows\SysWOW64\spwmp.dll

2015-03-10 20:57:27 FCD5137A10C8943B34C9BE891C50159F 6656 ----a-w- C:\windows\SysWOW64\apisetschema.dll

2015-03-10 20:57:26 7C1CADCA0E674212412559B0EAD0919A 12625408 ----a-w- C:\windows\SysWOW64\wmploc.DLL

2015-03-10 20:57:24 2F3CE58D8C276570EEB69C99CFBAFD58 2048 ----a-w- C:\windows\SysWOW64\mferror.dll

2015-03-10 20:56:57 340EECB781E6C06A6171B3068DA208AD 12875264 ----a-w- C:\windows\SysWOW64\shell32.dll

2015-03-10 20:56:54 B804EAA9E037580F96C22537C2ECB62A 171520 ----a-w- C:\windows\SysWOW64\ubpm.dll

2015-03-10 20:56:14 D5063B86DC3F85B93D02AF68099F4C9A 248832 ----a-w- C:\windows\SysWOW64\schannel.dll

2015-03-10 20:56:13 C7D334A01C66BF07B92D04CD7A981B7F 259584 ----a-w- C:\windows\SysWOW64\msv1_0.dll

2015-03-10 20:56:13 7A71DA6D6F75AB73475128F787DD8EAD 221184 ----a-w- C:\windows\SysWOW64\ncrypt.dll

2015-03-10 20:56:13 69925A266D265DAD96C6FCBB861FA5CD 550912 ----a-w- C:\windows\SysWOW64\kerberos.dll

2015-03-10 20:56:12 B06A4105DD22E91A1D922D7310803140 65536 ----a-w- C:\windows\SysWOW64\TSpkg.dll

2015-03-10 20:56:12 5E76C26CAE2810EA71C161ED9A2CF0D1 50176 ----a-w- C:\windows\SysWOW64\auditpol.exe

2015-03-10 20:56:12 4E15E2D20AE755FDEACD96F359F732DB 172032 ----a-w- C:\windows\SysWOW64\wdigest.dll

2015-03-10 20:56:12 30F5B3E28636009A0B194057AAE4392A 17408 ----a-w- C:\windows\SysWOW64\credssp.dll

2015-03-10 20:56:11 ACD0CA819E279E1C17BE5C8A077EF448 146432 ----a-w- C:\windows\SysWOW64\msaudite.dll

2015-03-10 20:56:11 84974782ED5D108DA2EFAF3C6534A760 22016 ----a-w- C:\windows\SysWOW64\secur32.dll

2015-03-10 20:56:11 7407DDA27838C393DE67A0BDCDD044D0 60416 ----a-w- C:\windows\SysWOW64\msobjs.dll

2015-03-10 20:56:11 04934912B1317F2F8816208067A32B96 96768 ----a-w- C:\windows\SysWOW64\sspicli.dll

2015-03-10 20:56:11 0485899A035E02C53014C0545D912405 686080 ----a-w- C:\windows\SysWOW64\adtschema.dll

2015-03-10 20:55:42 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\windows\SysWOW64\msctf.dll

2015-03-10 20:55:41 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\windows\SysWOW64\WindowsCodecs.dll

2015-03-10 20:50:38 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\windows\SysWOW64\WMPhoto.dll

====== C:\windows\SysWOW64\drivers =====

====== C:\windows\Sysnative =====

2015-03-18 00:28:59 7B898746A7C86ADB1A065B22FF90F749 1812 ----a-w- C:\windows\Sysnative\.crusader

2015-03-10 20:59:45 2CA6A98547E799812489E5ADF2774D97 114688 ----a-w- C:\windows\Sysnative\ieetwcollector.exe

2015-03-10 20:59:45 289581F0FDA6B93A0FAFE979486AD6FA 48640 ----a-w- C:\windows\Sysnative\ieetwproxystub.dll

2015-03-10 20:59:43 08892A4ED848386E6B901723C1EF611B 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb

2015-03-10 20:59:42 D2BF72C0A9E26BE91C1DEEACF7C430E0 34304 ----a-w- C:\windows\Sysnative\iernonce.dll

