Jump to content

I have no idea what's wrong but I am getting Many problems.


Recommended Posts

This is happening

IhEAXwL.png

 

 

 

so I thought it might be a hijack or I don't know.

 

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:08:10 PM, on 28/06/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16611)

 

FIREFOX: 21.0 (en-US)

Boot mode: Normal

 

Running processes:

C:\Windows\vVX1000.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\TiltWheelMouse.exe

E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe

C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

E:\User\Momo\Applications\IDM\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGo.exe

C:\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe

E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

E:\User\Momo\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN22028586212056342&UM=2&ctid=CT3282812

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Zoomex - {B50DCC8E-967D-5B39-6447-E16D9DB46A80} - C:\ProgramData\Zoomex\5103e418938e6.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession

O4 - HKLM\..\Run: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iDMan] E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Hyperdesktop] C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series"

O4 - HKCU\..\Run: [skypeVoiceChanger] E:\User\Momo\Applications\VoiceMaster\New Folder\SkypeVoiceChanger.exe /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Policies\Explorer\Run: [Microsift] C:\Program Files (x86)\Update.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: LOLRecorder.lnk = E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe

O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe

O8 - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm

 

 

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 18380 bytes

Edited by Maurice Naggar
Link to post
Share on other sites

Hello and welcome to the MalwareBytes forums.

My name is Maurice Naggar.

I will be helping you.

Please be sure you do not use Quote boxes or Code boxes to enclose any logs I ask for.

Otherwise, you actually make it harder for me to view.

Hijackthis is very rarely used these days, plus, our forum requires that you do the DDS tool-report.

While I am helping you, do not run any tools on your own; nor make changes to this system.

If the issue is related to cookies, they are not malware.

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Step 2

To Reset Firefox to its default state:

Start Firefox

in the address bar, type in

about:support

Click on the Reset Firefox button at top right of screen.

While in Firefox, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Still in Firefox, on main menu, choose Tools >>> Options

click the General tab

Under the Downloads block

IF the SAVE files to is selected, then Click on (to select) Always ask me where to save files

Then press OK button

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

To show all files:

    • Press Windows-key +E key on your keyboard to start Windows Explorer.
    • From the Windows Explorer menu bar options, Select Tools, then Folder Options.
    • Next click the View tab.
    • Locate and uncheck Hide file extensions for known file types.
    • Locate and uncheck Hide protected operating system files (Recommended).
    • Locate and click Show hidden files and folders and drives.
    • Click Apply > OK.

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.The tool will open and display information and disclaimer in a Command prompt window.I'd suggest you close all internet browsers at this point.Press a key on keyboard to start scanning your system.Please be very patient as this will take several minutes to complete, depending on your system's specifications.There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.Please post the contents of JRT.txt into a new reply.

Step 6

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.

If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

If an infected file is detected, the default action will be Cure, click on Continue.

TDSSKillerMal-1.png

If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

TDSSKillerCompleted.png

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 7Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or

>> from here <<

Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.

Wait until Prescan has finished ...Then Click on Scan button at upper right of screen.Wait until the Status box shows "Scan Finished"Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKillerDo NOT click any FIX buttons !

Step 8

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

the contents of C:\Jrt.txt;the contents of TDSSKILLER log;the contents of RKReport log;Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by Momo on 29/06/2013 at 10:34:01.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3282812

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3298573

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3A9C6299-BFE1-4D4B-BB80-15BE29FB52AA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9C677D72-CE23-4BDC-97C2-763346EC6E09}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9C677D72-CE23-4BDC-97C2-763346EC6E09}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\end"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\ProgramData\zoomex"

Successfully deleted: [Folder] "C:\Users\Momo\AppData\Roaming\babylon"

Failed to delete: [Folder] "C:\Users\Momo\AppData\Roaming\wondershare"

Successfully deleted: [Folder] "C:\Users\Momo\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Momo\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\Momo\appdata\local\wondershare"

Successfully deleted: [Folder] "C:\Users\Momo\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Momo\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Failed to delete: [Folder] "C:\Program Files (x86)\wondershare"

Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"

Successfully deleted: [Folder] "C:\Program Files (x86)\zoomex"

Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\Wondershare"

Successfully deleted: [Folder] "C:\Users\Momo\AppData\Roaming\microsoft\windows\start menu\programs\free ride games"

