champkind
-
Posts
6 -
Joined
-
Last visited
-
Everything seems fine, but you would know better than I. Thanks for all your help!
-
Here is the contents of the AdwCleaner logfile: # AdwCleaner v2.300 - Logfile created 05/09/2013 at 02:25:55 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : HELEN - HELEN-PC # Boot Mode : Normal # Running from : C:\Users\HELEN\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Users\HELEN\AppData\Local\APN Folder Deleted : C:\Users\HELEN\AppData\LocalLow\AskToolbar Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=102809&gct=hp --> hxxp://www.google.com -\\ Google Chrome v26.0.1410.64 File : C:\Users\HELEN\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2299] : homepage = "hxxp://www.ask.com/?l=dis&o=102809cr&gct=hp", ************************* AdwCleaner[R1].txt - [3346 octets] - [09/05/2013 02:11:27] AdwCleaner[R2].txt - [3406 octets] - [09/05/2013 02:12:02] AdwCleaner[s1].txt - [3442 octets] - [09/05/2013 02:25:55] ########## EOF - C:\AdwCleaner[s1].txt - [3502 octets] ########## And for SecurityCheck: Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Adobe Reader XI Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
-
# AdwCleaner v2.300 - Logfile created 05/09/2013 at 02:11:27 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : HELEN - HELEN-PC # Boot Mode : Normal # Running from : C:\Users\HELEN\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Users\HELEN\AppData\Local\APN Folder Found : C:\Users\HELEN\AppData\LocalLow\AskToolbar Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=102809&gct=hp -\\ Google Chrome v26.0.1410.64 File : C:\Users\HELEN\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.2299] : homepage = "hxxp://www.ask.com/?l=dis&o=102809cr&gct=hp", ************************* AdwCleaner[R1].txt - [3225 octets] - [09/05/2013 02:11:27] ########## EOF - C:\AdwCleaner[R1].txt - [3285 octets] ##########
-
I deleted the files with RogueKiller and ran ComboFix Here is the ComboFix log: ComboFix 13-05-08.02 - HELEN 09/05/2013 1:39.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8125.6248 [GMT 1:00] Running from: c:\users\HELEN\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\HELEN\AppData\Roaming\070513fdc.exe c:\users\HELEN\Documents\~WRL0003.tmp c:\users\HELEN\Documents\~WRL0005.tmp c:\users\HELEN\Documents\~WRL1777.tmp c:\users\HELEN\Documents\~WRL1828.tmp c:\users\HELEN\Documents\~WRL3394.tmp . . ((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 ))))))))))))))))))))))))))))))) . . 2013-05-09 00:42 . 2013-05-09 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-09 00:04 . 2013-05-09 00:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C160479-6A17-4E42-BDD5-89C7E1571155}\offreg.dll 2013-05-08 21:53 . 2013-05-08 21:54 -------- d-----w- c:\program files\CCleaner 2013-05-08 15:07 . 2013-05-08 15:07 -------- d-----w- c:\programdata\RELOADED 2013-05-08 13:37 . 2013-05-08 15:00 -------- d-----w- c:\program files (x86)\Paradox Interactive 2013-05-08 13:37 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-05-08 13:37 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-05-08 13:37 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2013-05-08 13:37 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2013-05-08 13:29 . 2013-05-08 13:29 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-05-08 13:29 . 2013-05-08 13:36 -------- d-----w- c:\users\HELEN\AppData\Roaming\DAEMON Tools Lite 2013-05-08 13:29 . 2013-05-08 13:29 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2013-05-08 13:28 . 2013-05-08 13:36 -------- d-----w- c:\programdata\DAEMON Tools Lite 2013-05-08 13:27 . 2013-05-08 13:27 -------- d-----w- c:\programdata\DAEMON Tools Ultra 2013-05-08 13:26 . 2013-05-08 13:26 -------- d-----w- c:\program files\WinRAR 2013-05-07 23:56 . 2013-05-07 23:56 -------- d-----w- c:\users\HELEN\AppData\Roaming\Malwarebytes 2013-05-07 23:56 . 2013-05-07 23:56 -------- d-----w- c:\programdata\Malwarebytes 2013-05-07 23:56 . 2013-05-07 23:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-07 23:56 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-07 23:56 . 2013-05-07 23:56 -------- d-----w- c:\users\HELEN\AppData\Local\Programs 2013-05-07 10:27 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C160479-6A17-4E42-BDD5-89C7E1571155}\mpengine.dll 2013-05-04 18:55 . 2013-05-06 05:16 -------- d-----w- c:\users\HELEN\AppData\Roaming\vlc 2013-05-04 18:53 . 2013-05-04 18:53 -------- d-----w- c:\program files (x86)\VideoLAN 2013-05-02 07:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2013-04-30 20:40 . 2013-04-30 20:52 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-04-30 20:40 . 2013-05-08 22:23 -------- d-----w- c:\program files (x86)\Steam 2013-04-25 04:45 . 2013-04-25 04:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-25 04:45 . 2013-04-25 04:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-25 04:45 . 2013-04-25 04:45 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-25 04:45 . 2013-04-25 04:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-25 04:45 . 2013-04-25 04:45 -------- d-----w- c:\program files (x86)\Java 2013-04-25 04:43 . 2013-04-25 04:43 -------- d-----w- c:\programdata\McAfee 2013-04-24 14:16 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 21:07 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 21:07 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 21:07 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 21:07 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 21:07 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 21:07 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 21:07 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 21:07 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 21:06 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 21:06 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 21:06 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 21:06 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 21:06 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 21:06 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 06:06 . 2013-01-08 15:47 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-11 11:43 . 2013-01-11 01:01 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-02 11:34 . 2013-04-02 11:34 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-02 11:34 . 2013-04-02 11:34 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-02 11:34 . 2013-04-02 11:34 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-02 11:34 . 2013-04-02 11:34 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-02 11:34 . 2013-04-02 11:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-02 11:34 . 2013-04-02 11:34 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-02 11:34 . 2013-04-02 11:34 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-02 11:34 . 2013-04-02 11:34 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-02 11:34 . 2013-04-02 11:34 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-02 11:34 . 2013-04-02 11:34 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-02 11:34 . 2013-04-02 11:34 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-02 11:34 . 