2015-03-10 20:59:42 7FA2B43D940DF41E46B8049B59AB6639 718848 ----a-w- C:\windows\Sysnative\ie4uinit.exe

2015-03-10 20:59:41 D3EA5B5E606EF17804B5BF565BEAD937 77824 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll

2015-03-10 20:59:37 585B29EFB4954902FD53C4F8F9A0D39F 389800 ----a-w- C:\windows\Sysnative\iedkcs32.dll

2015-03-10 20:59:37 501A38B72FA264605123B4FACF53F057 1548288 ----a-w- C:\windows\Sysnative\urlmon.dll

2015-03-10 20:59:36 F5E5E96E188934BAB22C0916C91F46B3 4096 ----a-w- C:\windows\Sysnative\ieetwcollectorres.dll

2015-03-10 20:59:35 132862B0FC4A1B7CB45C274DE169DBB2 968704 ----a-w- C:\windows\Sysnative\MsSpellCheckingFacility.exe

2015-03-10 20:59:34 80B3AD73027A2CCD42C47EBF5C89124F 316928 ----a-w- C:\windows\Sysnative\dxtrans.dll

2015-03-10 20:59:34 5443F21A33DB376734DBE47F7635542C 801280 ----a-w- C:\windows\Sysnative\msfeeds.dll

2015-03-10 20:59:32 D0767EA3A59FA70C7ACF59EE0C8CD42A 66560 ----a-w- C:\windows\Sysnative\iesetup.dll

2015-03-10 20:59:32 9E9B757A677927110393A505822D9174 800768 ----a-w- C:\windows\Sysnative\ieapfltr.dll

2015-03-10 20:59:31 22C4867C690C38B18B2C1A0B072CD0C4 2125824 ----a-w- C:\windows\Sysnative\inetcpl.cpl

2015-03-10 20:59:30 62269DEFF17AB006217330A24EA8577B 2886144 ----a-w- C:\windows\Sysnative\iertutil.dll

2015-03-10 20:59:28 A1264D16AF506125C974775C833A063C 54784 ----a-w- C:\windows\Sysnative\jsproxy.dll

2015-03-10 20:59:28 1EC0BF321D3B14D02B9A8BAC134570F4 144384 ----a-w- C:\windows\Sysnative\ieUnatt.exe

2015-03-10 20:59:26 76B53D2150284E138B46410EA54967FA 490496 ----a-w- C:\windows\Sysnative\dxtmsft.dll

2015-03-10 20:59:25 FB8C4EE9889790466A0174923410649E 633856 ----a-w- C:\windows\Sysnative\ieui.dll

2015-03-10 20:59:25 2335F6BF8A127E31EB0E2D9A82F188A0 14398976 ----a-w- C:\windows\Sysnative\ieframe.dll

2015-03-10 20:59:23 D373113A84C12BA7F07CE1E9CAF4747F 92160 ----a-w- C:\windows\Sysnative\mshtmled.dll

2015-03-10 20:59:23 A9190899A35431CF8ABBEF5E1BB0C8F9 814080 ----a-w- C:\windows\Sysnative\jscript9diag.dll

2015-03-10 20:59:23 4870B24EA7D4EEF5E1C4675AC47796B8 1359360 ----a-w- C:\windows\Sysnative\mshtmlmedia.dll

2015-03-10 20:59:22 687E11F36832BFF65EF0CD2FA3DB1966 584192 ----a-w- C:\windows\Sysnative\vbscript.dll

2015-03-10 20:59:22 40DF85D8B2B0171EF5F23AA1B5CD9A62 6035456 ----a-w- C:\windows\Sysnative\jscript9.dll

2015-03-10 20:59:21 36F99BD8A0F09BDBB7850A138845A014 2358784 ----a-w- C:\windows\Sysnative\wininet.dll

2015-03-10 20:59:20 667229C8F194D619D12F05943D7F61F0 199680 ----a-w- C:\windows\Sysnative\msrating.dll

2015-03-10 20:59:20 1C393E42928BF55B3796E732B678CD5B 88064 ----a-w- C:\windows\Sysnative\MshtmlDac.dll

2015-03-10 20:59:19 1193400D8E29A5A010135FB09A4EB1E8 25021440 ----a-w- C:\windows\Sysnative\mshtml.dll