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{000C6AAC-8454-4F32-A861-66EA0A79C2EE}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{0CCE81CC-FA9D-40D1-9E8D-39066FFC973F}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{0D398974-E116-4483-9995-8561A1AC6BCF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{0E414B6C-6023-4B4A-8CDF-8F18A7AA8D4C}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{152B6772-BFBE-4EB3-A77E-F034F9539FDF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{1727A492-22E3-4513-8C85-85E4EB68199C}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{1A4E3088-CB61-4176-9323-7036C904DDE1}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{22C1AA1E-4EA9-441B-9D56-130D926609AB}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{28483D43-99FB-456E-85C4-D2D41B9619E9}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{29A29744-6636-4A63-B186-25A0D2ECC915}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{2D9CB753-91FF-4012-9275-A6510A64A3C8}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{32153DAC-F2BC-426C-91F9-2A29F55BA429}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{3970E871-DC61-48E7-B124-746E39ADB8E7}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{3A2F8D15-64FD-412D-8563-2050824B9BF8}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{3D4401B1-B806-4F70-AD88-5141F645D264}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{43102F33-8D23-4665-AC74-5196EE0CA8E5}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{48165CAA-65B8-4506-BB94-E92BD0332571}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{48178D68-80F5-44A7-8037-FCB5C9F95018}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{4D5B1B0A-E649-48AD-A981-72F24790C717}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{4EF01A4A-B1A3-431D-BD14-C4FDC5366082}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{4FCACF68-0C62-4BBF-B191-3BFF062F3D5C}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{53651E5D-531F-414C-A7EC-216829305F9F}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{551E717C-7BCB-42DE-A497-5CD83C2A93CE}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{56C654A5-BC28-4169-A79C-EE42386B741E}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{57DB88AB-A56A-4EED-A722-173BC089F2F8}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{5A5D8F19-558D-4733-94A9-5FE6EC51D164}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{5DF8C9D3-8CD1-4233-955B-59908C508894}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{61EE3C46-BBC6-45F1-996D-644378CB2C5F}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{64C1230F-552E-432A-A4CB-A16C0BA09441}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{65995AED-0760-4C97-A0EB-CC6D730BEFA9}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{67DEDA26-966E-4BBC-8DA0-76D42B12389A}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{69A559B1-701E-47FA-BCBB-E7BFEAD395DB}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{6CD5744D-AEC3-467D-80B3-8CA0B2E85748}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{6E06C805-E9F6-4481-B103-094B02409459}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{70843649-C557-455C-B73E-21045A3003F9}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{7596E2BE-CFA1-48D5-9B7E-769FF6D2359D}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{76CD9145-9DA3-42C0-9446-D22B47FCD8EF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{78273DA8-F90E-49D0-91AD-71B22A67A029}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{78647C35-CFC1-4331-B4C6-93C7338AA8A3}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{7D53DE96-6F48-4268-86FB-57B761BFEA09}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{7FA4F796-C2C2-432E-BEF1-EA89D50D0257}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{7FEA4805-24ED-482D-91C1-EFE6E001F897}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{841D2094-4CF8-4D4D-A378-BAF8592723A1}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{8431D3AF-921C-44FE-B798-143B9245CB99}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{88FA37C1-5C7C-4202-831C-F727BDA31463}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{897DB803-6817-4C4A-87E5-08AFE187508F}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{89AD7953-7D23-4EFF-BD2E-995699775A51}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{89BDB946-45C2-4732-A1AF-4C8100DAB704}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{8C1D0355-6CF7-449C-9BE1-ACAFCEED5E5B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{8F8A2059-1618-42E9-9818-C29735B7A47B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{90459BEA-9996-4F68-8513-D92D8A28FC46}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{930FD25A-7EB7-4E7C-AF30-CB98C057B588}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{9A3BF137-2182-4105-AB1A-257EA2E61009}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{9A6FCF28-026C-4EE0-80B1-20A02FE0942F}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{9B6CC937-B56A-4A3A-8FA0-0DF8D5A2D46B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{9D557BBE-9C0B-4DB2-9584-AEB99730A845}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{A351E690-50F1-4C80-BFCB-DA393F36CC03}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{A6EF58B1-E10C-4510-8295-94F3D4CE5FDF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{ABC3E04D-D2FC-4B64-8F72-708E9EA6E9A8}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{AEFB2BFF-7214-4875-B631-B3B7EA96D947}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{B2AF60D9-051B-478C-850C-1EF910BA1AC5}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{B484BF11-3E46-47F0-B343-322D42CDFAC9}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{B85839EF-6C4C-4A11-8E1A-4F823EC5E015}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{B96B9124-AD55-4805-9C33-94D2CD8E9BAE}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{C506F7C6-582D-47B4-BFF7-902CCE73DE6E}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{C5217AF9-6438-4F68-82A6-F372D20939DF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{C5456B39-4A8D-4033-A46D-4F05EDAC2C2B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{C5B91C16-3E5E-4A5C-8AC5-6FD84496A565}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{CA49ED6A-9F79-4185-83FC-6DADEFDA97ED}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{CB92F980-F33C-480B-AEAC-8E45D558660D}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{D0A41FF3-BF35-4A96-BE44-3B0E04177C32}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{D0C28C32-CB57-4B9C-A43D-D372E7E94F0D}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{D0EF02FE-38F9-4CD9-BE2A-085EA02E5ADD}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{DA68FB17-0D06-4108-89B6-9B1DC52F14C8}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{DF2ED193-FBA2-4BE0-89D8-77394ADF29C0}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{DFC90D98-2820-4EFD-A547-AD6EE2493EDA}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{E00D18E6-1587-4873-8AC7-06CB5BA96AEF}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{E1F69476-42A6-4FFA-868F-E9D4AE0715A5}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{E4032C73-A98C-4485-9A93-B97C051F6970}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{E60AF29F-039A-453B-B49B-4346BB9C2B9C}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{EAB87914-B953-455B-96DE-9E0B2D67FF5C}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{EB62F8D7-4C91-403F-B2AF-B6072436D8D6}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{EB813DA4-85C4-4A7B-A551-E3F799DEF72B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{ED2B8784-9DAB-4C9B-88B0-6D186F1E5CD3}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{EE6329B2-664A-4124-B1D5-55FBD3293406}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{F0A7EC5B-3D60-47FE-B0C4-67DC787BDDF1}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{F588383C-ABF8-4D8A-B067-C1343945A80B}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{F8E93F42-3C75-4CB6-AE6B-22E2923AFDF4}

