Jump to content

Unable to remove Hijack.Homepage


Recommended Posts

Hello, I have recently ran Malwarebytes normally in Quick Scan and then waited a while and came across some kind of malicious software called Hijack.Homepage. So I've decided to remove it and then it told me to restart to remove it. So I did, and after my system restarted I wanted to make sure if it's gone so I scanned it again and then, the same software popped up. So I removed, restarted, scanned again and it's still there. So for a while I've did the same thing over and over again like a maniac and nothing really changed. I've also scanned with Norton 360 and then after the scan the Hijack.Homepage hasn't been detected.

----(This is a copy of my old topic to put in my new topic when I've been told to follow instructions for help. I'm not sure if I'm doing this right, but if I'm not, tell me and I'll do this over again if that's necessary. I ran the DDS thing too.)----

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2

Run by Kaito at 20:05:59 on 2013-08-12

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3985.2450 [GMT -7:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\dashost.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\ThumbnailExtractionHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Social Privacy: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Social Privacy\sp.dll

BHO: GetSavin 5.0: {234A9E47-9106-4234-90B2-31578D0C61F0} - C:\Users\Kaito\AppData\Local\getsavin\ie\getsavin_1367543402.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Kaito\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll




TCP: NameServer = 66.228.116.178,66.228.116.179

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\34C6561627023507F64702731653 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\3516D63757E676027416C6168797023502430273737303 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\373777D2775607D2930353364313 : DHCPNameServer = 192.168.111.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\433454637363530343346383F574 : DHCPNameServer = 192.168.11.1

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\458656445647271686 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{56561E9A-F59D-47BA-9940-16357BEC837D}\458656445647271686D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{97e1de57-d6fa-11e1-be62-806e6f6e6963} : NameServer = 66.228.116.178,66.228.116.179

TCP: Interfaces\{99B0C13C-268F-41B8-8AF5-A89FA551E21E} : NameServer = 66.228.116.178,66.228.116.179

TCP: Interfaces\{A5D00EBB-BF42-46F5-B35D-A7969F2F3801} : NameServer = 66.228.116.178,66.228.116.179

TCP: Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979} : NameServer = 66.228.116.178,66.228.116.179

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kaito\AppData\Roaming\Mozilla\Firefox\Profiles\0qnpsnz3.default\


FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kaito\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kaito\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Kaito\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Kaito\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Kaito\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-22 21:18; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-07-05 23:36; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn

FF - ExtSQL: 2013-07-05 23:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-3-28 92536]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-28 98208]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-28 165760]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-6 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-6 701512]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-6-24 144368]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-28 364416]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]

R3 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1404000.028\ccSetx64.sys [2013-6-24 169048]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-25 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130810.001\IDSviA64.sys [2013-8-12 513184]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-7-6 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-28 683664]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-3-28 43832]

R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1404000.028\SymDS64.sys [2013-6-24 493656]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1404000.028\SymEFA64.sys [2013-6-24 1139800]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\Ironx64.sys [2013-6-24 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-6-24 433752]

R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]

S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\SymELAM.sys [2013-6-24 23448]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-3-28 266896]

S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-3-28 41272]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]

S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-4-1 23552]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2013-08-13 02:10:28 -------- d-----w- C:\Users\Kaito\AppData\Roaming\KravenManor

2013-08-11 02:34:57 -------- d-----w- C:\Users\Kaito\AppData\Roaming\ExpressFiles

2013-08-11 01:55:28 -------- d-----w- C:\Program Files (x86)\Kraven Manor

2013-08-10 18:59:42 -------- d-----w- C:\Users\Kaito\AppData\Local\{E1487D49-5944-40DC-A6B1-BAAD76FEEBCC}

2013-08-10 06:59:36 -------- d-----w- C:\Users\Kaito\AppData\Local\{2EFDB116-8254-4846-A211-90F391462D94}

2013-08-09 17:51:42 -------- d-----w- C:\Users\Kaito\AppData\Local\{92121D94-BA42-4578-B848-7465BD6CC11E}

2013-08-09 05:51:23 -------- d-----w- C:\Users\Kaito\AppData\Local\{450CF3E2-CF1D-4846-81E3-ADF72072FF93}