2015-03-10 20:58:15 F351B0E520502552734BE70AA5940784 41984 ----a-w- C:\windows\Sysnative\lpk.dll

2015-03-10 20:58:15 85D3E918658C2766780F7DEE5F8FBE57 46080 ----a-w- C:\windows\Sysnative\atmlib.dll

2015-03-10 20:58:15 1307814243F21EB129852D59B5AB37FB 372224 ----a-w- C:\windows\Sysnative\atmfd.dll

2015-03-10 20:58:14 DB0BD8B8D68D8211CA23FBE52DACE549 14336 ----a-w- C:\windows\Sysnative\dciman32.dll

2015-03-10 20:58:14 39A108604F51821F6F4E2001E9A1CB60 100864 ----a-w- C:\windows\Sysnative\fontsub.dll

2015-03-10 20:57:58 FDA5F186596288F0B9ECE9DC7A5AA868 5554104 ----a-w- C:\windows\Sysnative\ntoskrnl.exe

2015-03-10 20:57:56 3FECBED0EACABD22E024EF4E50CF987B 1480192 ----a-w- C:\windows\Sysnative\crypt32.dll

2015-03-10 20:57:53 6AEEC5677AD522786CED371A7BEE620C 616360 ----a-w- C:\windows\Sysnative\winresume.efi

2015-03-10 20:57:51 29143C7827F9F2AC543E792A8C63FBB0 4121600 ----a-w- C:\windows\Sysnative\mf.dll

2015-03-10 20:57:49 BD311BB00DD0D656C091AC8888C2369D 14632960 ----a-w- C:\windows\Sysnative\wmp.dll

2015-03-10 20:57:47 DF6104DCED89E13A78BA5539CEF5100A 1202176 ----a-w- C:\windows\Sysnative\drmv2clt.dll

2015-03-10 20:57:45 B7E752FFD95DC61FCB7A6E70E37175E5 693176 ----a-w- C:\windows\Sysnative\winload.efi

2015-03-10 20:57:45 8DFDB70E3E56C2F1AE09CB3C03E266E5 1574400 ----a-w- C:\windows\Sysnative\quartz.dll

2015-03-10 20:57:44 F88B4A9EA1A956F09D5001D08B546228 641024 ----a-w- C:\windows\Sysnative\msscp.dll

2015-03-10 20:57:44 7A4064169FBA91F39DB1FDC094A18DA8 619056 ----a-w- C:\windows\Sysnative\winload.exe

2015-03-10 20:57:44 410F6B1BE785F3630B4782F8E3D85A24 1069056 ----a-w- C:\windows\Sysnative\cryptui.dll

2015-03-10 20:57:43 7F4D59E70DD6E757E96B40570B498D5C 782848 ----a-w- C:\windows\Sysnative\wmdrmsdk.dll

2015-03-10 20:57:43 6968D02DC38757C3FBE7ED7C2F9670AA 680960 ----a-w- C:\windows\Sysnative\audiosrv.dll

2015-03-10 20:57:43 1BE9877B199184D7657BC4CFCB7B4A99 140288 ----a-w- C:\windows\Sysnative\cryptnet.dll

2015-03-10 20:57:42 DB2D62AA2DF6B1F3D690A9EC9701AA2C 188416 ----a-w- C:\windows\Sysnative\pcasvc.dll

2015-03-10 20:57:42 A53A63831185FF5339E76221BE45E6B9 842240 ----a-w- C:\windows\Sysnative\blackbox.dll

2015-03-10 20:57:42 577D0B947B49DB83E2054FA169B2ECBF 229376 ----a-w- C:\windows\Sysnative\wintrust.dll

2015-03-10 20:57:42 483221CC1AAC288368292899E32B6B9B 503808 ----a-w- C:\windows\Sysnative\srcore.dll

2015-03-10 20:57:41 B2F02AB28864B6D5B5B9BEDA565D41BB 497664 ----a-w- C:\windows\Sysnative\drmmgrtn.dll

2015-03-10 20:57:41 93C7D1C3941086162B433107D9E8BCE3 296960 ----a-w- C:\windows\Sysnative\rstrui.exe