Successfully deleted: [Empty Folder] C:\Users\Momo\appdata\local\{FD8726D6-4293-45D9-8FF2-F5BD95C3C11F}

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/06/2013 at 10:37:54.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 


10:49:47.0686 5452  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:49:48.0112 5452  ============================================================

10:49:48.0112 5452  Current date / time: 2013/06/29 10:49:48.0112

10:49:48.0112 5452  SystemInfo:

10:49:48.0112 5452  

10:49:48.0112 5452  OS Version: 6.1.7601 ServicePack: 1.0

10:49:48.0112 5452  Product type: Workstation

10:49:48.0112 5452  ComputerName: MOMO-PC

10:49:48.0112 5452  UserName: Momo

10:49:48.0112 5452  Windows directory: C:\Windows

10:49:48.0112 5452  System windows directory: C:\Windows

10:49:48.0112 5452  Running under WOW64

10:49:48.0112 5452  Processor architecture: Intel x64

10:49:48.0112 5452  Number of processors: 4

10:49:48.0112 5452  Page size: 0x1000

10:49:48.0112 5452  Boot type: Normal boot

10:49:48.0112 5452  ============================================================

10:49:48.0267 5452  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:49:48.0267 5452  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:49:48.0267 5452  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:49:48.0270 5452  ============================================================

10:49:48.0270 5452  \Device\Harddisk0\DR0:

10:49:48.0270 5452  MBR partitions:

10:49:48.0270 5452  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800

10:49:48.0270 5452  \Device\Harddisk1\DR1:

10:49:48.0270 5452  MBR partitions:

10:49:48.0271 5452  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:49:48.0271 5452  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352800

10:49:48.0271 5452  \Device\Harddisk2\DR2:

10:49:48.0479 5452  MBR partitions:

10:49:48.0479 5452  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

10:49:48.0479 5452  ============================================================

10:49:48.0482 5452  C: <-> \Device\Harddisk0\DR0\Partition1

10:49:48.0517 5452  E: <-> \Device\Harddisk1\DR1\Partition2

10:49:48.0521 5452  F: <-> \Device\Harddisk2\DR2\Partition1

10:49:48.0521 5452  ============================================================

10:49:48.0521 5452  Initialize success

10:49:48.0521 5452  ============================================================

 

 

 

 

 

 

 

 

 

 

 


RogueKiller V8.6.1 [Jun 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Momo [Admin rights]

Mode : Scan -- Date : 06/29/2013 10:53:24

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] hyperdesktop.exe -- C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2117279006-2250545515-668574822-1000\[...]\Run : Hyperdesktop (C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [-]) -> FOUND

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ATA KINGSTON SVP200S SCSI Disk Device +++++

--- User ---

[MBR] f2d75764c7c47cf62892996a23628a5f

[bSP] 0450fd1626b6e628898b62e3926b9b85 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1:  +++++

--- User ---

[MBR] 376bf1e1c31dddadf3c69a8d9004bf92

[bSP] 8a544dab3b61e158f83161426581c5e0 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2:  +++++

--- User ---

[MBR] c533c2c5b66da6de4ee3e2500f89fe16

[bSP] a623289173df718b2c44d633de19700c : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_06292013_105324.txt >>

 

 

 

 


Link to post
Share on other sites

The Roguekiller may list several items, but it does not mean that all of them are malicious.