2013-08-09 01:50:50 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin

2013-08-01 17:56:22 -------- d-----w- C:\Users\Kaito\AppData\Local\{894FA263-7AA7-4E43-AF34-444E7998DF6F}

2013-07-30 02:46:40 -------- d-----w- C:\Users\Kaito\AppData\Local\{27134D7B-EFC7-47AE-B773-F7661C66EA0D}

2013-07-28 07:08:46 -------- d-----w- C:\Users\Kaito\AppData\Local\{3D83D67D-930F-49B4-A622-1F20D7B26054}

2013-07-27 13:48:27 -------- d-----w- C:\Users\Kaito\AppData\Local\{F368EDD9-AB80-4543-B94D-7407145C9F54}

2013-07-26 11:12:24 -------- d-----w- C:\Users\Kaito\AppData\Local\{E5280744-971D-4CDD-832E-06C11A5B1B3A}

2013-07-24 09:52:54 -------- d-----w- C:\Users\Kaito\AppData\Local\{732672C9-77E0-4703-8208-C7592A92C707}

2013-07-23 11:52:52 -------- d-----w- C:\Users\Kaito\AppData\Local\{7DEE44E4-7E1A-4C5E-8496-8AF4FBADDA42}

2013-07-19 10:34:11 -------- d-----w- C:\Users\Kaito\AppData\Local\{B528E6FE-FB6B-4B56-AE7C-416007DA7251}

2013-07-19 10:32:40 -------- d-----w- C:\Users\Kaito\AppData\Local\{4ABA6BD3-7203-4299-B49F-33F4315A4DE6}

2013-07-15 14:00:10 -------- d-----w- C:\Users\Kaito\AppData\Local\{5ADF4EC9-2C02-49C2-8FD9-858BB7D3BD9C}

2013-07-15 13:58:06 -------- d-----w- C:\Users\Kaito\AppData\Local\{D3F6C39A-0A57-4365-ADD7-B417758DDD3C}

2013-07-15 11:32:58 -------- d-----w- C:\Users\Kaito\AppData\Local\{432F461B-5735-4653-963E-41110EFB355D}

.

==================== Find3M  ====================

.

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-24 20:05:08 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-04 16:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-06-04 16:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe

2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-05-23 05:25:28 1139800 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys

2013-05-21 05:02:00 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\SymDS64.sys

2013-05-17 02:12:26 819440 ----a-w- C:\Windows\System32\SynCOM.dll

2013-05-17 02:12:26 351984 ----a-w- C:\Windows\SysWow64\SynCom.dll

2013-05-17 02:12:22 524016 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2013-05-17 02:12:22 192240 ----a-w- C:\Windows\System32\SynTPCo19.dll

2013-05-17 02:12:22 151280 ----a-w- C:\Windows\SysWow64\SynTPCom.dll

2013-05-17 02:12:20 264432 ----a-w- C:\Windows\System32\SynTPAPI.dll

2013-05-16 05:02:14 796760 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys

2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll

.

============= FINISH: 20:07:34.14 ===============

 

 

 

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 3/30/2013 6:07:49 PM

System Uptime: 8/11/2013 6:16:45 PM (26 hours ago)

.

Motherboard: Hewlett-Packard |  | 1854

Processor: Intel® Core i3-2328M CPU @ 2.20GHz | U3E1 | 1400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 442 GiB total, 209.735 GiB free.

D: is FIXED (NTFS) - 23 GiB total, 2.824 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP27: 7/24/2013 5:54:14 AM - Windows Update

RP28: 7/29/2013 7:18:44 PM - Windows Update

RP29: 8/6/2013 4:51:35 PM - Scheduled Checkpoint

RP30: 8/10/2013 6:56:16 PM - Installed DirectX

.

==== Installed Programs ======================

.