2015-03-10 20:57:40 7BC64DEEFD0E6812E21DE89F0CF50A49 500224 ----a-w- C:\windows\Sysnative\AUDIOKSE.dll

2015-03-10 20:57:40 0BC72EA80234382701EAFC1BE0ECD7E4 432128 ----a-w- C:\windows\Sysnative\mfplat.dll

2015-03-10 20:57:39 C0AE7ABD87254B2789C8CB34AF274A65 296448 ----a-w- C:\windows\Sysnative\AudioSes.dll

2015-03-10 20:57:39 5FFEE6CA63E27CBA1F32002743E58F3C 631808 ----a-w- C:\windows\Sysnative\evr.dll

2015-03-10 20:57:38 AE66D26930CA536706078537CB5AC840 325632 ----a-w- C:\windows\Sysnative\msnetobj.dll

2015-03-10 20:57:38 6E974F1C384615DEB0710E44F4847351 126464 ----a-w- C:\windows\Sysnative\audiodg.exe

2015-03-10 20:57:38 3029D8E78E4BF18A0551E22CD4CB892C 371712 ----a-w- C:\windows\Sysnative\qdvd.dll

2015-03-10 20:57:38 1CD76A83B9E8E9A5A3519B39E28354D9 187904 ----a-w- C:\windows\Sysnative\cryptsvc.dll

2015-03-10 20:57:35 CBE684883A45E5B047DA6B4AC46C2112 55808 ----a-w- C:\windows\Sysnative\rrinstaller.exe

2015-03-10 20:57:35 3A7BC2DC99D3C5B172465E890B3C3B14 440832 ----a-w- C:\windows\Sysnative\AudioEng.dll

2015-03-10 20:57:35 27793FE3FF2D0123896D1A01A2D222C7 37376 ----a-w- C:\windows\Sysnative\pcadm.dll

2015-03-10 20:57:34 63D3C30B497347495B8EA78A38188969 112640 ----a-w- C:\windows\Sysnative\smss.exe

2015-03-10 20:57:33 947938F265D7CB99653CDFF2B3C0468D 206848 ----a-w- C:\windows\Sysnative\mfps.dll

2015-03-10 20:57:33 0F79883E27BB1AFE2D9BB4656A1CEFCD 11264 ----a-w- C:\windows\Sysnative\msmmsp.dll

2015-03-10 20:57:32 A84C94CF795E08BBB99E4E145F9E81A3 11264 ----a-w- C:\windows\Sysnative\pcawrk.exe

2015-03-10 20:57:32 84DB8EB3C184BB549ED90A842020F278 58880 ----a-w- C:\windows\Sysnative\appidapi.dll

2015-03-10 20:57:32 72D4757510FDA69D729169C00AFC211E 32256 ----a-w- C:\windows\Sysnative\appidsvc.dll

2015-03-10 20:57:32 589852B65C91F574E980ABDB8205080A 146944 ----a-w- C:\windows\Sysnative\appidpolicyconverter.exe

2015-03-10 20:57:31 ED6BF1E1C4F40F600DFEC0CB101A1789 9728 ----a-w- C:\windows\Sysnative\pcalua.exe

2015-03-10 20:57:31 C4937B9D6EF4D309A60054D4D00EE9DB 63488 ----a-w- C:\windows\Sysnative\setbcdlocale.dll

2015-03-10 20:57:31 BE7DA70C9F4A97CCA9ED78B70BCFC9AC 43520 ----a-w- C:\windows\Sysnative\csrsrv.dll

2015-03-10 20:57:31 94BC902494AFC9F5EBC5FBB61445D73F 82432 ----a-w- C:\windows\Sysnative\cryptsp.dll

2015-03-10 20:57:31 56FD1BC602EE0E7949F92EE2EE327B72 284672 ----a-w- C:\windows\Sysnative\EncDump.dll

2015-03-10 20:57:31 29088A5723C81BF75AD909AAB6A91610 50176 ----a-w- C:\windows\Sysnative\srclient.dll

2015-03-10 20:57:31 00EE5D3E16D42F25F7813ACFA10EC803 24576 ----a-w- C:\windows\Sysnative\mfpmp.exe

2015-03-10 20:57:30 EA285B947EE48103697CDA53D76C9EEC 17920 ----a-w- C:\windows\Sysnative\appidcertstorecheck.exe