That is why we review first.

Do a Quick scan with MBAM:

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted modifications

and select "Do not show in results list" from the drop down (arrow) selections.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply.

2

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

The safety scanner log should be called msert.txt

It should be located in the same folder as where you had msert.exe

If not there, then look for it under c:\windows

3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:

    Drweb-cureit-1_zps34a2f747.gif

    Click the checkbox to participate, and then click on Continue button.

  • Next

    Drweb-cureit-2_zpsee7bdcb6.gif

    Click on Select onjects for scanning

  • Next

    Drweb-cureit-3_zps137b4332.gif

    Put a checkmark by clicking on the boxes as shown.

    Do not select Temporary files or System Restore points.

    Then click on Start scanning button

  • The scan in progress will be shown like this

    Drweb-cureit-4_zps211037d0.gif

  • IF something is detected, you will see a screen similar to this

    Drweb-cureit-5_zpsd7be6acf.gif

    For each item "detected", click on the Action column down arrow, like this

    Drweb-cureit-8_zpsb099f9d5.gif

    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.

    Typically, you will keep the Cure default.

    Then click on the Neutralize button.

  • When the actions are completed, you will see this

    Drweb-cureit-7_zpsd290a127.gif

  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.

    Save the report to your desktop. The report will be called Cureit.log

  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
Re-Enable your antivirus program when all done.

Make sure you tell me, How is the system now ?

Link to post
Share on other sites

 Drweb-Cure has found no thread, and I couldn't find the log.

 

 

but here is the Microsoft Safety Scan

 

 

I actually just realized that Chrome takes much less time to start (it's back to its normal speed!)

 

 
---------------------------------------------------------------------------------------
 
Microsoft Safety Scanner v1.0, (build 1.153.905.0)
Started On Sat Jun 29 12:18:02 2013
 
Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Jun 29 12:24:56 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Safety Scanner v1.0, (build 1.153.905.0)
Started On Sat Jun 29 12:25:45 2013
Microsoft Safety Scanner Finished On Sat Jun 29 12:25:49 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Safety Scanner v1.0, (build 1.153.905.0)
Started On Sat Jun 29 12:25:52 2013
 
Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Jun 29 12:29:43 2013
 
 
Return code: 0 (0x0)
 

mbam-log-2013-06-29 (12-19-28).txt

Link to post
Share on other sites

Always be very explicit in stating all details on the issue at hand.

Have you deleted all temporary internet & cache files in each one of your browsers?

If not, please do that.

It also appears you need to update your Firefox browser to the latest version.

if Chrome is "freezing" in standard mode:

You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.

First, close any prior instances of Chrome via Task Manager.

Then press Windows-key+R for the RUN option and then put a command line similar to this {adjusting for -your- Login account}

C:\Users\<Your-login>\AppData\Local\Google\Chrome\Application\chrome.exe -incognito

This is valid for Vista, Win 7, Win 8. {Win XP will be slightly different}.

For Windows XP, use this:

C:\Documents and Settings\Momo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -incognito

Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it.

Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}.

Other suggestions, for Chrome, while Chrome is running:

Press & hold SHIFT+CTRL+Del keys to get menu for clearing browing data:

Check Empty the cache

Delete cookies and other site and plug-in data

and press Clear browsing data button

Still in Chrome, press ALT+F then Settings

Click Extensions on the left.

Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Review and do the section titled "Check For Conflicting Software" at the How-To-Geek article

http://www.howtogeek.com/135300/how-to-troubleshoot-google-chrome-crashes/

fyi, the general Google Chrome help online http://support.google.com/chrome

Lastly,

IF Chrome browser is still having problems {assuming it is the one at issue}

then Uninstall Chrome, and logoff & Restart system, then next

get and install the latest new released version of Chrome browser.

Note: Once I rule out malware, I will need to point you elsewhere for any non-malware issue.

The charter of this sub-forum is on malware issues.

Link to post
Share on other sites

The first issue (cache) happened to me twice, The first time I was making a purchase on NCIX.ca, and the item wouldn't go to the shopping card and I was redirected to the picture shown in the first post. I thought it was a bug on their website, so informed them but a few days later, it happened on McAfee. I was trying to get some live support, I was getting redirected to the Set-Cookie page. 