4 Elements II

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Alliance of Valiant Arms

Amnesia: The Dark Descent Demo 

aTube Catcher

Bandicam

Bandisoft MPEG-1 Decoder

Bejeweled 3

Bioshock Demo

Blocks That Matter Demo

Bonjour

Build-a-lot 4 - Power Source

Chuzzle Deluxe

Cradle Of Egypt Collector's Edition

Cradle of Rome 2

CrimeCraft GangWars

CyberLink LabelPrint

CyberLink Media Suite 10

CyberLink Power2Go 8

CyberLink PowerDVD

CyberLink YouCam

D3DX10

DNS Shield

Dota 2

Energy Star

Farm Frenzy

FATE: The Cursed King

Final Drive Fury

FlatOut 2

GetSavin

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker 2 Premium Edition

Half-Life 2: Demo

Hewlett-Packard ACLM.NET v1.2.0.0

Hoyle Card Games

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MyRoom

HP Postscript Converter

HP Quick Launch

HP Recovery Manager

HP Registration Service

HP Software Framework

HP Support Assistant

HP Utility Center

HP Wireless Button Driver

HyperCam 3

Intel® Management Engine Components

Intel® Processor Graphics

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Java Auto Updater

Java 6 Update 29

Jewel Match 3

John Deere Drive Green

Kraven Manor

Luxor Evolved

Mahjongg Dimensions Deluxe: Tiles in Time

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Office

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Mortimer Beckett and the Crimson Thief Premium Edition

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

Mystery P.I. - Curious Case of Counterfeit Cove

Norton 360

Peggle Nights

Penguins!

Polar Bowler

Polar Golfer

Portal 2

RaceRoom Racing Experience 

Ralink RT5390R 802.11bgn Wi-Fi Adapter

Rayman Origins

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

Reset My Browser

Roads of Rome 3

Simple Adblock

Skype Click to Call

Skype™ 6.5

Social Privacy

Soldier Front 2

Source Filmmaker

Steam

Super Crate Box

swMSM

Synaptics Pointing Device Driver

Tales of Lagoona

Team Fortress 2

Terraria

Unity Web Player

Unreal Development Kit: 2012-10

Update for Japanese Microsoft IME Postal Code Dictionary

Update for Japanese Microsoft IME Standard Dictionary

Update for Japanese Microsoft IME Standard Extended Dictionary

Update Installer for WildTangent Games App

Vacation Quest™ - Australia

War Inc. Battlezone

Warframe

WebCake 3.00

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

WinRAR 4.20 (64-bit)

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

8/10/2013 4:10:38 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Root Admin

Please uninstall all versions of Java from the control panel.  Then run the following.

 

Java Auto Updater
Java™ 6 Update 29
 
 
Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

They probably did not run because the logs show that you did not disable your Norton 360 antivirus as requested when running these tools.

 

Please fully disable your Norton 360 antivirus and try running those other tools again please.  The JRT did not run correctly either - you need to right click and choose "Run as administrator" while your Norton 360 is disabled.

 

Thanks

Link to post
Share on other sites

Thanks, you were right about the part I had to disable Norton 360. The ESET one says that there was another antivirus software detected. But there is one problem, I don't know how to disable Norton 360. I've been searching but when I followed an instruction from a forum it still says there was an antivirus software detected. I found some more about how to disable but none helped. Do you think you know a site where I can properly follow the instructions. If you don't know, I'll keep trying my best to find. (Did you think I should've posted this on a different forum? Yeah, I thought so). Sorry if I'm asking you.

Link to post
Share on other sites

  • Root Admin

http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html

 

Norton 360

  • Right click the Norton icon on your Windows application tray.
  • View the Norton 360 Control Panel that displays. You will see the Firewall enabled and Auto Protect enabled menu options checked.
  • Un-check the options for the Firewall and Autoprotect to disable Norton.
  • You will then be asked to select a time-frame for disabling the automatic protective services
  • You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
  • Choose 5 hours. If you choose forever, you will need to manually enable Norton 360 protective services at a future time.

Norton Firewall

  • Right click on Norton the icon in the systray
  • Click open the window of tasks and settings
  • Click Change advanced settings
  • Click Firewall
  • On the left side of the window parameters, perform the following operation
  • Select Off
  • Then click Apply
  • A window opens, allowing you to choose how long the firewall must be disabled
  • Choose the time and click OK. Then click Close
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.