2015-03-10 20:57:28 FE03B35A22C3D2714B494FC2AB32AC5B 8704 ----a-w- C:\windows\Sysnative\pcaevts.dll

2015-03-10 20:57:28 F43B09E257121ADC501ABE9367FAA850 9728 ----a-w- C:\windows\Sysnative\spwmp.dll

2015-03-10 20:57:28 D3F1F9C784BCCDF2C880669D69FC1970 5120 ----a-w- C:\windows\Sysnative\msdxm.ocx

2015-03-10 20:57:28 D3F1F9C784BCCDF2C880669D69FC1970 5120 ----a-w- C:\windows\Sysnative\dxmasf.dll

2015-03-10 20:57:27 DBCD54B841F2B216B2F0F86E18205C22 6656 ----a-w- C:\windows\Sysnative\apisetschema.dll

2015-03-10 20:57:26 77D49942BD5DC97723ABC8A6D2757B6E 12625920 ----a-w- C:\windows\Sysnative\wmploc.DLL

2015-03-10 20:57:23 8364A0F7633414DC5C50A37295B1FAFF 2048 ----a-w- C:\windows\Sysnative\mferror.dll

2015-03-10 20:56:57 01F9FEB7F0C84EA1AC6A9B4D7C6B0435 14177280 ----a-w- C:\windows\Sysnative\shell32.dll

2015-03-10 20:56:54 1FB81632476857E8451DDA8A456EF3CE 215552 ----a-w- C:\windows\Sysnative\ubpm.dll

2015-03-10 20:56:15 3807605BDA83C0DA729A5219CEBB9041 341504 ----a-w- C:\windows\Sysnative\schannel.dll

2015-03-10 20:56:14 DB2904A4CEBC39DF8892A613BEC71512 1461760 ----a-w- C:\windows\Sysnative\lsasrv.dll

2015-03-10 20:56:13 E1404987DCD392AF9D67F6A26CE21175 86528 ----a-w- C:\windows\Sysnative\TSpkg.dll

2015-03-10 20:56:13 9B644AC070576AAE701910874C241DBD 210944 ----a-w- C:\windows\Sysnative\wdigest.dll

2015-03-10 20:56:13 6536829F6EA1149527728A210F493B79 314880 ----a-w- C:\windows\Sysnative\msv1_0.dll

2015-03-10 20:56:13 28CC69865D5DC458EDDCEA35F01D71DA 309760 ----a-w- C:\windows\Sysnative\ncrypt.dll

2015-03-10 20:56:13 1DB278E5834B08F9A184F953F2D31FF7 728064 ----a-w- C:\windows\Sysnative\kerberos.dll

2015-03-10 20:56:12 FB95F6E11AAD62F24C2DB01E6E9D7BE7 64000 ----a-w- C:\windows\Sysnative\auditpol.exe

2015-03-10 20:56:12 B6C7729936AAF8E0697F0A7DCA82CED8 31232 ----a-w- C:\windows\Sysnative\lsass.exe

2015-03-10 20:56:12 92F920EE9EAF7306B4AB8124D474AB52 22016 ----a-w- C:\windows\Sysnative\credssp.dll

2015-03-10 20:56:12 7BC39275661EA7DEE54135AA26DF733E 136192 ----a-w- C:\windows\Sysnative\sspicli.dll

2015-03-10 20:56:12 54CD467B3A6DA02E9449DB7FB1830612 29184 ----a-w- C:\windows\Sysnative\sspisrv.dll

2015-03-10 20:56:11 65CF54B1D8CB1B085B6D8BC210E2C45F 686080 ----a-w- C:\windows\Sysnative\adtschema.dll

2015-03-10 20:56:11 543553AD3E30CB261C8B436DF644F23E 60416 ----a-w- C:\windows\Sysnative\msobjs.dll

2015-03-10 20:56:11 473BCBFFC55C9FE33D502035322E759D 28160 ----a-w- C:\windows\Sysnative\secur32.dll

2015-03-10 20:56:11 378B175D0F0A1C38026F280BF6C8D0C6 146432 ----a-w- C:\windows\Sysnative\msaudite.dll