 

It all started to happen randomly, I have absolutely no idea what happened.

 

 

The second issues (streams not working on TwitchTV), I had Bell Internet Security and I felt like it was good enough and didn't need to upgrade to mcAfee, then my PC started slowing down and I thought that there must be like a virus or something as it just wouldn't launch at some point. I went in safe mode and installed McAfee, then installed malwarebytes shortly after. I ran scans, and quarantines/deleted the files. 

 

 I hadn't been on TwitchTV while installing and running the scans, so a few days later, the videos would just load, go grey and smaller popup would say "loading".

 

 

 

 

 

Also, a few weeks ago, my Windows Firewall and services would also turn off. I changed the permissions on regedit to make them work.. 

Link to post
Share on other sites

Did you completely uninstall the previous antivirus-security suite before installing the replacement?

A "antivirus-security" package from your ISP are typically slimmed-down versions of McAfee or such.

In a similar situation, it is far better to have got the free a-v from Avira, or Avast, or MSE.

I would suspect that by your sequence of installs, you may well have unintentionally, but most likely, got things really "messed up".

You may well be facing a need for a Erase / wipe clean / and reload Windows and all your applications from scratch.

That may be the safest thing to do. It may also be the quickest way too. {Otherwise, you will be in here for longer }

Let's have you get a set of reports.

Download OTL by OldTimer to your desktop:

http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Then run OTL

(for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.

In the lower right corner, checkmark "LOP Check" and checkmark Purity Check".

Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes or so. In any event, have lots of infinite patience.

It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.

Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe

Run Security Check

Follow the onscreen instructions inside of the command window.

A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then attach the following into your post

OTL.txt

Extras.txt

checkup.txt

Link to post
Share on other sites

It appears that you ran Combofix (on your own) on or about 30 June.

Kindly attach the C:\Combofix.txt in a next reply for my review.

I'd like for you to refrain from running any tools or fixes on your own.

Otherwise, we will be out of sync.

Let me know if at any recent time you ran any sort of "registry cure / registry cleaner" utility.

If so, tell me which.

Download and Save each one of the following files to your Desktop

http://www.winhelponline.com/fileasso/reg_fix_w7.zip

http://www.winhelponline.com/fileasso/html_fix_w7.zip

http://www.winhelponline.com/fileasso/txt_fix_w7.zip

Now, un-zip (extract contents) of each one of these, 1 by 1, to the Desktop

Press Windows-key +R key (to get RUN option), type in

REGEDIT.exe

and press Enter-key

Regedit will start.

from main menuof Regedit, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in reg_fix_w7.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done. Close/Exit REGEDIT.

Next Right-click on html_fix_w7.reg and select to Merge.

Next Right-click on txt_fix_w7.reg and select Merge.

NEXT:

Download and Save to your Desktop

http://download.bleepingcomputer.com/win-services/7/Winmgmt.reg

Then Right-click on winmgmt.reg and select Merge.

When all are done, do a Logoff and Restart Windows fresh.

IF Chrome browser continues to have an issue, then Uninstall Chrome, restart Windows fresh, and then do a new install of Chrome.

IF Firefox browser continues to have an issue, then Uninstall Firefox, restart Windows fresh, and then do a new Firefox install.

NEXT:

I need to point out that out-of-date Java runtimes are on this system.

Java 7 Update 21 >> Uninstall it if found in Control Panel >>Programs and Features

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

A: If you decide to keep Java:

The Java runtime components are typically located at

C:\Program Files (x86)\Java\jre7\bin

Locate javacpl.exe the Java control panel.

Right click and select Open

Click on the Update tab

Put a checkmark at "Check for updates automatically"

On the General tab, under Temporary Internet Files, click the Settings button.

Next, click on the Delete Files button

Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

Click OK to leave the Temporary Files Window

Click on the Advanced tab

Expand Miscellaneous:

Un-check "place Java icon in system tray"

Un-check "Java quick starter"

Exit/close

You need to remove older versions of Java runtime. Do this:

Download & Save to your Desktop or a new folder http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download]Javara.zip

Extract the contents of the zip file. Then double click Javara.exe to run it.

JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

B: If you want to disable Java in your browser:

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

http://www.slate.com/blogs/future_tense/2013/01/14/java_zero_day_exploit_don_t_patch_just_disable_java_in_your_browser.html

As noted by Brian Krebs,

"Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin."

Also see How to protect your computer against dangerous Java Applets

http://blogs.technet.com/b/mmpc/archive/2013/04/16/how-to-protect-your-computer-against-dangerous-java-applets.aspx

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.