2013-04-02 11:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-02 11:34 . 2013-04-02 11:34 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-02 11:34 . 2013-04-02 11:34 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-02 11:34 . 2013-04-02 11:34 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-02 11:34 . 2013-04-02 11:34 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-02 11:34 . 2013-04-02 11:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-02 11:34 . 2013-04-02 11:34 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-02 11:34 . 2013-04-02 11:34 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-02 11:34 . 2013-04-02 11:34 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-02 11:34 . 2013-04-02 11:34 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-02 11:34 . 2013-04-02 11:34 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-02 11:34 . 2013-04-02 11:34 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-02 11:34 . 2013-04-02 11:34 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-02 11:34 . 2013-04-02 11:34 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-02 11:34 . 2013-04-02 11:34 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-02 11:34 . 2013-04-02 11:34 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-02 11:34 . 2013-04-02 11:34 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-02 11:34 . 2013-04-02 11:34 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-02 11:34 . 2013-04-02 11:34 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-02 11:34 . 2013-04-02 11:34 441856 ----a-w- c:\windows\system32\html.iec 2013-04-02 11:34 . 2013-04-02 11:34 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-02 11:34 . 2013-04-02 11:34 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-02 11:34 . 2013-04-02 11:34 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-02 11:34 . 2013-04-02 11:34 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-02 11:34 . 2013-04-02 11:34 235008 ----a-w- c:\windows\system32\url.dll 2013-04-02 11:34 . 2013-04-02 11:34 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-02 11:34 . 2013-04-02 11:34 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-02 11:34 . 2013-04-02 11:34 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-02 11:34 . 2013-04-02 11:34 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-02 11:34 . 2013-04-02 11:34 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-02 11:34 . 2013-04-02 11:34 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-02 11:34 . 2013-04-02 11:34 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-02 11:34 . 2013-04-02 11:34 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-02 11:34 . 2013-04-02 11:34 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-02 11:34 . 2013-04-02 11:34 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-02 11:34 . 2013-04-02 11:34 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-02 11:34 . 2013-04-02 11:34 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-02 11:34 . 2013-04-02 11:34 102912 ----a-w- c:\windows\system32\inseng.dll 2013-02-12 05:45 . 2013-03-13 19:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 19:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 19:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 19:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 19:25 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 19:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-20 23:46 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-01-24 19:18 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-04-19 1631144] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-01-24 1646216] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896] R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 35104] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-12 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-08 283200] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-23 23912] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-20 320040] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-11 11:41 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:47] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com/?l=dis&o=102809&gct=hp mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files (x86)\TurboTax 2012\ic2012pp.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-09 01:44:39 ComboFix-quarantined-files.txt 2013-05-09 00:44 . Pre-Run: 584,544,063,488 bytes free Post-Run: 584,720,711,680 bytes free . - - End Of File - - C3463621D1BC2C4C8ADF7728E2D3248F
-
Thanks for the response! My apologies about the quotes, I incorrectly assumed it would make it easier to read. The software you linked killed the keylogger process even before I had accepted the EULA agreement. Just thought I should note that I didn't actively remove anything. Here is the Rogue Killer report: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : HELEN [Admin rights] Mode : Scan -- Date : 05/09/2013 01:10:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] 070513fdc.exe -- C:\Users\HELEN\AppData\Roaming\070513fdc.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : sofupdate (C:\Users\HELEN\AppData\Roaming\070513fdc.exe) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2747743748-1062559249-1395562895-1004[...]\Run : sofupdate (C:\Users\HELEN\AppData\Roaming\070513fdc.exe) [-] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6476GSX ATA Device +++++ --- User --- [MBR] 88cb8fbc1538a4c83326b57fd3d2272c [bSP] 332b1f86341ff74dd448e20ab146b02b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 356 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 731136 | Size: 610122 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05092013_02d0110.txt >> RKreport[1]_S_05092013_02d0110.txt
-
Hi. Firstly, I'd like to say thanks in advance. I'll just give whoever's reading this a quick rundown of all I've done up to this point in case it is relevant. I was checking my current processes in task manager, when I noticed one I did not recognize, "070513jdc.exe". Couldn't kill the process (access denied), and cannot open the properties or open the file location. So I ran a quick scan, which came up with 15 files: 1 Trojan.Agent, 1 Backdoor.Agent.DC, and the rest were the logs from the keylogger (Stolen.Data). I quarantined and removed the aforementioned files, and was prompted to restart, which I did. Upon restarting, the keylogger was still running, so I did another two scans (Quick and Full) which both came up with one Malware.Trace a registry key. I removed all registry entries that contained the string "070513jdc" using regedit (there were 3, IIRC, possibly 4), and restarted again (I knew it was a long shot since there were bound to be ones that didn't contain the string, but I thought it worth a try, since I was a little frustrated at this point. Probably wasn't, in hindsight). And that's where we are now; I have not made any file changes since restarting other than downloading dds.scr. DDS.txt: Attach.txt: Thanks again, if there's anything else you need from me, please ask. I'll be refreshing the thread every 5 minutes or so; don't particularly want to log in to my email with the keylogger still running.