2015-03-10 20:55:43 E88A78273D429554B6B2D2BDA945ED9B 1067520 ----a-w- C:\windows\Sysnative\msctf.dll

2015-03-10 20:55:41 0A4D03A4C0F908B15B8A4C48FB18F197 1424896 ----a-w- C:\windows\Sysnative\WindowsCodecs.dll

2015-03-10 20:55:39 A0DEE06D68F210CA090FD4D9A33CDC12 3204096 ----a-w- C:\windows\Sysnative\win32k.sys

2015-03-10 20:50:39 CBA2694BFC61F371181F2BE2BCD66C40 465920 ----a-w- C:\windows\Sysnative\WMPhoto.dll

====== C:\windows\Sysnative\drivers =====

2015-03-18 00:30:35 C00C33ECF1273D50FA4468A4444DCEA2 43664 ----a-w- C:\windows\Sysnative\drivers\hitmanpro37.sys

2015-03-17 10:47:16 AC7E21145B9348BFC1B1DEC7BC238B3F 27256 ----a-w- C:\windows\Sysnative\drivers\FixZeroAccess.sys

2015-03-16 03:15:33 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\windows\Sysnative\drivers\TrueSight.sys

2015-03-10 20:57:52 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\windows\Sysnative\drivers\mountmgr.sys

2015-03-10 20:57:33 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\windows\Sysnative\drivers\PEAuth.sys

2015-03-10 20:57:30 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\windows\Sysnative\drivers\appid.sys

2015-03-10 20:56:15 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\windows\Sysnative\drivers\cng.sys

2015-03-10 20:56:14 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\windows\Sysnative\drivers\ksecpkg.sys

2015-03-10 20:56:14 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\windows\Sysnative\drivers\ksecdd.sys

2015-02-26 01:14:01 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys

2015-02-26 01:13:23 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys

2015-02-26 01:13:23 0307CF4184F4F22DB75F36ACCCEF7ED1 107736 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys

2015-02-26 01:13:22 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys

2015-02-24 02:31:50 16A23FF8621929ADC5B18DCCD5E206EE 31264 ----a-w- C:\windows\Sysnative\drivers\gfiutil.sys

2015-02-24 02:31:49 4EA5458FCA8518344686C543749365B1 41032 ----a-w- C:\windows\Sysnative\drivers\gfiark.sys

====== C:\windows\Tasks ======

====== C:\windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2015-03-17 01:40:21 -------- d-----w- C:\PROGRA~2\VS Revo Group

======= C: =====

2015-02-24 02:30:25 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\SophosBootTasks.txt

====== C:\Users\Amy Wertsch\AppData\Roaming ======

2015-03-17 22:34:11 -------- d-----w- C:\Users\Public\AppData\Local\temp

2015-03-17 22:34:11 -------- d-----w- C:\Users\Default\AppData\Local\temp

2015-03-17 22:34:11 -------- d-----w- C:\Users\Default User\AppData\Local\temp

2015-03-17 01:42:16 -------- d-----w- C:\Users\Amy Wertsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2015-02-24 11:31:59 7AFA149ED4F14B445C8BE024D8939CEE 116560 ----a-w- C:\Users\Amy Wertsch\AppData\Local\GDIPFONTCACHEV1.DAT

====== C:\Users\Amy Wertsch ======

2015-03-17 23:18:53 -------- d-----w- C:\ProgramData\HitmanPro

2015-03-17 22:15:50 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Amy Wertsch\Downloads\FRST64.exe

2015-03-17 02:16:09 B0801E8C98BEAF0C01F1058AF84A6330 1388737 ----a-w- C:\Users\Amy Wertsch\Desktop\JRT_NEW.exe

2015-03-16 03:15:29 -------- d-----w- C:\ProgramData\RogueKiller

2015-03-14 02:29:22 -------- d-----w- C:\Users\Public\AppData

 

====== C: exe-files ==

2015-03-17 22:53:11 F32ABBA83DB71276694147AB9E0FD8F2 114382512 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\Sophos Virus Removal Tool.exe

2015-03-17 22:53:09 5DC10EBBD2A60BAA1EE1B5D1CDBEF7CD 171344 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\salitykiller.exe

2015-03-17 22:51:46 6C2C802C45B2715C2F3A3D7016FAD968 131788864 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\KVRT.exe

2015-03-17 22:51:41 16120D34117272144C567D2C8E44871D 171344 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\kidokiller.exe

2015-03-17 22:51:36 B6164745DC9DF71E4E10F06D3A9321D5 1388672 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\JRT.exe

2015-03-17 22:51:28 30EB4B0B974B83C488D78EE19F42916A 10995632 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\HitmanPro_x64.exe

2015-03-17 22:51:07 B86CA88173128F6DA416E0B297DE4EEF 9096848 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\HitmanPro.exe

2015-03-17 22:50:54 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\FRST64.exe

2015-03-17 22:50:53 67D890E8DA0A5DB2846B6366172D15A0 1135104 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\FRST.exe

2015-03-17 22:50:46 68C1457D608FD69D79B4F85FFDAC3FA3 96080 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\cleanautorun.exe

2015-03-17 22:50:45 2B3748A4EEA467C701E4A0FFE42CE346 7268536 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\BootkitRemoval_x86.exe

2015-03-17 22:50:29 8E3384C7A0CF27B15D786E665CE74308 5198336 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\aswMBR.exe

2015-03-17 22:50:29 17B494327D7945AC3A3A54C9E90B6491 11425992 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\BootkitRemoval_x64.exe

2015-03-17 22:50:19 6C56778DF39722210E751DD913453853 671032 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\VBA32\Vba32arkit.exe

2015-03-17 22:50:08 EE738FE9BCDD605821002CEC8C7206DB 334720 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\Root Revealer\RootkitRevealer.exe

2015-03-17 22:50:02 880D7A26B7BB6B00A0709E75F149B83D 472064 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\Root Repeal\RootRepeal.exe

2015-03-17 22:49:48 CF55533B4E2ACCB9EF280BD77988FC00 138584 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\virutkiller.exe

2015-03-17 22:33:07 0F901EE41FF20347C106D663F24931F9 679752 ----a-w- C:\Users\Amy Wertsch\AppData\Local\Google\Chrome\User Data\SwReporter\2.6.2\software_reporter_tool.exe

2015-03-17 10:46:54 BE36FC21D6ED7E665A9310CF23E4640E 1805736 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\FixZeroAccess.exe

2015-03-17 02:16:09 B0801E8C98BEAF0C01F1058AF84A6330 1388737 ----a-w- C:\Users\Amy Wertsch\Desktop\JRT_NEW.exe

2015-03-17 01:42:19 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe

2015-03-17 01:38:02 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\TFC.exe

2015-03-17 01:36:28 4E5A3E278604B1A55E84E05AEFB1BD23 5325352 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\ccsetup503pro.exe

2015-03-17 01:35:35 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\revosetup.exe

2015-03-16 20:32:32 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\3hhdt9bv.exe

2015-03-15 13:54:13 5F19AE2884F251D59E9BA57BF45FA284 15632984 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\RogueKiller.exe

2015-03-14 04:14:00 FE9BD656A5F251D2BB90151325DA1B14 54072 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\mbar\mbamdor.exe

2015-03-14 04:14:00 5E29C495F48A9CFED856D097FED6ECE4 170296 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\mbar\mbar.exe

2015-03-14 04:13:44 7CBC1070E51238E59F7535C8F2344FB6 821560 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\mbar\Plugins\fixdamage.exe

2015-03-14 04:08:57 56A375A83CED75C331A67882D0C0F9DA 16502728 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\mbar-1.09.1.1004.exe

2015-03-14 04:05:23 1B28807E950FB1B2F4C9AAD546D6568A 1943800 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\rkill.exe

2015-03-14 04:05:02 95300BA672A14E3AE6740CB3CB41DB7B 2171392 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\AdwCleaner.exe

2015-03-14 01:57:45 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\tdsskiller.exe

2015-03-12 01:05:25 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Install\{19CECF4F-928C-475D-853B-1B246B425FA5}\41.0.2272.89_40.0.2214.115_chrome_updater.exe

2015-03-12 01:05:24 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.89\41.0.2272.89_40.0.2214.115_chrome_updater.exe

=== C: other files ==

2015-03-18 00:30:35 C00C33ECF1273D50FA4468A4444DCEA2 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys

2015-03-17 10:47:16 AC7E21145B9348BFC1B1DEC7BC238B3F 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2015-03-16 20:32:05 5B0D6242FBC3CB511D5914DD6534C142 464491 ----a-w- C:\Users\Amy Wertsch\Desktop\AntiVirus\RootRepeal.zip

2015-03-16 03:15:33 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-415702709-262161843-781179024-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

 

==== Task Scheduler Jobs ======================

 

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/05/2015 02:00 PM]

C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/03/2013 05:02 PM]

C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/03/2013 05:02 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\AMYWER~1\AppData\Roaming\Mozilla\Firefox\Profiles\6jmizsvu.default-1422586681349

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.newtab.url", "http://www.google.com");

user_pref("browser.search.selectedEngine", "Google");

 

==== Firefox Extensions ======================

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Amy Wertsch\AppData\Roaming\Mozilla\Firefox\Profiles\6jmizsvu.default-1422586681349

C62322C77D1AAB77B1CF1130FCC3673A - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash

 

 

==== Chromium Look ======================

 

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

 

 

Chrome Hotword Shared Module - Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Google Wallet - Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Chrome Hotword Shared Module - Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Google Wallet - Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.google.com"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"




 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

 

==== HijackThis Entries ======================

 

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7222E66-2C34-48FA-8518-1A92CEC5B2D4}: NameServer = 8.8.8.8

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Amy Wertsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Amy Wertsch\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

C:\Users\Amy Wertsch\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=10 folders=2 830506 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Amy Wertsch\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Public\AppData\Local\temp emptied successfully

C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\windows\Temp successfully emptied

C:\Users\AMYWER~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Tue 03/17/2015 at 20:44:31.30 ======================
Link to post
Share on other sites
  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites
  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

So, it came back. Or something did. Opened up Chrome today (after a few days of the computer being awesome) and Sharkman Coupons was installed. Wife was using Firefox and as she typed the cursor kept jumping back and forth on her.

 

I have attached new logs of FRST. Thank you so much for helping with this!

 

PS - my microsoft security essentials (the only antivirus I'm using) isn't showing up in the bottom right tray anymore. It says it is running and I can get to it through the icon. Just a totally different random thing?

 

Is this a continued infection or is there a website that I am going to which is compromised and I need to install some other type of antivirus to stop things from getting on my system?

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites
  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Looks good for now. It did last time for a day and then all of a sudden things showed up again. Any scanners or chrome plug-ins you could recommend in case this is a website or something that I might go to again? My workplace is often a website that gets weird messages about redirects, etc. 

Link to post
Share on other sites
  • Staff

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

Thanks SO much. It all looks good. I've restarted several times now with running the installs on these things you recommended, etc and nothing has popped up. Hopefully I don't accidentally get something again. I'm generally careful, but as I said at the top I've been trying to fix a bricked Nexus 7 and that took me to a lot of modding websites and I'll just stop working on that.

Link to post
Share on other sites

Literally did not use my computer for a few days, neither did anyone in the house except for my wife checking email from work. The other browsers seem fine, but in Chrome "CouponFactor" is showing up again. It is listed as an extension and can be uninstalled from there. But this has happened before and it is still going on.

 

Is there anyway there is something else on my computer, or is this inside Chrome and I've got to just completely empty out chrome's settings, temp, etc?

 

BTW, the files from a minute ago are attached.

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Staff

Let's try this:
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Thanks. It looks good at the moment. I'll let you know if a few days if something comes back. Looks from the fix log like you think this is only in Chrome and whatever was on my system is completely gone.

 

BTW, I am running adblockpus, the Malbytes Exploit, Windows Security, and did a scan with Malbytes and nothing came up with any of those while it was infected.

Fixlog.txt

Link to post
Share on other sites

Two days later and now "WorldWideWebCoupon" is installed in chrome.

 

I will admit I may have been sabotaging myself before as I was uninstalling the extension before you fixed it, thinking that there was something deeper wrong. The extension made it so I couldn't go anywhere. But now I'm here on firefox and chrome still is messed up.

Addition.txt

FRST.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.